In front of the big RSA security event in San Francisco, there has been a spate of activity surrounding authentication technology. This is good news for all of us who would like our online experiences to be both hassle-free (not having to remember numerous passwords and other codes) and yet provide us with increased peace of mind that our critical information is safe and secure.
And, while the attention thus far has been focused on product launches and standardization efforts like the FIDO (Fast IDentity Online) Alliance, as we all know there is a lot of intellectual property needed if we are to move from the chaotic state of today to the frictionless one promised for the near future. For this reason, there is announcement that you may have not been aware of that I’d like to draw attention to because of its significance. Mobile access management company SecureAuth, has been issued two patents by the US Patent and Trademark Office.
- Patent 8,301,877 is for configuring a valid duration period for a digital certificate
- Patent 8,327,142 is for facilitating secure online transactions
To paraphrase the wonderful hit by Scott McKenzie, San Francisco(which became an anthem of the counter-culture in the late 1960’s), if you are going to San Francisco you don’t have to wear flowers in your hair but you might wish to navigate your way over to the SecureAuth booth where the patented technology within a new mobile identity management solution will be on display.
Here are the abbreviated looks and links to the patents.
Patent 8,301,877 is a method for the registration of X.509 certificates used to digitally sign and authenticate a user and server. It securely abstracts certificate delivery of the certificate identity (user name), expiration and attributes. The benefit is it greatly simplifies deploying X.509 delivery and authentication for user and server access among mobile, Web, cloud and network access points.
Patent 8,327,142 is a method for mutually authenticating a client and a server by validating X.509 certificates through bilateral authentication without the need of a traditional C-SSL exchange. The benefit is it removes systems prompts from certificate storage and retrieval and greatly simplifies the user experience, especially in mobile environments.
“Coding for user authentication and deployment of certificates within an enterprise is very burdensome and certainly not practical as IT departments expand their access restrictions to mobile devices,” commented Garret Grajek, chief technology officer at SecureAuth, in a statement. “The two patents awarded to SecureAuth address these issues and have already shown significant market acceptance with the broad adoption of SecureAuth IdP, which now has more than 10 million corporate end users.”
For those not familiar, SecureAuth IdP authenticates user identities using two-factor authentication and enables single-sign-on from any device to any network access point . Integration of the technology will be extended to new products addressing growing enterprise mobile access and identity management challenges due to BYOD. As anyone who has navigated the patent process knows, like good wine it takes time. The patents cover important aspects of authentication, particularly in terms of enabling an easier and more secure future. It will be interesting to see how the SecureAuth chooses to employ it next.