Authernative Cryptographic Module Achieves NIST Pre-Validation for FIPS 140-2

| From

REDWOOD CITY, Calif. - Dec. 10 (SEND2PRESS NEWSWIRE) -- Authernative, Inc., the developer of innovative user authentication and identity management technologies, announced today that the Authernative(R) Cryptographic Module has been placed on the Pre-validation list for the Federal Information Processing Standards Publications (FIPS) 140-2 Validation. FIPS 140-2 is a U.S. government computer security standard used to accredit cryptographic modules and certify private sector vendor products for use in government departments and regulated industries that collect, store, transfer, share and disseminate sensitive, but un-classified information. FIPS 140-2 validation is a requirement for any cryptographic product which will be used in a U.S. government agency network.

Authernative(R) Cryptographic Module is based on the recently issued U.S. Patent No. 7,299,356 titled "Key conversion method for communication session encryption and authentication system" which describes a new encryption key management system integrated into an interactive mutual authentication protocol. This protocol accomplishes mutual authentication through a secure exchange of session-only random symmetric encryption keys without allowing authentication credentials to cross non-trusted communication media.

"Authernative(R) Cryptographic Module provides for secure mutual authentication and session-only random symmetric key distribution in client-server architecture enabled with a multifactor authentication scheme. It allows eliminating asymmetric keys usage and overcomes certain weaknesses and difficulties in implementation, administration, maintenance, and cost containment of public key infrastructure (PKI), Kerberos, and some other commercially available authentication and key distribution systems and protocols", said Dr. Len Mizrah, CEO of Authernative, Inc. "The patented Key Conversion Array technology provides for security scalable with CPU power and network bandwidth, while being highly resilient against communication session eavesdropping attacks, replay man-in-the-middle attacks, online and offline computer-processing attacks, and session hijacking/phishing attacks".

The FIPS 140-2 standard is a joint effort by the National Institute of Standards and Technology (NIST) in the United States, and the Communications Security Establishment (CSE), under the Canadian government. The Cryptographic Module Validation Program (CMVP), headed by NIST, provides module and algorithm testing for FIPS 140-2, which applies to Federal agencies using validated cryptographic modules to protect sensitive government data in computer and telecommunication systems. FIPS 140-2 provides stringent third-party assurance of security claims on any product containing cryptography that may be purchased by a government agency.

Authernative(R) Cryptographic Module extends the end-to-end security capabilities of Authernative(R) AuthGuard(R) user authentication solution. AuthGuard(R) performs strong user authentication and client-server mutual authentication during the authentication stage of the communication session. Authernative was voted as a best solution provider at SecureGOV 2006 Strategic Intelligence Council Meeting and is committed to helping Federal agencies securely extend their networks and access for mobile workforce, employees, vendors, and public citizens. FIPS 140-2 validation of the Authernative(R) Cryptographic Module will provide Federal agencies and users with a high degree of security, assurance, and dependability. Authernative is invited to present at the upcoming SecureGOV 2008 Strategic Intelligence Council Meeting, March 9-11, 2008 in Williamsburg, Virginia.

The FIPS standard, which is mandated by law in the U.S. and very strictly enforced in Canada, is also currently being reviewed by ISO to become an international standard. FIPS 140-2 is gaining worldwide recognition as an important benchmark for third party validations of encryption products of all kinds.

In order to expedite the FIPS 140-2 validation process, Authernative partnered with Corsec Security, Inc., a consulting firm with over nine years of validation experience. "Corsec is proud to be working on the validation of the Authernative(R) Cryptographic Module," said Matthew Appler, CEO, Corsec Security, Inc. "Authernative's decision to undergo the stringent FIPS 140-2 validation process has shown their tremendous dedication to providing customers with proven third-party assurance."

About Authernative, Inc.
Authernative provides innovative patented software security solutions offering identity and access management capabilities including authentication, authorization, administration, and auditing. The company's products are used to prevent unauthorized access to confidential data, protected resources, and financial transactions. They allow organizations to lower the cost of providing, deploying and managing user authentication for enabling e-commerce and addressing regulatory compliance requirements. For further information, please visit

About Corsec Security, Inc.
Corsec Security, Inc. specializes in helping companies navigate through the complex process of receiving FIPS 140 and Common Criteria (CC) certifications. Corsec's consulting, document creation, and project management services deliver unmatched expertise in achieving government validation efforts at a firm, fixed price. Corsec partners with companies around the world to achieve local and international certification and to add security functionality to a wide range of products. Corsec minimizes the time, effort and money a vendor needs to invest in validation while ultimately maximizing the return on that investment. For further information, please visit

News Source:
Like, Share, Save this press release:
  TWEET   SHARE   G+   STUMBLE   LinkedIn   Instapaper   Buffer

The content of the above press release was provided by the “news source” (Authernative, Inc.) or authorized agency, who is solely responsible for its accuracy. Send2Press® is the originating wire service for this story and content is Copr. © 2007 Authernative, Inc. with newswire version Copr. © 2007 Send2Press (a service of Neotrope). All trademarks acknowledged.

Rights granted for reproduction by any legitimate news organization. However, if news is cloned/scraped verbatim, then original attribution must be maintained with link back to this page as “original syndication source.” Resale of this content for commercial purposes is prohibited without a license. Reproduction on any site selling a competitive service is also prohibited. Information is believed accurate, as provided by news source or authorized agency, however is not guaranteed, and you assume all risk for use of any information found herein/hereupon. This work is licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License.
STORY READS for this single page only, as of Oct 26 2016:
[ count retired 8.4.16 ]

Networks and Encryption, or: Search

back to top
REFERENCES: Corsec Security Inc, Authernative Inc, Authernative Inc, AuthGuard, Cryptographic Module, CEO Len Mizrah, Corsec Security Inc, FIPS 140 and Common Criteria certifications, patented software security solutions offering identity and access management capabilities including authentication, authorization, administration, and auditing, CEO Matthew Appler, news, press release from Authernative, Inc., Dec 10, 2007, Networks and Encryption, , , , , Authernative Cryptographic Module Achieves NIST Pre-Validation for FIPS 140-2