Back to Archived News
Authernative Granted US Patent on Communication Session Encryption and Authentication System
Thursday, April 16, 2009
Redwood City, CA -- Authernative, Inc., the leading developer of innovative user authentication and identity management technologies, announced today that the United States Patent & Trademark Office has granted the company its patent for a communication session encryption and authentication system.
The newly issued US Patent No. 7,506,161 titled "Communication session encryption and authentication system" describes a new encryption key management system integrated with a two-factor authentication protocol. This system provides for mutual authentication of the connected parties in a client-server architecture which results in a secure distribution of secret session-only random symmetric encryption keys that are generated at the server and distributed to clients.
The advantages of Authernative's newly-patented authentication system are many-fold. Strong mutual authentication assures identification and verification of the parties who are communicating with each other. The patent's Message Encrypt/Decrypt Iterative Authentication (MEDIA) protocol achieves mutual authentication while assuring that the parties' actual shared secrets (authentication credentials) never cross un-trusted communication lines. Moreover, the key exchange and the authentication credentials are guarded by a number of security tiers within the MEDIA protocol, ensuring high resilience against various attacks, including session eavesdropping, replay man-in-the-middle, online and offline computer-processing attacks, and session hijacking. In addition, the secure exchange of the secret session-only random symmetric encryption key allows for continued secure data exchange after the communicating parties have been authenticated.
In a move to undermine the industry's security efforts towards encrypting data-at-rest, criminals are targeting data-in-transit. Recent data-in-transit attacks include the theft of credit/debit card data during point-of-sale transmission, PIN leakage between ATMs and computers processing the transactions, and data theft by various malware which compromises sensitive data entered by consumers during browser sessions. The wide proliferation of B2B and B2C e-commerce networks enabling connections from user's mobile devices, laptop/desktop computers, ATMs, POS terminals, set-top boxes, VOIP phones, GPS and other data processing devices necessitates enhancement of the security infrastructure at the consumer level, especially in the area of user authentication and data-in-transit security. Usage of Public Key Infrastructure (PKI) has certain limitations at the mass user level due to technology deployment complexities, cost, and administration of the consumers' keys / certificates. Authernative's patented MEDIA protocol overcomes these PKI issues by using two-factor authentication credentials adopted in e-commerce with the benefit of providing seamless mutual authentication and a secure session-only random symmetric encryption key distribution enabling further secure data exchange.
The security of the key exchange in the newly patented MEDIA protocol is based on innovative algorithms enabling the following three technologies: (1) a key generation architecture utilizing the Time Interplay Limited SRK (Session Random Key) Algorithm (TILSA), (2) a key exchange protocol utilizing the TILSA algorithm and communication parties' authentication credentials with Key Encryption/Decryption Iterative Algorithm (KEDIA), and (3) a Key Conversion Array (KCA) technology providing for high security message exchange over non-trusted communication media by utilizing either of Authernative's previously patented algorithms: Bit-Veil-Unveil (BitVU), Byte-Veil-Unveil (ByteVU), and Bit-Byte-Veil-Unveil (BBVU) - US Patent No. 7,299,356.
"This patent, along with a recently granted US Patent No. 7,299,356 titled 'Key conversion method for communication session encryption and authentication system' provide for a protected intellectual property and technology foundation for the company's AuthGuard authentication product," said Dr. Len Mizrah, President and CEO of Authernative. "These patented technologies extend the end-to-end security capabilities of Authernative AuthGuard user authentication solutions." AuthGuard performs strong user authentication and client-server mutual authentication during the authentication stage of the communication session and securely exchanges encryption keys to enable secure content delivery. The CrosSecure Authernative Cryptographic Module integrated into AuthGuard has received FIPS 140-2 certification from the National Institute of Standards and Technology (USA).
Authernative's latest patent adds to the company's patent portfolio solidifying the company's ability to provide innovative, secure and cost-effective user authentication and embedded encryption key management solutions. With identity theft, cyber crime, and data breaches escalating to an all time high, enterprises, government agencies, online service providers, and consumers can benefit from AuthGuard authentication product to secure access to networks, extranets, portals, applications, data, transactions, and devices.
About Authernative, Inc.
Authernative is a leading provider of innovative software security solutions offering identity and access management capabilities including authentication, authorization, administration, and auditing. The company's products are used to prevent unauthorized access to confidential data, protected resources, and financial transactions. They allow organizations to lower the cost of providing, deploying and managing user authentication for enabling e-commerce, e-government, and regulatory compliance. For further information, please visit http://www.authernative.com.
Back to Archived News