S/KEY uses one-time passwords instead of hardware security tokens for secure remote access to computer and telecommunications networks. The software generates a new password at each login through a cryptographic scrambling process. The password never crosses the network and is not stored in either the client or server machines.
S/KEY is generally licensed to security administrators for corporate, government, and academic networks for dial-in access by remote users. S/KEY is also licensed as a toolkit for developers of servers and firewalls to embed in their products.
"This version of S/KEY is easy for security administrators to set up and easy for end users to use the client software," said Milton Anderson, Bellcore's director of enterprise security. S/KEY System 2.6 is easier to use, more secure, and adds more administrative options, the company said.
The new version adds support for Windows 95 and Windows NT 4.0, although it previously supported other versions of Windows. It also is available for Unix platforms including IBM's AIX, Hewlett-Packard's HP-UX, Silicon Graphics' IRIX, and Sun Microsystems' SunOS and Solaris. A Macintosh client also is available.
S/KEY is priced from $30 per user for the client software and $40 per user for the server software, with volume discounts.
S/KEY complies with the Internet Engineering Task Force (IETF) standard for one-time passwords. Bellcore cochaired a working group that produced the standard.
Bellcore, created in 1984 as the research arm of the seven regional Bell operating companies when AT&T was broken up, has served as a research brain trust for many developments in telecommunications.
In a deal announced in November 1996, Bellcore is being sold to Science Applications International Corporation (SAIC), a major, privately held technology firm. Pending regulatory approvals, the purchase is expected to be completed by the end of 1997. No financial terms have been announced.