RSA: Microsoft Releases U-Prove CTP

Microsoft on Tuesday released a community technology preview (CTP) of its U-Prove cryptographic technology, as well as opened up its patented crypto algorithms under the company's Open Specification Promise (OSP).

The company also open-sourced two SDKs, C# and Java editions, under the Free BSD license for integrating U-Prove into open source identity selectors. The release will be accompanied by preview code integrating U-Prove with ActiveDirectory Federation Services v2, Windows CardSpace v2 and Windows Identity.

Scott Charney, vice president of Microsoft's Trustworthy Computing group, announced the U-Prove CTP during his opening keynote at the annual RSA Security Conference, under way this week in San Francisco.

"The idea is to get more people to embrace these kinds of technologies," Charney told attendees packed into the Moscone Center auditorium. "Then we can create the identity metasystem that [Microsoft] has been talking about for a while now."

The brainchild of Microsoft's ID access architect Kim Cameron, the identity metasystem is an interoperable architecture for digital identity that assumes people will have several digital identities based on multiple underlying technologies, implementations and providers.

Microsoft acquired U-Prove two years ago from Montreal-based privacy vendor Credentica. Developed by the company's founder, well-known security expert and cryptographer Stefan Brands, U-Prove is an encryption and authentication system designed to allow users to conduct secure digital transactions while revealing as little about themselves as possible -- a process called selective disclosure.

Brands, along with colleagues Greg Thompson and Christian Paquin, joined Microsoft's Identity and Access group at the time of Credentica's acquisition.

Microsoft is now working with a German organization on a prototype national ID card system based on U-Prove, Charney said. The company is working with the Fraunhofer Institute for Open Communication Systems in Berlin on a system that will give end users control over the amount of personal data they share. Germany is planning to issue electronic ID cards to its citizens in November.

Charney also talked about the growing security risks presented by cloud computing, and characterized it as a shared responsibility between the user and the cloud services provider. In fact, he said, the cloud has the potential to shift the balance of power between individuals and the state.

"Everything will go to the cloud if the vision is right," he said, "[including] your health records, your tax records, your diary -- which you'll want to access from all sorts of different devices. As we move more and more of this data to the cloud, it means governments and litigants can go to the cloud and get that data without ever coming to the citizen. The question is: Is that the right place to be or not?"

At one point, Charney added himself to the growing list of advocates for mandatory quarantines of malware-infected PCs. He likened consumers running malware-infected PCs to smokers exhaling second-hand fumes.

"The [Environmental Protection Agency] comes out with second-hand smoke [warnings] and suddenly smoking is banned everywhere," he said "You have a right to infect and give yourself illness. You don't have the right to infect your neighbor. Computers are the same're not just accepting [the risk] yourself. You're contaminating everyone around you."

Published by Microsoft in 2006, the OSP is Microsoft's "irrevocable promise not to assert" its patent claims on a list of technologies. Among other things, the OSP covers many WS specs (WS-Security, WS-Management, WS-Trust, etc.), as well as SOAP and WSDL specifications.

The new SDKs are available for download now. Developers can download the C# edition here or the Java edition here.

About the Author

John K. Waters is the editor in chief of a number of sites, with a focus on high-end development, AI and future tech. He's been writing about cutting-edge technologies and culture of Silicon Valley for more than two decades, and he's written more than a dozen books. He also co-scripted the documentary film Silicon Valley: A 100 Year Renaissance, which aired on PBS.  He can be reached at


  • Skytap on Azure Service Adds Options for Apps Running on IBM Systems

    Applications that use IBM Power processors in "on-premises" datacenters can now be moved to Microsoft Azure datacenters via a "Skytap on Azure" service, according to Thursday announcements by both Microsoft and Skytap.

  • Microsoft Didn't Remove the SMB1 Protocol from Windows

    Microsoft explained in a Wednesday announcement that it didn't actually remove Server Message Block 1 (SMB1) from Windows releases.

  • Exchange Online Users Get More Caveats on Basic Authentication's End in October

    Microsoft on Tuesday offered more details on its plans to end Basic Authentication in Exchange Online, which will cause pain for some organizations.

  • How To Install the Windows 10X Emulator

    Earlier this month, Microsoft released a public preview of Windows 10X, a spinoff of the Windows 10 operating system that's designed to run on the forthcoming multiscreen Surface devices. Here's how to take it out for a spin.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.