The New Standards drafts submitted to the IETF are:
-- Transaction Fraud (Thraud) Reporting: A data-format and protocol for defining and exchanging Thraud report data. This draft extends the Incident Object Description and Exchange Format (ODEF) incident reporting format, with both in-bound and out-bound mechanisms presented. -- Provisioning Protocol: Specifying a protocol that supports the provisioning of symmetric keys, including One-Time Password (OTP) and symmetric cryptographic keys and associated attributes dynamically to previously issued forms of strong authentication devices.In addition, OATH submitted updates to two previously submitted drafts, the OATH Challenge-Response Algorithms (OCRA) and Portable Symmetric Key Container (PSKC). OCRA, which is based on the Hashed One-Time password (HOTP), describes the OATH algorithm for challenge-response authentication and signatures. The PSKC document specifies a shared secret token format for transport and provisioning of shared secrets to different types of authentication devices, allowing enterprises to deploy best-of-breed authentication solutions from multiple vendors into the same infrastructure.
"The joint efforts by the members of OATH to specify a protocol that can be freely distributed to the technical community will foster the adoption of two-factor authentication on the Internet by enabling interoperability and ease-of-deployment across multiple networks," said Siddharth Bajaj, Joint Coordination Committee Chairman of OATH. "The submission of new standards drafts, as well as updates to two previous submissions, shows the commitment OATH's members have to providing the tools necessary to create advanced security tools that protect the end user."
Bajaj was elected as Chairman of the Joint Coordination Committee at the annual OATH organizational meeting held in San Diego. Currently, Bajaj serves as a principal in the Innovation Group of VeriSign. Bajaj has been involved with OATH since its inception, serving as Co-Chair of the organization's Technology Focus Group. He holds a master's degree in Computer Science from the Georgia Institute of Technology, Atlanta. Replacing Bajaj as Co-Chair Technology Focus Group is David M'Raihi of VeriSign, joining Diversinet's Stu Vaeth, who returns for another term.
Don Malloy of InCard Technologies was named Marketing Chair of OATH. Malloy, who will direct all marketing, continuing education and new member activities, has more than 25 years of experience in the high-technology arena, with more than 10 years in the data security industry. He holds an undergraduate degree from Lowell Technological Institute, advanced degrees from the University of Massachusetts and an MBA from the New York Institute of Technology.
"In February 2007, OATH will celebrate its third anniversary and in that time, the organization has nearly tripled in size while establishing a record of technical achievement. An open-standards approach to authentication has been endorsed by the industry, and OATH will continue to work to bring solutions for strong, universal authentication," said Malloy. "I appreciate this important opportunity to raise the awareness of OATH and our mission, and look forward to continuing our track record of success in the New Year and beyond."
About the Initiative for Open AuTHentication
The Initiative for Open AuTHentication (OATH) is the industry's leading collaboration of device, platform and application companies, and end user customers of authentication technologies. OATH participants hope to foster use of strong authentication across networks, devices and applications. OATH participants work collectively to facilitate standards and build reference architecture for open authentication while evangelizing the benefits of strong interoperable authentication in a networked world. As OATH grows, the organization is actively seeking feedback and technology contributions from end user participants who share a common vision for open authentication technology and the products that provide this important measure of security.
OATH is dedicated to helping customers reduce the cost and complexity of deploying strong authentication within enterprises, and across the Internet. Since its formation, OATH's membership includes security industry leaders from token manufacturers, platform vendors, smartcard providers, and security services companies. End user companies are joining OATH to add their voice and ideas towards the goal of open authentication.
To join OATH and to see a list of its current membership, go to: http://www.openauthentication.org/membership.asp.
Access the enrollment form by visiting: http://www.openauthentication.org/membership_form.asp.
All company and product names are trademarks of their respective holders.