September 23, 1996

FREE 30-DAY TRIAL OF SECURITY SOFTWARE 
AVAILABLE AT BELLCORE'S WEB SITE

	Morristown, NJ, -- Bellcore, a leading provider of 
communications software, engineering and consulting services, 
today announced a commercial version of the S/KEY One-time 
Password Authentication System. The S/KEY system is a software 
solution that provides authorized users secure access to 
specified networks while protecting those networks and their 
users against password theft by electronic eavesdroppers.
	A 30-day trial copy of the new Windows-based S/KEY client 
software can be downloaded from Bellcore's web site at 
http://www.bellcore.com/SECURITY/skey.html.
The 30-day trial version of the S/KEY client is available for 
Windows 3.1, Windows NT 3.5, 4.0, and Windows 95.  This version 
can be used with the previous Bellcore S/KEY freeware servers.  
After completing a short questionnaire to determine the users 
system requirements, the S/KEY software is easily downloaded.  
Complete documentation for the client and for the S/KEY system 
is included in the help files.	
	The growth of remote distributed computing and the 
increasing use of the Internet to access corporate computers has 
created unprecedented opportunities for password theft.  Hackers 
can easily capture a remote user's password, compromising other 
network sites.  Bellcore's S/KEY One-time Password 
Authentication software was developed to prevent this type of 
network eavesdropping.
	There are two sides to the S/KEY system - a server side 
and a client side.  The server generates a challenge after 
receiving the clients login request.  In response, the client 
generates the appropriate one-time password by combining the 
users personal pass phrase and a seed received in the 
challenge generated by the server.  This one-time password is 
what is sent over the network to the server.  After this one-
time password has been successfully authenticated, the client is 
granted access to the server and the one-time password is never 
used again.  Since an S/KEY user's private pass-phrase never 
crosses the network, and is not stored either on the client or 
the server side,  pass-phrases are never exposed to theft.
	According to Milton Anderson, Bellcore's director of 
Enterprise Network Security, Bellcores S/KEY system compares 
favorably with other network security systems, like electronic 
security cards.  The S/KEY system simplifies network security 
by eliminating the need to administer, maintain, and replace 
secure passwords and electronic card devices, said Anderson.  
The S/KEY servers store no secrets, so there is no extra 
security needed for the S/KEY system server.  The user accesses 
each S/KEY server using a different seed value, so there is no 
need for synchronization between servers or a secure network to 
access a centralized server.  The S/KEY clients don't store secrets 
either, so they can be distributed to users over the corporate 
network, just like other licensed software.
	The new Windows client has an extensive set of features 
to integrate with terminal emulators, dialers and Winsock, 
notes Anderson, so that in many cases a single click will allow 
the user to set up the connection to the corporate network, 
secure the connection, and pre-load a standard set of 
applications.
	The commercial version now being offered is backward 
compatible with the original Bellcore S/KEY software, which is 
in widespread use in industry, government and academia.  It also 
conforms to the new Internet Engineering Task Force standard for 
one-time passwords in RFC 1938, produced by a working group 
which Bellcore co-chaired.
	Bellcore, headquartered in Morristown, NJ, is a leading 
provider of communications software, engineering, and consulting 
services based on world-class research.  Bellcore creates 
business solutions that make information technology work for 
telecommunications carriers, businesses and governments 
worldwide.  Bellcore has sales offices throughout the U.S., as 
well as international offices in London, Miami, Hong Kong and 
Tokyo.  More information about other Bellcore products and 
services is available at its web site, http://www.bellcore.com 
or by calling 1-800-521-CORE.

S/KEY is a trademark of Bellcore
Microsoft is a registered trademark of Microsoft Corporation
Windows is a trademark of Microsoft Corporation
NT is a registered trademark of Microsoft Corporation

=====================================================================

This directory is maintained by Bellcore for the convenience of 
people using or building S/KEY(tm) systems.  S/KEY is a trademark
of Bellcore.

Other implementations of S/KEY code are included without comment
as a convenience to the S/KEY community.  These are included in 
the directories:
	nrl			software from NRL
	crimelab.com.1.1	software from crimelab.com

Other directories and their contents are:
	skey	Bellcore's S/KEY code for UNIX
	docs	Documentation including a paper on S/KEY authentication
		in postscript and troff form, and UNIX-style "man" pages
	dos	Things related to running on PCs
	mac	Mac software

The file skey-archive contains the archives of the skey-users mailing
list.
