Open Identity Exchange (OIX) Certifies Wave’s Online Identity Service for Secure Authentication to Government Websites

Wave Joins Industry Leaders Google, PayPal, Equifax, Verizon, VeriSign and others in
Building Trust in the Exchange of Online Identity Credentials across Public and Private Sectors

Lee, MA October 5, 2010 — Wave Systems Corp. (NASDAQ:WAVX today announced that,  its identity service that enables strongly authenticated  single sign-on to web services and applications in the cloud, has been certified by the Open Identity Exchange (OIX), the first “trust framework” provider authorized by the US government. A trust framework provides a new way for one site to delegate the identity, security and privacy assurances to another site, thus simplifying a user’s interaction with multiple web services.

Traditionally, websites and online services utilize proprietary identity systems requiring users to register individually for every relationship they establish. New technologies now exist that open up the model to let users bring their own identity and login credentials to a website, instead of registering with a new username and password for every site and relationship.

“The Open Identity Exchange provides a critical business and legal framework to enable the ecosystem of Internet identity to prosper,” said Drummond Reed, Executive Director of the Information Card Foundation. “By brokering the certification of trust to a defined specification, an identity provider such as can, with a user’s permission, automatically log him or her into the many sites that participate in that framework.” 

With the certification of to the US Identity, Credential and Access Management (ICAM) specifications, Wave joins Google, PayPal, Equifax, Verizon and others as the first commercial identity providers authorized to provide login access to websites affiliated with the government such as the National Institute of Health (NIH) and the Library of Congress (LOC).

Wave’s service enables users to log in to web services securely without a username or password. What makes unique is that it is the only service that ties identity to the device. Credentials are stored in a closed cryptographic security chip called a Trusted Platform Module or TPM, which allows the machine to be identified to the web account. Once a user logs into his or her PC, logs the user into participating websites, while passwords and encryption keys remain locked away in the TPM chip, safe from any software-based attacks.

“As the first ‘trust framework’ provider for OpenID and Information Cards, OIX is providing a very important service for government agencies and users, and we’re pleased by their decision to certify as one of only a handful of trusted identity providers,” said Steven Sprague, CEO and President of Wave. “The cellular and cable industries realized more than a decade ago that secure device identity improves security and the user experience. With an installed base of 350 million TPM-equipped PCs, and the proliferation of sites that support OpenID and SAML, offers ease-of-use to users and peace of mind to the CIO.”

Earlier this year, the US General Services Administration (GSA) and the Identity, Credential and Access Management Committee (ICAM) approved OIX as the first trust framework provider to the US government. This provided OIX with the authority to issue certifications for the US ICAM LOA 1 trust framework to identity providers who are assessed to meet its identity, security and privacy requirements.  The National Institute of Health is the first US federal agency to move into production status to accept OpenID and Information Card credential issued by OIX-certified identity providers.

The US Government’s Open Identity for Open Government program was announced in 2009.  The first government pilots provide for electronic authentication of Open Identities at a Level 1for accessing government documents.  The National Institutes of Standards and Technology (NIST) publication 800-63 Electronic Authentication Guidelines defines four levels of assurance with Level 1 being the lowest level and Level 4 being the most strongly authenticated level.  While Wave’s OIX current certification is for Level 1, Wave’s objective is to provide solutions that can be certified at the higher levels of assurance based on the TPM security hardware.  Wave has joined the OIX Working Group for Level 2-3 Assurances.

Use of extends to users of PCs which include Trusted Platform Modules and have Wave EMBASSY Trust Suite client software.

About Open Identity Exchange
The Open Identity Exchange (OIX) is a neutral, technology agnostic, nonprofit provider of certification trust frameworks for online identity. Its certification credentials can be used across multiple sites, jurisdictions and networks. OIX was founded by grants from the OpenID and Information Card Foundations and support from companies including Google, PayPal, AT&T, Equifax, VeriSign, Verizon, and CA Technologies. For more information, visit

Wave Logo

About Wave Systems Corp.

Wave is a pioneer in hardware-based PC security that provides software to help solve critical enterprise PC security challenges such as data protection, strong authentication, network access control and the management of these enterprise functions.  Wave is a founding member of the Trusted Computing Group (TCG), a consortium of more than 100 companies that forged open standards for hardware security.  Wave’s EMBASSY® line of client- and server-side software leverages and manages the security functions of the TCG’s industry standard hardware security chip, the Trusted Platform Module (TPM) as well as hard drives that comply with TCG’s “Opal” self-encrypting drive (SED) standard.  Self-encrypting drives are a growing segment of the data protection market, offering increased security and better performance than most existing software-based encryption solutions.  TPMs are standard equipment on many enterprise-class PCs shipping today and have shipped on an estimated 300 million PCs worldwide.  Using TPMs and/or SEDs and Wave software, enterprises can substantially and cost-effectively strengthen their current security solutions.  Visit for more information.

Safe Harbor for Forward Looking Statements

This press release may contain forward-looking information within the meaning of the Private Securities Litigation Reform Act of 1995 and Section 21E of the Securities Exchange Act of 1934, as amended (the Exchange Act), including all statements that are not statements of historical fact regarding the intent, belief or current expectations of the company, its directors or its officers with respect to, among other things: (i) the company’s financing plans; (ii) trends affecting the company’s financial condition or results of operations; (iii) the company’s growth strategy and operating strategy; and (iv) the declaration and payment of dividends.  The words "may," "would," "will," "expect," "estimate," "anticipate," "believe," "intend" and similar expressions and variations thereof are intended to identify forward-looking statements.  Investors are cautioned that any such forward-looking statements are not guarantees of future performance and involve risks and uncertainties, many of which are beyond the company’s ability to control, and that actual results may differ materially from those projected in the forward-looking statements as a result of various factors.  Wave assumes no duty to and does not undertake to update forward-looking statements.

All brands are the property of their respective owners.

For more information please contact:


Wave Systems Corp.
Michael Wheeler