SAN FRANCISCO -- OATH, the Initiative for Open AuTHentication, today announced the successful completion of the Symmetric Key Provisioning work that it had undertaken in collaboration with the Internet Engineering Task Force (IETF).
The working group has approved 3 standards that specify the necessary protocols and data formats to support transport and provisioning of symmetric keys and related meta-data as used in OATH authentication tokens. These standards are designed to enable both offline and online provisioning scenarios; as well as both single and bulk provisioning scenarios:
- Portable Symmetric Key Container (PSKC) – RFC 6030
- CMS Symmetric Key Package Content Type – RFC 6031
- Dynamic Symmetric Key Provisioning Protocol (DSKPP) – RFC 6063
These standards will enable provisioning of OATH OTP tokens dynamically into mass market consumer devices such as mobile phones, USB flash drives, desktops and fingerprint sensors. This will also obviate the need for consumers to carry a special purpose token for authentication to consumer or enterprise applications.
“This is an important milestone in improving usability, reducing cost and proliferating strong authentication widely to consumers,” said Don Malloy, Chair of the OATH Marketing Working Group and Director of Business Development for NagraID Security.
“These standards will facilitate interoperability for provisioning both authentication tokens and validation systems across vendors, enabling enterprises to easily deploy strong authentication to large user bases without relying on components sourced from a single vendor," said Mingliang Pei, OATH Technical Committee Co-Chair and Technical Director at Symantec.
These standards can be downloaded from the OATH website at: http://www.openauthentication.org/specifications
OATH will be exhibiting at the RSA Conference in San Francisco February 14th-18th showcasing a number of its members and their devices. OATH will be introducing its Certification program at RSA which will demonstrate interoperability among the members products. The OATH Pavilion is located at booth #2123
About the Initiative for Open AuTHentication
The Initiative for Open AuTHentication (OATH) is the industry’s leading collaboration of device, platform and application companies, and end user customers of authentication technologies. OATH participants foster use of strong authentication across networks, devices and applications. OATH participants work collectively to facilitate standards and build a reference architecture for open authentication while evangelizing the benefits of strong interoperable authentication in a networked world. As OATH grows, the organization actively incorporates feedback and technology contributions from end-user participants who share a common vision for open authentication technology and the products that provide this important measure of security.