VeriSign Inc will announce that it has submitted part of its Open Authentication Reference Architecture, which it calls OATH, to the Internet Engineering Task Force for discussion as a possible one-time password standard.
VP and general manager of security services Judy Lin said that OATH submitted the one-time password generation algorithm, currently only supported in the authentication tokens VeriSign sells via its OEM deal with Aladdin Knowledge Systems Inc.
OATH was introduced in February to coincide with VeriSign’s entry into the token market. The company is hoping pushing a standards based offering will help it take market share from RSA Security Inc, the market leader.
RSA’s SecurID tokens use a proprietary time-based algorithm, whereas VeriSign’s use a sequence-based algorithm. Tokens increase logon security because they require you to be in possession of the token as well as a remembered password.
Additionally, VeriSign will announce today, that America Online Inc and US Bank are to use VeriSign token systems in some of their services, and that IBM Corp is to support them in its Tivoli access control systems, Lin said.
US Bank is the first major reference customer for Unified Authentication, a service it announced a month ago, which enables companies to run various kinds of authentication, including two-factor tokens and digital certificates, on the same platform.
Lin said that US Bank is using the hosted version of UA, rather than the premises-based offering that many large enterprises were expected to take. The service will be deployed to authenticate corporate banking customers, she said.
VeriSign has also signed a deal to work with AOL that initially means AOL will support a VeriSign child-safety initiative that allows children to sign into chat rooms using a token that identifies them as a kid.
AOL announced a month ago that RSA will provide the optional strong authentication for the AOL service proper, with an optional feature AOL calls PassCode, but Lin said AOL has agreed to investigate also using VeriSign tokens in that part of the service.
IBM Tivoli software will also now be bundled with some VeriSign modules that enable UA, if purchased separately, to be deployed alongside Tivoli out of the box, Lin said.