AuthAgent X.509 digital certificate authentication (617)
AuthAgent X.509 is an implementation of public key and digital certificate authentication for use as either an authentication mechanism for various network security protocols or as a standalone authentication agent that can be used by embedded applications. It is a member of the AuthAgent family of authentication products offered by TeamF1.
AuthAgent X.509 certificate authentication provides a convenient way to add highly-secure authentication to embedded devices. Features include:
- Robust authentication framework using ITU-T X.509 digital certificates
- Interoperable with standard X.509 implementations on other platforms
- Support for validating certificates against a list of trusted certificates
- Certificate Revocation List support
- APIs for customizing the certification validation procedure
- Support for multiple CPU types of either endian-ness including PowerPC, MIPS, X86, ARM/XScale
- Royalty-free full source distribution for VxWorks and Linux
- AuthAgent RADIUS: A Remote Authentication Agent
- AuthAgent Kerberos: A Kerberos Authentication Agent
- V-IPSecure IPSec & IKE: Network Layer Security
- SSHield SSH: Secure Shell & SFTP/SCP
AuthAgent X.509 provides the ability to validate certificates issued by a trusted Certificate Authority (CA) and includes advanced features such as certificate generation and revocation. Given its small footprint and ability to scale out optional features, AuthAgent X.509 is ideally suited for use in embedded environments.
Authentication is a critical component of secure communications, and digital certificates are credentials that verify identity using Public Key Cryptography. This type of cryptography provides a scalable form of encryption that does not rely on the sharing of secrets. Instead, it uses a key pair that consists of two related keys -- a public key and a private key. The public key can be used to verify a message signed with the corresponding private key or to encrypt a message that can only be decrypted using the corresponding private key. However, verifying the identity of an entity claiming ownership of the public key is still required for authentication. A Digital Certificate binds an identity to a key pair and is issued by a trusted third-party called a Certificate Authority (CA). It is digitally signed with the CA private key after it has verified the identity of the entity and hence, it is tamper-proof and easily portable which makes it ideal for embedded device authentication.
The popular ITU (International Telecommunications Union) X.509 standard provides a structure for public-key certificates. X.509 digital certificates include not only an entity name and public key, but also other information about the entity. AuthAgent X.509 enables a certificate authenticator to verify the certificate subject, and also obtain other trust-worthy information about the certificate subject. It provides flexible APIs for validating certificates against a list of trusted CAs and for customizing the certification validation procedure based on various attributes retrieved from the certificate.
AuthAgent X.509 can be used as a stand-alone authentication mechanism for embedded applications in situations where device identity or access control has to be established. Additionally, AuthAgent X.509 is natively integrated with network security protocol implementations offered by TeamF1, providing authentication for SSLimSecure (SSL), SSHield (SSH), V-IPSecure (IPsec), and X-Calibur (802.1X). It can also be used for the initial identification phase of Kerberos authentication in PKINIT mode, and can be integrated with various third-party protocol implementations.
AuthAgent X.509 is a drop-in component for many real-time and embedded operating systems (OSs) including VxWorks 5.x, 6.x, and AE/653, and Linux 2.4 and 2.6 kernels. It has been extensively validated on a variety of CPU architectures, which minimizes development and integration efforts. AuthAgent X.509 is uniquely optimized for each embedded OS supported, such as multi-tasking, memory partitions, security threats, and abstractions that are lean, yet fast and full-featured.
If you are interested in more information on how Wind River partners with this company, click here.