Company News: Page (1) of 1 - 02/17/06 Email this story to a friend. email article Print this page (Article printing at page facebook

OATH Advances Roadmap for Open Strong Authentication

Endorses two new Internet Drafts to be submitted to IETF (February 17, 2006)
OATH, the initiative for Open AuTHentication, today announced that its member companies endorsed the submission of two new drafts for a 'Portable Symmetric Key Container' format and 'XKMS Provisioning of OATH Shared Secret Keys' to the Internet Engineering Task Force (IETF). This marks another milestone in OATH's mission to drive the ubiquity of strong authentication technology across all networks, applications, and devices through an open-standards-based approach.

The Portable Symmetric Key Container Internet draft defines a standard format for importing, exporting or provisioning symmetric key based credentials between different systems. With increasing use of symmetric key based authentication systems such as one time password (OTP) and challenge response systems this specification will promote vendor interoperability and enable customers to deploy best-of-breed solutions.

XKMS Provisioning of OATH Shared Secret Keys Internet draft specifies a means of bulk provisioning of symmetric keys (e.g. OATH credentials) between different systems. The specification can also be extended to support registration of symmetric keys for other cryptographic protocols. This protocol is primarily targeted towards bulk provisioning use cases that were outlined in the OATH Reference Architecture.

The following OATH members made significant contributions to these drafts:
  • ActivIdentity
  • Axalto
  • BMC Software
  • Diversinet
  • PortWise
  • VeriSign
These submissions follow the approval of an earlier OATH endorsed specification by the IETF to a RFC. In December 2005, IETF approved the Internet draft for 'HOTP: An HMAC-Based One-Time Password Algorithm' as RFC 4226. The RFC is available publicly at

Bank of America announced their satisfaction in OATH's rapid progress on its open and interoperable framework for strong authentication. The bank believes OATH's growing membership expands the range of convenient methods for authenticating Internet transactions based on consumer preferences and business requirements.

"Vendor lock-in is one of the key concerns for enterprises deploying strong authentication," said Siddharth Bajaj, Director of Advanced Products and Research at VeriSign and Chair of the Technology Focus Group for OATH. "We are excited at OATH to continue addressing this concern by delivering specifications identified in the OATH roadmap on schedule."

"By achieving its technology milestones, OATH stands as a growing and influential force in establishing specifications for an open-standards-based approach to strong authentication," said John Gunn, vice president of global marketing for Aladdin Knowledge Systems, an OATH member. "We're delighted to be a part of this industry-wide movement to make it simpler for enterprises and individuals to conduct secure online transactions and communications."

About the Initiative for Open AuTHentication
The Initiative for Open AuTHentication (OATH) is the industry's leading collaboration of device, platform and application companies, and end user customers of authentication technologies. OATH participants hope to foster use of strong authentication across networks, devices and applications. OATH participants work collectively to facilitate standards and build a reference architecture for open authentication while evangelizing the benefits of strong interoperable authentication in a networked world. As OATH grows, the organization is actively seeking feedback and technology contributions from end-user participants who share a common vision for open authentication technology and the products that provide this important measure of security.

OATH is dedicated to helping customers reduce the cost and complexity of deploying strong authentication within enterprises, and across the Internet. Since its formation, OATH's membership includes security industry leaders from token manufacturers, platform vendors, smartcard providers, and security services companies. End user companies are joining OATH to add their voice and ideas towards the goal of open authentication.

Some current OATH members include: ActivIdentity, Inc.; Aladdin Knowledge Systems; AOL; ARM; Assa Abloy ITG; Authenex, Inc.; Aventail Corporation; Axalto; BMC Software; CertiSign Digital; Checkpoint Software Technologies; Citrix Systems; Crypto Intelligence; Deepnet Technologies; Diamelle; Digital Persona; Discretix Technologies; Diversinet Corp.; DynaSig Corp.; Encentuate; Entrust Technologies, Inc.; Forum Systems, Inc.; Gemplus Corp; IBM; Identita; Identity Engines; Imprivata; iovation, Inc.; IronKey; Iteon; Juniper Networks, Inc.; K.K. Athena Smartcard Solutions; Livo Technologies SA; nCryptone; Passgo; Passlogix, Inc.; Phoenix Technologies Ltd.; PortWise, Inc.; RedCannon Security, Inc.; SafLink; SafeNet, Inc.; SanDisk; Signify; Smart Card Alliance; SPYRUS; TriCipher, Inc.; VASCO Data Security; VeriSign, Inc.; 41st Parameter; and Xelios Systems.

To join OATH, go to:

To learn more about OATH, e-mail or visit

Page: 1

Related Keywords:security, authentication, oath, RFC, standards

Content-type: text/html  Rss  Add to Google Reader or
Homepage    Add to My AOL  Add to Excite MIX  Subscribe in
NewsGator Online 
Real-Time - what users are saying - Right Now!

Our Privacy Policy --- @ Copyright, 2015 Digital Media Online, All Rights Reserved