Identita Announces Successful Third Party PCI-DSS Audit

PRESS RELEASE

Identita The Powered Card™ Identity Provider Announces Full Compliance with PCI-DSS Standard Rockley, Christ Church, Barbados,– Tuesday September 22nd, 2009 – Identita, The Powered Card™ provider of cross platform access, authorization and identity management solutions, announces the successful completion of a third party PCI-DSS audit on Identita’s Display OTP products and Identita’s Authentication Platform, Echosystem.

PCI-DSS requirement 8.3 states: Incorporate two-factor authentication for remote access (network level access originating from outside the network) to the network by employees, administrators, and third parties. Use technologies such as remote authentication and dial-in service (RADIUS); terminal access controller access control system (TACACS) with tokens; or VPN (based on SSL/TLS or IPSEC) with individual certificates.

The primary goals of this security assessment were to determine whether or not the Identita Display Card Authentication Platform can be considered a valid two-factor authentication solution for the purpose of compliance with the Payment Card Industry Data Security Standard (PCIDSS) requirement 8.3 and assess the security posture of our Echosystem authentication platform.

Based on the results of this security assessment, Identita believes that this solution can be considered a valid “additional authentication item” for the purposes of PCI DSS section 8.3 compliance. In addition, deploying the Identita Andromeda authentication server does not introduce any security vulnerabilities on to the network that would affect an organization’s PCI-DSS compliance status.

The Identita Echosystem Authentication Platform provides for robust user authentication, the strength of which is dependent upon how the customer chooses to implement the solution. We believe that if Identita’s current and future customers follow many of the implementation recommendations detailed in the PCI-DSS summary, the Identita Display Card Authentication Platform can provide extremely strong authentication.

Furthermore, a series of checks and tests were conducted to determine whether or not the Identita Echosystem Authentication Platform implements the recommendations set forth by the Open Authentication (OATH) Group RFC4226–“HOTP: An HMAC Based One time Password Algorithm” and the draft specification “TOTP: Time based One time Password Algorithm”.

Based on this assessment, Identita’s third party auditor believes that the Identita’s Authentication Platform is an appropriate implementation of the algorithm and security requirements set forth by the Open Authentication (OATH) Group in RFC4226 and the Time Based One Time Password draft specification. All items identified as “MUST” or “REQUIRED” in these open standards are included in the Identita Display Card Authentication Platform, and Identita Technologies has implemented additional proprietary features and algorithms to account for gaps and missing requirements in these open specifications.

Identita, the leader in powered card devices has mastered the art of designing secure electronic components. With today’s announcement Identita positions itself to lead the identity management field in several exciting verticals including advanced smart cards, biometric access control cards, electronic passports, loyalty cards, and the hot OTP display card market.

About Identita

With research and development facilities in Canada and its international offices in Barbados, Identita creates identity management solutions involving hardware tokens and client server application software. Identita’s EchoSystem platform is a multi-token aware identity management back-end with a complete suite of application modules to meet the requirements of virtually all verticals. Identita has developed unique proprietary handshake protocols to counter phishing, man-in-the-middle and man-in-the-browser attacks, using Public Key Infrastructure (PKI) and digital certificates. Identita currently manufactures an acoustic one-time password (OTP) smart card, an OTP display card (embedded, flexible display on the front of the smart card), Identita’s solution goes beyond traditional smart card implementation. Its credit card-sized format enables the inclusion of other technologies such as magnetic stripe, proximity chips, EMV chips, bar code, RFID and picture ID.

Press Contacts

Identita Technologies International SRL Archie Cuke, (246) 435-4614 e-mail – info@identita.com