BioPassword:
A software-based technology that learns and verifies unique typing
patterns. Includes an introduction to biometrics and keyboard
dynamics.
http://www.biopassword.com/
Open Systems Management:
Password synchronization and role based access control across UNIX,
Windows NT and resident applications. Site contains FAQs.
http://www.osmcorp.com/
Secure Remote Passwords:
Software integrates into existing networked applications. Secure
telnet and FTP available. Open source. User and technical
documentation as well as source code.
http://srp.stanford.edu/
Blockade Systems:
Password synchronization and enterprise-wide access control
management software. Includes a return-on-investment calculator.
http://www.blockade.com/
Unisys:
Makers of several related products. Site includes rationale as well
as comprehensive usage information.
http://www.unisys.com/
Pluggable Authentication Modules:
Sun's official PAM documentation. Programmer documentation and
source code.
http://www.sun.com/solaris/pam/
Ankari:
Offers authentication, network security software, and IT security
solutions. Includes white papers and introductory material.
http://www.ankari.com/
RSA Security:
Products include token-based one time password systems and single
sign on systems. Site contains information on security.
http://www.rsasecurity.com/
Vasco:
Makers of both software and hardware systems. Demos, case studies
and product information.
http://www.vasco.com/
SecureUser.net:
Providers of tools to e-commerce developers. Site includes a
technology explanation and case studies.
http://www.SecureUser.net
IIS User Authentication Tutorial:
Information on various methods for WWW password protection using
Internet Information Server (IIS). Text-based tutorial with some
screenshots.
http://www.authenticationtutorial.com/
iisPROTECT:
Functions with Internet Information Server to secure web sites.
Includes live demo.
http://www.iisPROTECT.com/
NexRealm Software:
Makers of a system which continuously assesses usage patterns, and
interrupts Windows NT sessions if the pattern deviates from the
authorized user's pattern. Site makes heavy use of sound and
graphics.
http://www.nexrealm.com
iDEX Systems, Inc.:
Java-powered iButton based personal identity management security
services and digital certificate authentication for secure logon,
secure messaging, and digital signatures.
http://www.idexsys.com
SeqID, Inc.:
Offers organizations subscription-based strong authentication and
access management security for critical web-based applications,
content & VPN services. Product and corporate information.
http://www.seqid.com
Flicks Software:
Software password protects web content (Windows NT / 2000). Free
trial downloads available.
http://www.flicks.com
Remote User Authentication in Libraries:
Comprehensive collection of resources for libraries and
universities. Includes links to software and some links of interest
to non-librarians.
http://library.smc.edu/rpa.htm
iT_SEC:
A switzerland-based company providing consulting services.
Tri-lingual site describes their philosophy, and answers questions
about their technologies.
http://www.it-sec.com/index_e.php
I/O Software:
Provider of software solutions, including biometric solutions. Site
includes product descriptions and technology licensing terms.
http://www.iosoftware.com/
Motus Technologies:
Develops software based on cryptography and the use of smart cards
to secure storage of, access to and transmission of confidential
data.
http://www.motus.com/
A Proactive Password Checker:
Paper by M. Bishop, 1991. The author describes a technique, and a
mechanism, to allow users to select passwords which to them are easy
to remember but to others would be very difficult to guess.
[Postscript]
http://seclab.cs.ucdavis.edu/papers/mb91c.ps
Password Management:
Paper by M. Bishop, 1991. Discusses problems of password selection
and password management, and identifies relevant techniques. [PDF]
http://seclab.cs.ucdavis.edu/papers/pdfs/mb-91.pdf
Protecting Poorly Chosen Secrets from Guessing Attacks:
Paper by L. Gong, T.M.A. Lomas, R.M. Needham, and J.H. Saltzer
(1993). Examines common forms of guessing attacks, develops examples
of cryptographic protocols that are immune to such attacks, and
suggests a systematic way to examine protocols to detect
vulnerabilities to such attacks. [Gziped Postscript]
http://java.sun.com/people/gong/papers/password-guessing.ps.gz
Dos and Don'ts of Client Authentication on the Web:
Paper by Kevin Fu, Emil Sit, Kendra Smith, and Nick Feamster. In the
Proceedings of the 10th USENIX Security Symposium, Washington, D.C.,
August 2001. [PDF]
http://www.pdos.lcs.mit.edu/papers/webauth:sec10.pdf
