Authernative, the leading developer of innovative user authentication and identity management technologies, announced today that the United States Patent and Trademark Office has granted the company its patent for encryption key generation method.
The newly issued US Patent No. 7,577,987 titled "Key generation method for communication session encryption and authentication system" describes a new encryption key management system integrated with a two-factor authentication protocol. This system provides for mutual authentication of the connected parties in a client-server architecture which results in a secure distribution of secret session-only random symmetric encryption keys that are generated at the server and distributed to clients.
The wide proliferation of B2B and B2C e-commerce networks enabling connections from user's mobile devices, laptop/desktop computers, ATMs, POS terminals, set-top boxes, VOIP phones, GPS and other data processing devices necessitates enhancement of the security infrastructure at the consumer level, especially in the area of user authentication and data-in-transit security. Usage of Public Key Infrastructure (PKI) has certain limitations at the mass user level due to technology deployment complexities, cost, and administration of the consumers' keys / certificates. Authernative-patented MEDIA(TM) protocol overcomes these PKI issues by using two-factor authentication credentials adopted in e-commerce with the benefit of providing seamless mutual authentication and a secure session-only random symmetric encryption key distribution enabling further secure data exchange.
"Authernative's encryption key management system enables an easy to administer high security solution," said Dr. Len Mizrah, President and CEO of Authernative. "The advantage of the MEDIA(TM) protocol is a capability to mutually authenticate with the server either a client platform or a human user at the client platform, depending on credentials utilized. In both cases, it protects from pharming or phishing attacks respectively."
The security of the key exchange in the MEDIA(TM) protocol is based on innovative algorithms enabling the following three Authernative-patented technologies: (1) a key generation architecture utilizing the Time Interplay Limited SRK (Session Random Key) Algorithm (TILSA(TM)) - US Patent No. 7,577,987, (2) a key exchange protocol utilizing the TILSA(TM) algorithm and communication parties' authentication credentials with Key Encryption/Decryption Iterative Algorithm (KEDIA(TM)) - US Patent No. 7,506,161, and (3) a Key Conversion Array (KCA(TM)) technology providing for high security message exchange over non-trusted communication media by utilizing either of patented algorithms: Bit-Veil-Unveil (BitVU(TM)), Byte-Veil-Unveil (ByteVU(TM)), and Bit-Byte-Veil-Unveil (BBVU(TM)) - US Patent No. 7,299,356.
These patented technologies embedded into Authernative AuthGuard(R) user authentication product enable strong user authentication and client-server mutual authentication during the authentication stage of the communication session and secure exchanges of encryption keys to allow secure content delivery. The CrosSecure(R) Authernative(R) Cryptographic Module integrated into AuthGuard(R) has received FIPS 140-2 certification from the National Institute of Standards and Technology (USA).
AuthGuard® offers a suite of one-factor, layered, and multi-factor authentication to meet a variety of security and usability requirements. AuthGuard(R) user authentication is electronically mass deployable, has scalable security, high usability, low total cost of ownership, and efficient integration/customization options with legacy environments. The product provides fully automated operation modes for secure login, set-up, and reset of all AuthGuard(R) authentication methods including enhanced password, pattern-based one-time password, one-time challenge one-time response, out-of-band, one-time pin, and secure in-band authentication.
The newly granted patent solidifies the company's ability to provide innovative, secure and cost-effective user authentication solutions. With identity theft, cyber crime, and data breaches escalating to an all time high, enterprises, government agencies, online service providers, and consumers can benefit from the AuthGuard(R) authentication product to secure access to networks, extranets, portals, applications, data and devices.