REDWOOD CITY, Calif. — Authernative, Inc., the developer of innovative user authentication and identity management technologies, announced today that the Authernative(R) Cryptographic Module has been placed on the Pre-validation list for the Federal Information Processing Standards Publications (FIPS) 140-2 Validation. FIPS 140-2 is a U.S. government computer security standard used to accredit cryptographic modules and certify private sector vendor products for use in government departments and regulated industries that collect, store, transfer, share and disseminate sensitive, but un-classified information. FIPS 140-2 validation is a requirement for any cryptographic product which will be used in a U.S. government agency network.
Authernative(R) Cryptographic Module is based on the recently issued U.S. Patent No. 7,299,356 titled “Key conversion method for communication session encryption and authentication system” which describes a new encryption key management system integrated into an interactive mutual authentication protocol. This protocol accomplishes mutual authentication through a secure exchange of session-only random symmetric encryption keys without allowing authentication credentials to cross non-trusted communication media.
“Authernative(R) Cryptographic Module provides for secure mutual authentication and session-only random symmetric key distribution in client-server architecture enabled with a multifactor authentication scheme. It allows eliminating asymmetric keys usage and overcomes certain weaknesses and difficulties in implementation, administration, maintenance, and cost containment of public key infrastructure (PKI), Kerberos, and some other commercially available authentication and key distribution systems and protocols”, said Dr. Len Mizrah, CEO of Authernative, Inc. “The patented Key Conversion Array technology provides for security scalable with CPU power and network bandwidth, while being highly resilient against communication session eavesdropping attacks, replay man-in-the-middle attacks, online and offline computer-processing attacks, and session hijacking/phishing attacks”.
The FIPS 140-2 standard is a joint effort by the National Institute of Standards and Technology (NIST) in the United States, and the Communications Security Establishment (CSE), under the Canadian government. The Cryptographic Module Validation Program (CMVP), headed by NIST, provides module and algorithm testing for FIPS 140-2, which applies to Federal agencies using validated cryptographic modules to protect sensitive government data in computer and telecommunication systems. FIPS 140-2 provides stringent third-party assurance of security claims on any product containing cryptography that may be purchased by a government agency.
Authernative(R) Cryptographic Module extends the end-to-end security capabilities of Authernative(R) AuthGuard(R) user authentication solution. AuthGuard(R) performs strong user authentication and client-server mutual authentication during the authentication stage of the communication session. Authernative was voted as a best solution provider at SecureGOV 2006 Strategic Intelligence Council Meeting and is committed to helping Federal agencies securely extend their networks and access for mobile workforce, employees, vendors, and public citizens. FIPS 140-2 validation of the Authernative(R) Cryptographic Module will provide Federal agencies and users with a high degree of security, assurance, and dependability. Authernative is invited to present at the upcoming SecureGOV 2008 Strategic Intelligence Council Meeting, March 9-11, 2008 in Williamsburg, Virginia.
The FIPS standard, which is mandated by law in the U.S. and very strictly enforced in Canada, is also currently being reviewed by ISO to become an international standard. FIPS 140-2 is gaining worldwide recognition as an important benchmark for third party validations of encryption products of all kinds.
In order to expedite the FIPS 140-2 validation process, Authernative partnered with Corsec Security, Inc., a consulting firm with over nine years of validation experience. “Corsec is proud to be working on the validation of the Authernative(R) Cryptographic Module,” said Matthew Appler, CEO, Corsec Security, Inc. “Authernative’s decision to undergo the stringent FIPS 140-2 validation process has shown their tremendous dedication to providing customers with proven third-party assurance.”
About Authernative, Inc.
Authernative provides innovative patented software security solutions offering identity and access management capabilities including authentication, authorization, administration, and auditing. The company’s products are used to prevent unauthorized access to confidential data, protected resources, and financial transactions. They allow organizations to lower the cost of providing, deploying and managing user authentication for enabling e-commerce and addressing regulatory compliance requirements. For further information, please visit www.authernative.com
About Corsec Security, Inc.
Corsec Security, Inc. specializes in helping companies navigate through the complex process of receiving FIPS 140 and Common Criteria (CC) certifications. Corsec’s consulting, document creation, and project management services deliver unmatched expertise in achieving government validation efforts at a firm, fixed price. Corsec partners with companies around the world to achieve local and international certification and to add security functionality to a wide range of products. Corsec minimizes the time, effort and money a vendor needs to invest in validation while ultimately maximizing the return on that investment. For further information, please visit www.corsec.com
[tags]Authernative Cryptographic Module, FIPS and Common Criteria certifications, identity and access management[/tags]