VeriSign launches strong authentication drive

VeriSign is to create an open standards architecture for strong authentication across the internet.

VeriSign is to create an open standards architecture for strong authentication across the internet.

The initiative, called the Open Authentication Reference Architecture (Oath), is intended to replace the patchwork of proprietary products for user authentication and provisioning already used on the internet, allowing users to access services on corporate networks and the web seamlessly.

Strong authentication is a term that describes multifactor authentication, usually combining a physical item such as an access card or token with a secret password for users to access network resources.

The architecture will be 90% based on open standards such as LDAP (Lightweight Directory Access Protocol) and Radius (Remote Authentication Dial-In user Service).

The effort will also rely on co-operation from leading software and hardware makers, said Mark Griffiths, vice-president of authentication at VeriSign.

A universal authentication service launched by VeriSign as part of the Oath architecture will use VeriSign's Atlas (Advanced Transaction Look-up and Signaling) directory and database technology to provide an internet-wide authentication network service.

Atlas was developed by VeriSign and matches requests for web pages up with the internet protocol addresses of the host web servers on the company's DNS (domain name system) servers.

Using Oath, organisations can use VeriSign's Atlas service for user authentication on the public internet. Authentication is usually performed by systems running within the enterprise, Griffiths said.

Oath will solve a number of problems hampering the growth of internet commerce and new services, he added.

Problems such as online identity theft, the proliferation of insecure and unwieldy user passwords and the high cost of implementation for strong authentication technology could all be resolved with an internet-wide authentication service such as Oath.

"The internet needs a strong security architecture to reach the next level. We're at a point where we believe that, as an industry, we can create a tipping point. This is an opportunity for people to change the Internet," he said.

Hardware and software companies from  mobile phone manufacturers to identity management software makers will be able to integrate with the Oath architecture. That will encourage those companies to build open strong authentication features into their products without worrying that doing so will make it impossible for them to work with other platforms and applications.

VeriSign is working with portable device manufacturers to build open authentication tokens into their products.

In the future, users will be able to log on to a variety of services, including e-mail, web-based e-commerce sites and telecommunications services, using a common password and authentication token embedded in a portable USB device, smart card, mobile phone or PDA.

Other suppliers also signalled support for the service at RSA, including user authentication software maker ActivCard and smart card company Gemplus.

Version 1.0 of the Oath service will be launched later this year, and will work with Microsoft's Active Directory services and support hardware and software credentials such as PKI (public key infrastructure) and OTP (One Time Password authentication).

Another release will support other platforms and LDAP-compliant directory services, including those by IBM and Sun Microsystems.

Paul Roberts writes for IDG News Service

Read more on IT strategy