OATH Announces Availability Of Certification Compliance Program

OATH will verify and certify vendor products for conformance with the criteria specified in the OATH certification profiles

February 16, 2011

6 Min Read


SAN FRANCISCO--(BUSINESS WIRE)--OATH, the Initiative for Open AuTHentication, today announced the availability of the OATH Certification Compliance Program (OCCP). The organization made the announcement at the RSA Conference 2011 in San Francisco, the information security industrys largest tradeshow.

Under the program, OATH will verify and certify vendor products for conformance with the criteria specified in the OATH certification profiles. The program will be available to both OATH member and non-member companies.

OATH further announced that it has verified and certified products from the following member companies ActivIdentity, AuthenTec, Diversinet, DS3, Giesecke & Devrient, i-Sprint, Mi-token, NagraID, SafeNet, Symantec, Totaltexto, Technology Nexus, Vasco, and Verisec.

The program is a key deliverable from OATH and will provide assurance to our customers that products implementing OATH standards and technologies will function as expected and interoperate with each other, said Siddharth Bajaj, Chair for the OATH Certification Working Group and Technical Director in the User Authentication Group at Symantec. Further, we are delighted by the tremendous response to the program. This demonstrates a strong commitment to interoperability by the OATH vendor community.

For the first time customers can choose OATH products, both authentication tokens and validation servers from different providers, with the assurance that through the use of OATH standards and the Certification Compliance program they will interoperate seamlessly, said Philip Hoyer, OATH Technical Committee Co-Chair and Senior Architect CTO Office at ActivIdentity.

OATH also announced that it has published draft certification criteria for additional 2 profiles OCRA Standalone Client and OCRA Validation Server.

For further details on the program and full list of certified products:



Support for OATH Certification Program


Open standards ensure ActivIdentity secure identity solutions have the interoperability that our customers need when working with diverse organizations and protocols. OATH certification will provide our customers with the necessary assurance that their most critical assets will be protectedeven when interfacing with legacy systems of disparate agencies. -- Julian Lovelock, Senior Director, Product Marketing


We are pleased to add OATH Certification to our popular Eikon family of USB fingerprint readers, allowing AuthenTec to offer strong authentication in a cost-effective solution that can be easily added to a PC or other device. Adding OATH certification to our readers gives consumers even more confidence in our ability to deliver convenient one-touch security. -- Tom Aebli, Vice President of Software and e-Commerce


Diversinet is committed to providing a secure application platform that enables healthcare organizations to rapidly deploy HIPAA-compliant mHealth applications to anyone, anytime, anywhere, on mobile devices so everything is Connected and Protected. OATH certification reaffirms our dedication to maintaining the highest security standards within our MobiSecure' Health platform. --Albert Wahbe, Chairman and CEO


The OATH certification re-affirms the DS3 Authentication Server as a token-neutral, high-performance platform that delivers strong user authentication and transaction authorization for enterprise B2B/B2C applications. The DS3 Authentication Server is deployed in more than 40 banks, serving users in over 20 countries. Enterprises should take advantage of the OATH certification program to expand the range of tokens for their users. Tan Teik Guan, CEO

i-Sprint Innovations:

"With OATH, Our customers can now choose to deploy from a wider variety of token vendors and form factors based on different risk levels and at very competitive prices. It is key to de-couple the authentication device vendor from the authentication backend." -- Albert Ching - CEO


By completing the OATH certification for our products, Mi-Token demonstrates our committed to high security standards, our token agnostic philosophy and to reducing the cost and complexity of 2FA OTP deployment and management. -- Colin Bastable, CEO

NagraID Security:

We, at NagraID Security, are glad to be one of the early adopters in the OATH Certification Program and feel that our commitment in promoting open standards will be enhanced with the adoption of more devices leading to increased interoperability in the authentication marketplace. -- Philippe Guillaud, EVP and CTO


SafeNet is dedicated to protecting companies most sensitive corporate assets with robust, standards-based strong authentication solutions. By certifying SafeNets eToken solutions through the OATH Certification Compliance Program, SafeNet is continuing its ongoing commitment of providing customers with technological innovation. -- Andrew Young, Vice President, Authentication, SafeNet


Symantec has long supported the OATH standard as we believe the promotion of interoperability and open standards are critical to driving innovation and choice for users. The VeriSign' Identity Protection (VIP) platform supports OATH-compliant credentials for cards, tokens, and mobile phones to provide customers convenient, cloud-based access to two-factor authentication. -- Kerry Loftus, Senior Director of Product Management

Technology Nexus:

Trusted and certified interoperability for Authentication will play a key role in meeting the ever increasing threat from Identity Theft. Further more, increased used of open standards enables customers to select best-breed technology without the risk vendor lock-in. -- Per Hagero, CTO


"TOTALTEXTO is proud to be an OATH coordinator member. As a mobile software development company, focused on financial services, security is an extremely important issue. Therefore, we believe that adopting OATH as an industry standard for strong authentication is a critical step for delivering more secure and reliable products to our clients. Jorge Falcn, CTO


As a market leader in strong authentication, it is VASCOs objective to make its technology available on a multitude of authentication platforms. We are happy to be part of the new OATH compliance initiative. -- Jan Valcke, President and COO.

Verisec AB:

The certification program emphasizes OATH core value of interoperability, and provides the tools for existing and future members to test and certify against the common certification criteria. For our customers or partners looking to implement OATH, certification provides a quality assurance of the flexibility inherent in open architecture. -- Johan Henrikson, CEO

OATH Pavilion at the RSA Conference Booth #2123:

OATH will be exhibiting at the RSA Conference in San Francisco February 14th-18th 2011 showcasing a number of its members and their devices. OATH will be introducing its Certification program at RSA which will demonstrate interoperability among the members products. The OATH Pavilion is located at booth #2123.

About the Initiative for Open AuTHentication

The Initiative for Open AuTHentication (OATH) is the industrys leading collaboration of device, platform and application companies, and end user customers of authentication technologies. OATH participants foster use of strong authentication across networks, devices and applications. OATH participants work collectively to facilitate standards and build a reference architecture for open authentication while evangelizing the benefits of strong interoperable authentication in a networked world. As OATH grows, the organization actively incorporates feedback and technology contributions from end-user participants who share a common vision for open authentication technology and the products that provide this important measure of security.

To join OATH and to see a list of its current membership, go to: http://www.openauthentication.org/membership.asp.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights