Research

1

• Research Advanced Products
• ___
• Group Update
• April 2004

2
Group Charter Four Areas of Focus
PRODUCT
TECHNOLOGY
New Product Concepts
Propagation
Disruptive Technologies
Standards
Prototyping
Product Funnel
Propagation Roadmap
Technology Positioning Paper
Standard Roadmap Participation
Charter Document available at P\\APRG\Group\Chart
er.doc
3
New Product Concepts

• MSS
• - Participated in Guardent close and integration
  discussions
• Partnership startups investigations Guidance
  Software , Fiberlink Communications, Sanctum,
  Lumeta, Intellitactics
• Intelligence (project Hercules)
• - Welcome Joe Adler, our new RAP member!
• Hired data mining expert to identify correlate
  data across existing new data sources
• Published Q1 Internet Security Internet Briefing
  and presented Web seminar
• Developed IP reputation concept and presented at
  the Tech Summit
• - Startups addamark, viewtrust, Network Physics,
  iDefense, vhayu, ThingMagic, cymfony, nMotion
• - Presented project Hercules concepts to MCI,
  InterNap
• - Working on synergies with Hydra/Electra,
  TeraGuard and IPRS
• Unified Strong Authentication Services
• - Gave first public demo of service at the sales
  conference (featuring for the first, and
  hopefully last, and Indian Q and a French James
  Bond -)
• Worked with marketing and legal to complete OEM
  deal with Aladdin just in time for RSA
• Subsequently Managed Aladdin technical
  relationship/integration.
• Managed client Desktop software engineering team
  and client development process
• - Continued to provide technical leadership for
  the overall strong auth project.

4
New Product Concepts (ii)

• Anti-Phishing
• - Convened crisis meeting of major banks (Bank
  America, Citibank) and technology providers
  (Microsoft, Yahoo, VeriSign)
• Was offered technical chair of antiphishing.org,
  an emerging community organization to combat
  phishing fraud
• Worked with marketing to enhance initial product
  from response to more complete offering
• Authenticated Sender Email Sender Accreditation
  
• - Established consensus amongst major players
  that accreditation services are essential
  compliment to authentication
• - IETF working group (VeriSign co-chair) MARID is
  developing IP/DNS based authentication scheme on
  fast track
• - Working with Yahoo on Domain Keys, but
  developments in anti-phishing tending towards
  more desirable S/MIME
• Secure Messaging Roadmap
• Led technical due diligence discussion with
  FrontBridge as a potential anti-spam/anti-virus
  partner
• Worked with BD to secure the relationship
  through MOU and business deal completion.
• - Lead early discussions with Cyveillance and
  NameProtect to explore how their anti-phishing
  detection services could be OEMed to complement
  VeriSigns Anti-Phishing Incidence Response
  solution.
• - Briefed Microsoft on our upcoming Secure
  Messaging offerings, and roadmap
• Driving product concept development efforts for
  Authenticated Domain List (SafeList)
• Driving S/MIME signing gateway for potential
  partnership with Microsofts Edge Server
  development team
• Worked with marketing to develop Intelligence
  Control positioning -- position ourselves as the
  only player capable of providing a complete
  solution for messaging security
• Integrated anti-spam filter story with data
  intelligence, anti-phishing authentication into
  one coherent complete offering that nobody else
  can replicate (the email security wheel
  concept, hopefully, wheel of fortune too!)

5
New Product Concepts (iii)

• Federated Identity
• - Worked with IBM to jointly author industry
  blueprint for federated Id mgt for early April
  (paper promotes strong authentication as an
  initial step towards federated networks where
  identities cannot be spoofed)
• - Participate in the cross BU synergy team on
  Identity - provided technical assistance to Ron
  Walker registry team.
• - Ongoing work with Kevin, Sundar to refine
  concept around Trust Assurance service and
  assertion signing certificates
• DRM
• - Participated in PR with MSFT, ContentGuard, UMG
  and a whole host of other content-related
  companies.
• Provided technical assistance to registry team
  in the context of discussions with Thomson Media
  on possible collaboration.
• RFID Security
• - Market research for security needs in the new
  EPC enabled supply chain
• - CGEY Participated in various discussions with
  CGEY on potential collaboration opportunities
• - Mead-westvaco Participating in current
  discussions with this RFID software development
  and specialty packaging solution provider
• SupplyScape Driving security discussions for a
  pilot that includes mPKI for the pharmecutical
  supply chain.
• BlueVector lead discussions with this RFID data
  management appliance maker
• - Attended the RFID Journal Live! trade show. Had
  security related RFID discussions with Accenture,
  Deloitte Touche, and Checkpoint.
• VOIP

6
Propagation

• General
• Microsoft dashboard update (ongoing summary of
  all Microsoft related activities, available at
  P\APRG\Presentations\Microsoft-initiatives.ppt)
• Universal Strong Authentication
• Developed OATH technical blueprint and roadmap
  and worked with Ajay to pitch OATH partners (IBM,
  SUN, HP, CheckPoint, Acalto, gemPlus)
• Worked with Ajay to develop initial governance
  and membership structure for OATH
• Working with marketing to define and sell
  channel bundle for SSL VPN (Aventail, netscreen,
  Checkpoint)
• Focused on falling first large Internet play
  (AOL, EBay, Merrill)
• - Drove integration discussions with IBM Tivoli,
  BEA and Aventail
• Initiated partnership/customer discussions with
  France Telecom
• Attended first and successful OATH meeting!
• Developed new OATH messaging around phishing
  ID theft as the economic driver for password
  replacement on the Internet
• Microsoft related
• - Continued to support the various teams in the
  capacity of Microsoft-liaison (various support
  issues, etc).
• Ongoing support on other MSFT initiatives - OCSP
  validation, Logotypes, etc.
• Early discussion for reputation service with
  iCard team.
• Pitched Strong Auth and OATH to Mike Nash with
  Mark Judy. Subsequently with Passport CTO and
  al.
• Updated anti-spam group on our upcoming launch
  of VeriSign messaging security services

7
Technical Standards

• GENERAL
• See complete and updated standard matrix at
  P\\APRG\Standards\StandardMatrix-v0.6.ppt for
  objectives
• Unified Strong Authentication (TCG OATH)
• - TCG Obtained co-Chair position in the new
  Infrastructure WG.
• - TCG Co-author TCG spec (with Intel and MSFT).
• TCG Represented VeriSign at the TCG Board
  meeting with German Economic Ministry
• OATH Working within technical WG to drive OTP
  algorithm standardization within OASIS
• Web Services / WS-I
• - Ongoing participation in the Basic Security
  Profile workgroup.
• -Weekly participation in the Basic Security
  Profile workgroup
• Attend the Vancouver WS-I plenary
• Liberty Alliance
• Participated in Liberty All Sponsors meeting
  Austin TX.
• Working with Michael Garrett from Amex to
  diffuse political concerns about potential
  conflicts between OATH and LAP
• RFID

8
Disruptive Technology

• Disruptive Technology on the radar
• Beginning discussion with VTS on using
  StrongAuth token for WDRS.
• Initial discussions with Gem Plus to replace SIM
  in GSM phones to turn mobile phones into cheap
  token for unified strong authentication service
• Initial discussion with Microsoft to prototype
  commerce reputation web service / trusted wallet
  that will leverage new Windows OS hook in
  LongHorn (icard)
• Early discussions for paid-email (Bill gate idea
  of charging per email).
• Patents IP
• - Filed patent extension for strong auth