VeriSign launches new security standard

VeriSign Inc. has developed an open standard for strong authentication, the company said. The new Open Authentication Reference Architecture, known as Oath, will help ensure that secure credentials can be provisioned and verified by disparate software and hardware platforms.

Such a standard could encourage adoption and give IT managers better control over their security environments.

Strong authentication, a method of securing networks that combines a user ID with a software or hardware token, is seen as a next step in improving network security, but interoperability challenges have hindered adoption.

"As we've seen with personal computers, networking and other advances, ubiquitous adoption of any technology accelerates with a fundamental shift from proprietary to open architecture," said Stratton Sclavos, chief executive officer of VeriSign. "An architecture such as Oath will be a key enabler and accelerator of secure communications."

According to VeriSign, the Oath reference architecture will leverage existing protocols and technology. With Oath, device manufacturers, software vendors and service providers will be able to integrate open interfaces within their products to create interoperable solutions.

By adopting Oath, vendors and customers will have more technology choices and lower total cost of ownership, the company said. Products can be more flexible in the way they generate tokens, and end users can be validated across a variety of previously incompatible secure networks.

"Open standards-based strong authentication will enable customers in all vertical markets, including government agencies, to share more critical information over a wider boundary while increasing information security," said Michael Williams, vice president of business development for Rainbow Technologies Inc., an Irvine, Calif.-based information security company.

"Our customers want an open specification around strong authentication," said Joe Anthony, director of integrated identity management in IBM Corp.'s Tivoli Software division. "We plan to be the first to deliver an integrated identity management solution that works with Oath, giving our customers the power to provision identities to applications, operating systems and network devices."