"Zero Knowledge Authentication"? (was Cryptolog Unicity Software-Only Digital Certificates)

[R. A. Hettinga]

<http://home.businesswire.com/portal/site/google/index.jsp?ndmViewId=news_view&newsId=20031210005099&newsLang=en>



 
December 10, 2003 09:02 AM US Eastern Timezone
Cryptolog Introduces Unicity -- the First Software-Only Solution Enabling
Digital Certificates to Be Issued in High Security and High Volume
Environments



    
Infosecurity 2003

Booth # 144

 NEW YORK--(BUSINESS WIRE)--Dec. 10, 2003--

 
Launch Marks the First Commercial Use of "Zero-Knowledge" Authentication
 

Cryptolog, a leading data security and cryptography firm, today launched
Unicity, a new software-only solution that deploys digital certificates to
end-users based on "zero knowledge" authentication and virtual smart cards.
Unicity marks the first commercial use of "zero knowledge" authentication.

Previously used primarily in scientific/academic applications, "zero
knowledge" authentication is a method of proving a user's identity without
revealing his password to the verifier. Using this technology, Unicity
allows companies to issue digital certificates securely on a software-only
basis, eliminating the need to supply employees, partners and clients with
special hardware, or to require them to locally store certificates on their
computers. The private data is never stored on the user's hard drive, and
is erased from the RAM as soon as the user no longer needs it.

How Unicity Works

1. Zero knowledge authentication

2. Retrieval of internal key

3. Retrieval of virtual smart card with encrypted data

4. Local decryption

5. Use of the private key

Unicity Offers A Clear Competitive Advantage

With regards to digital certification, none of the current solutions to
distribute private keys to end-users offers an ideal trade-off between cost
and security. With its virtual smart card technology, Cryptolog offers a
highly secure, easy-to-use solution to store digital certificates and
private keys. The solution can be used with or without an existing PKI and
is highly adaptable in a variety of contexts, such as online banking and
transactions, digital signature, secure collaborative work, data
protection, secure e-mail, strong authentication, simple PKI deployment and
digital vote.

"Our Unicity solution solves the problem of private data storage typically
associated with Public-Key Infrastructures (PKI)," stated Alexandre Stern,
president of Cryptolog. "By replacing smart cards or USB tokens with our
innovative software system, customers will experience a simpler and faster
deployment and receive a much lower total cost of ownership."

The Unicity solution consists of a virtual smart card server and various
applications, available as plug-ins or as Java applets, and enables users
to complete the following tasks:

-- Authenticate and certify transactions

Especially appropriate to financial services firms and payment providers,
Unicity helps protect against electronic fraud by giving each employee or
client a unique digital identity. A user can then use this identity to
authenticate himself or to digitally sign transactions.

-- Encrypt and sign e-mails

The digital identities provided via the Unicity solution can be used to
encrypt and electronically sign emails, giving legal value to digital
documents. Users do not need to change anything to their existing mail
infrastructure.

-- Implement a secure collaborative platform

Combining Unicity software with a server dedicated to data storage,
customers can be provided with a 'virtual safe.' Users can store documents
securely and provide access rights to select individuals. The platform also
manages the digital signature feature adapted for collaborative projects,
notably in the legal field or for research-based projects.

Release of the Unicity Solution follows two years of intensive research
work in Europe. It is compatible with a variety of software applications,
including: Internet Explorer, Netscape Navigator, Mozilla (for strong
authentication), Outlook, Outlook Express, Netscape Mail, Lotus Notes v6
(for e-mail signature and encryption).

About Cryptolog International

Founded in 2001, Cryptolog is a leading data security and cryptography firm
dedicated to protecting companies' and governments' sensitive information
and fighting digital fraud on open networks. Cryptolog has assembled a
world-class team of cryptography researchers to develop innovative
approaches to distributing secure content to end-users, as well as private
keys used within a Public-Key Infrastructure (PKI). Cryptolog is currently
working with two of the largest French banks, a leading European insurance
company, two of the world's largest telecom operators and various
governmental agencies. Additional U.S. customers are expected to be
announced in early 2004.
Contacts Citigate Cunningham
Sandy George, 617-374-4210
sgeorge at citigatecunningham.comPrint this release
Terms of Use   |   © Business Wire 2003

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com