Authernative Granted US Patent on Communication Session Encryption and Authentication System

| From

REDWOOD CITY, Calif., April 14 (SEND2PRESS NEWSWIRE) -- Authernative, Inc., the leading developer of innovative user authentication and identity management technologies, announced today that the United States Patent & Trademark Office has granted the company its patent for a communication session encryption and authentication system.

Authernative patentThe newly issued US Patent No. 7,506,161 titled "Communication session encryption and authentication system" describes a new encryption key management system integrated with a two-factor authentication protocol. This system provides for mutual authentication of the connected parties in a client-server architecture which results in a secure distribution of secret session-only random symmetric encryption keys that are generated at the server and distributed to clients.

The advantages of Authernative's newly-patented authentication system are many-fold. Strong mutual authentication assures identification and verification of the parties who are communicating with each other. The patent's Message Encrypt/Decrypt Iterative Authentication (MEDIA™) protocol achieves mutual authentication while assuring that the parties' actual shared secrets (authentication credentials) never cross un-trusted communication lines. Moreover, the key exchange and the authentication credentials are guarded by a number of security tiers within the MEDIA™ protocol, ensuring high resilience against various attacks, including session eavesdropping, replay man-in-the-middle, online and offline computer-processing attacks, and session hijacking. In addition, the secure exchange of the secret session-only random symmetric encryption key allows for continued secure data exchange after the communicating parties have been authenticated.

In a move to undermine the industry's security efforts towards encrypting data-at-rest, criminals are targeting data-in-transit. Recent data-in-transit attacks include the theft of credit/debit card data during point-of-sale transmission, PIN leakage between ATMs and computers processing the transactions, and data theft by various malware which compromises sensitive data entered by consumers during browser sessions. The wide proliferation of B2B and B2C e-commerce networks enabling connections from user's mobile devices, laptop/desktop computers, ATMs, POS terminals, set-top boxes, VOIP phones, GPS and other data processing devices necessitates enhancement of the security infrastructure at the consumer level, especially in the area of user authentication and data-in-transit security. Usage of Public Key Infrastructure (PKI) has certain limitations at the mass user level due to technology deployment complexities, cost, and administration of the consumers' keys / certificates. Authernative's patented MEDIA™ protocol overcomes these PKI issues by using two-factor authentication credentials adopted in e-commerce with the benefit of providing seamless mutual authentication and a secure session-only random symmetric encryption key distribution enabling further secure data exchange.

The security of the key exchange in the newly patented MEDIA™ protocol is based on innovative algorithms enabling the following three technologies: (1) a key generation architecture utilizing the Time Interplay Limited SRK (Session Random Key) Algorithm (TILSA™), (2) a key exchange protocol utilizing the TILSA™ algorithm and communication parties' authentication credentials with Key Encryption/Decryption Iterative Algorithm (KEDIA™), and (3) a Key Conversion Array (KCA™) technology providing for high security message exchange over non-trusted communication media by utilizing either of Authernative's previously patented algorithms: Bit-Veil-Unveil (BitVU™), Byte-Veil-Unveil (ByteVU™), and Bit-Byte-Veil-Unveil (BBVU™) - US Patent No. 7,299,356.

"This patent, along with a recently granted US Patent No. 7,299,356 titled 'Key conversion method for communication session encryption and authentication system' provide for a protected intellectual property and technology foundation for the company's AuthGuard® authentication product," said Dr. Len Mizrah, President and CEO of Authernative. "These patented technologies extend the end-to-end security capabilities of Authernative® AuthGuard® user authentication solutions." AuthGuard® performs strong user authentication and client-server mutual authentication during the authentication stage of the communication session and securely exchanges encryption keys to enable secure content delivery. The CrosSecure® Authernative® Cryptographic Module integrated into AuthGuard® has received FIPS 140-2 certification from the National Institute of Standards and Technology (USA).

Authernative's latest patent adds to the company's patent portfolio solidifying the company's ability to provide innovative, secure and cost-effective user authentication and embedded encryption key management solutions. With identity theft, cyber crime, and data breaches escalating to an all time high, enterprises, government agencies, online service providers, and consumers can benefit from AuthGuard® authentication product to secure access to networks, extranets, portals, applications, data, transactions, and devices.

About Authernative, Inc.:

Authernative is a leading provider of innovative software security solutions offering identity and access management capabilities including authentication, authorization, administration, and auditing. The company's products are used to prevent unauthorized access to confidential data, protected resources, and financial transactions. They allow organizations to lower the cost of providing, deploying and managing user authentication for enabling e-commerce, e-government, and regulatory compliance.

For further information, please visit

News Source:
Like, Share, Save this press release:
  TWEET   SHARE   G+   STUMBLE   LinkedIn   Instapaper   Buffer

The content of the above press release was provided by the “news source” (Authernative, Inc.) or authorized agency, who is solely responsible for its accuracy. Send2Press® is the originating wire service for this story and content is Copr. © 2009 Authernative, Inc. with newswire version Copr. © 2009 Send2Press (a service of Neotrope). All trademarks acknowledged.

Rights granted for reproduction by any legitimate news organization. However, if news is cloned/scraped verbatim, then original attribution must be maintained with link back to this page as “original syndication source.” Resale of this content for commercial purposes is prohibited without a license. Reproduction on any site selling a competitive service is also prohibited. Information is believed accurate, as provided by news source or authorized agency, however is not guaranteed, and you assume all risk for use of any information found herein/hereupon. This work is licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License.
STORY READS for this single page only, as of Oct 26 2016:
[ count retired 8.4.16 ]

back to top
REFERENCES: encryption and authentication, Authernative, US Patent No 7506161 titled Communication session encryption and authentication system, Authernative, Inc., B2B and B2C e-commerce networks, patent for a communication session encryption and authentication system, CEO Len Mizrah, B-NAB, news, press release from Authernative, Inc., Apr 14, 2009, Patent and Trademark, , , Redwood City, California, Authernative Granted US Patent on Communication Session Encryption and Authentication System