September 23, 1996 FREE 30-DAY TRIAL OF SECURITY SOFTWARE AVAILABLE AT BELLCORE'S WEB SITE Morristown, NJ, -- Bellcore, a leading provider of communications software, engineering and consulting services, today announced a commercial version of the S/KEY One-time Password Authentication System. The S/KEY system is a software solution that provides authorized users secure access to specified networks while protecting those networks and their users against password theft by electronic eavesdroppers. A 30-day trial copy of the new Windows-based S/KEY client software can be downloaded from Bellcore's web site at http://www.bellcore.com/SECURITY/skey.html. The 30-day trial version of the S/KEY client is available for Windows 3.1, Windows NT 3.5, 4.0, and Windows 95. This version can be used with the previous Bellcore S/KEY freeware servers. After completing a short questionnaire to determine the users system requirements, the S/KEY software is easily downloaded. Complete documentation for the client and for the S/KEY system is included in the help files. The growth of remote distributed computing and the increasing use of the Internet to access corporate computers has created unprecedented opportunities for password theft. Hackers can easily capture a remote user's password, compromising other network sites. Bellcore's S/KEY One-time Password Authentication software was developed to prevent this type of network eavesdropping. There are two sides to the S/KEY system - a server side and a client side. The server generates a challenge after receiving the clients login request. In response, the client generates the appropriate one-time password by combining the users personal pass phrase and a seed received in the challenge generated by the server. This one-time password is what is sent over the network to the server. After this one- time password has been successfully authenticated, the client is granted access to the server and the one-time password is never used again. Since an S/KEY user's private pass-phrase never crosses the network, and is not stored either on the client or the server side, pass-phrases are never exposed to theft. According to Milton Anderson, Bellcore's director of Enterprise Network Security, Bellcores S/KEY system compares favorably with other network security systems, like electronic security cards. The S/KEY system simplifies network security by eliminating the need to administer, maintain, and replace secure passwords and electronic card devices, said Anderson. The S/KEY servers store no secrets, so there is no extra security needed for the S/KEY system server. The user accesses each S/KEY server using a different seed value, so there is no need for synchronization between servers or a secure network to access a centralized server. The S/KEY clients don't store secrets either, so they can be distributed to users over the corporate network, just like other licensed software. The new Windows client has an extensive set of features to integrate with terminal emulators, dialers and Winsock, notes Anderson, so that in many cases a single click will allow the user to set up the connection to the corporate network, secure the connection, and pre-load a standard set of applications. The commercial version now being offered is backward compatible with the original Bellcore S/KEY software, which is in widespread use in industry, government and academia. It also conforms to the new Internet Engineering Task Force standard for one-time passwords in RFC 1938, produced by a working group which Bellcore co-chaired. Bellcore, headquartered in Morristown, NJ, is a leading provider of communications software, engineering, and consulting services based on world-class research. Bellcore creates business solutions that make information technology work for telecommunications carriers, businesses and governments worldwide. Bellcore has sales offices throughout the U.S., as well as international offices in London, Miami, Hong Kong and Tokyo. More information about other Bellcore products and services is available at its web site, http://www.bellcore.com or by calling 1-800-521-CORE. S/KEY is a trademark of Bellcore Microsoft is a registered trademark of Microsoft Corporation Windows is a trademark of Microsoft Corporation NT is a registered trademark of Microsoft Corporation ===================================================================== This directory is maintained by Bellcore for the convenience of people using or building S/KEY(tm) systems. S/KEY is a trademark of Bellcore. Other implementations of S/KEY code are included without comment as a convenience to the S/KEY community. These are included in the directories: nrl software from NRL crimelab.com.1.1 software from crimelab.com Other directories and their contents are: skey Bellcore's S/KEY code for UNIX docs Documentation including a paper on S/KEY authentication in postscript and troff form, and UNIX-style "man" pages dos Things related to running on PCs mac Mac software The file skey-archive contains the archives of the skey-users mailing list.