CRYPTOCard Launches CRYPTO-Server 6.2: The First Browser-Integraged Two-Factor Authentication System For Apache Web Servers

ApacheCon Las Vegas, November 15, 2004 – CRYPTOCard (www.cryptocard.com), the innovative leader in authentication technology, today announced the launch of CRYPTO-Server 6.2, the world’s first browser-integrated two-factor authentication solution for Apache web servers at ApacheCon 2004 in Las Vegas. CRYPTO-Server 6.2’s CRYPTO-Web component makes it simple to authorise and positively identify all Apache web server users by coupling something in the user’s possession (a multi-function smart card, USB dongle token, hardware token, or software token), with something the user knows (their PIN). With almost 75 percent (or more than 13 million) of the world’s web servers running on Apache, CRYPTO-Server 6.2 represents a significant advance in authentication technology for the dominant player in the web medium.

CRYPTO-Server 6.2’s authentication server generates a unique password for every log-on attempt, eliminating the need for users to memorise, change, or manage a variety of static passwords. This not only significantly reduces the help-desk costs associated with resetting forgotten passwords, but also negates the obvious security risk resulting from users writing down their passwords (or using the same one for everything) or hackers obtaining stolen credentials (by network sniffing, social engineering, or shoulder-surfing). CRYPTO-Server 6.2’s familiar ATM-style protocol also eliminates the user resistance often encountered when organisations attempt to implement an additional layer of security, by making the system easier to use than static passwords.

CRYPTO-Server 6.2’s browser-based administrative interface makes it simple for organisations to support hundreds of Apache servers (for example, in a web farm) through a single interface, providing a single point of administration that makes it easy for organisations to implement and administer token-deployment – by simply importing existing LDAP (e.g. Active Directory or Open LDAP) directories or to support web farms or virtual web sites. CRYPTO-Server allows easy deployment and activation of software tokens, which can reside on a user’s handheld (for Win CE devices), desktop, laptop, or smart card – or for users to activate their hardware tokens (USB, key-chain, or numeric pin-pad).

“An organisation cannot guarantee system security if it cannot authenticate each individual user, and this was practically impossible for Apache server-based applications and users,” explained Malcolm MacTaggart, President & CEO, CRYPTOCard Corporation. “CRYPTOCard firmly believes in making easy to use, cost effective, authentication available to everybody, and with nearly 75 percent of web servers running on Apache, CRYPTO-Server 6.2 obviously represents a significant advance in this regard.”

CRYPTO-Server 6.2 also includes CRYPTOCard’s innovative “Follow-Me Computing” that makes it easy for server-based computing (Citrix or MS Terminal Services) users to start a remote session by simply inserting their CRYPTOCard multi-function smart card, or USB dongle token, and entering their PIN. Then, after logging off by simply removing their authentication device, the user is free to reinsert their smart card or USB dongle token and enter their PIN at another thick-client or thin-client terminal to resume the same session at exactly the point at which it was suspended (e.g. Cell D3, in a Microsoft Excel spreadsheet) – the applications literally follow the user around the building or campus. The system can also be set by the administrator to lock the machine or to simply log-off the user.

By coupling “Follow-Me Computing” with the door access capability of CRYPTOCard’s smart card, an organisation can ensure that users have to log off after every session in order to be able to travel around the campus – eliminating the considerable security risk associated with users leaving a computer logged on – particularly in the health services, government, and financial services sectors. Alternatively, CRYPTOCard’s newly-developed USB dongle token, that plugs straight into a computer’s USB port, enables organisations to provide users with smart card-like ease of use without incurring the expense of having to purchase smart card readers.

CRYPTO-Server 6.2’s other components include CRYPTO-Web, which protects Apache and IIS Websites down to the page level; CRYPTO-Kit, which provides developers with the tools to make it simple to integrate CRYPTOCard’s technology with existing security applications/systems; CRYPTO-Deploy, to facilitate the deployment and activation of tokens; CRYPTO-VPN, that makes it simple to provide authenticated access to third-party VPNs (e.g. Cisco, Checkpoint, Neoteris, and Nortel); and CRYPTO-Migration; which provides RSA Migration functionality that enables organisations to switch from an alternative system (CRYPTOCard’s tokens, with replaceable batteries, are deployed once and can be utilised indefinitely).

CRYPTO-Server 6.2 will ship for the Windows and OS X (Panther) server operating systems in the next few weeks. A five-user (all-you-need-in-1-box – the full server software plus five tokens) bundle will be available for $499. CRYPTO-Web for Apache will also be available for the Linux platform shortly. CRYPTOCard’s products are available from Tech Data and other distributors, integrators, and resellers throughout the world. For more information on CRYPTO-Server 6.2, please go to www.cryptocard.com, or visit CRYPTOCard at ApacheCon 2004 in Las Vegas.

About CRYPTOCard Corporation
Established in 1989, CRYPTOCard provides cost-effective Secure Password Technology to leading enterprises worldwide in the government, technology, aerospace, financial, telecommunications, and healthcare sectors. CRYPTOCard positively authenticates a user’s identity by coupling something in the user’s possession (a smart card, hardware token, or software token), with something the user knows (their PIN), and provides centralized authentication for all physical and network access regardless of network infrastructure or user location. CRYPTOCard’s partners include Microsoft (Nasdaq: MSFT), Apple (Nasdaq: AAPL), Cisco (Nasdaq: CSCO), Check Point (Nasdaq: CHKP), Citrix (Nasdaq: CTXS), Entrust (Nasdaq: ENTU), Oracle (Nasdaq: ORCL), Sun Microsystems (Nasdaq: SUNW), and Macromedia (Nasdaq: MACR). For additional information on CRYPTOCard, please go to www.cryptocard.com, or visit us November 15-17 at ApacheCon 2004.