Vienna, Va. (September, 2004):
Under an Advanced Concept Technology Demonstration (ACTD) Program co-sponsored by Defense Information Systems Agency (DISA) and the Office of the Secretary of Defense Advanced Systems and Concepts, US Forces Combatant Commanders’ relayed their desire; a simple and reliable tool which could serve as a secure memory aide in the generation and recall of cryptographically strong passwords in Coalition environments.
An ACTD program is a formal DoD effort that rapidly evaluates and matures commercial technology to meet urgent needs of its warfighters. The ACTD surveyed the commercial marketplace for something similar to the technology requested and found a close fit with the Mandylion Password Managers already in use by many DoD activities.
The ACTD identified the Mandylion tokens as a fresh approach to the password management problem. Believing that the technology showed promise, the ACTD invited Mandylion to participate. Mandylion had no idea, however, of how thoroughly its product would be evaluated, tested and matured in this program.
"Upon the delivery of the first set of requested changes to the technology, Mandylion tokens were pressed into service in a worldwide Military exercise called Joint Warfare Interoperability Demonstration (JWID). The Mandylion tokens received a significant amount interest due to its uncannily simple approach to a very complex and daunting problem, password management.
In actual tests, the warfighters gave the technology high grades for its effectiveness and utility.
With this positive feedback from the exercise, the ACTD set up a program to further test the technology in actual field environments while at the same time continuing with its development. 60 DoD activities encompassing all Services and fields of endeavor, from Joint Forces Command activities to the Services Research Labs were identified and approached to participate in the evaluation program. The evaluations commenced in November 2003 and concluded in July of 2004.
The key questions that the ACTD sought to have answered by these evaluations was 1) Was the technology an improvement over what they were currently using to manage their passwords; 2) Did they have alternatives; 3) What would improve the technology; and finally 4) How interested would the sites be in deploying it once it became commercially available. All responses gave the technology high marks for its usability and utility. All sites felt the use of the tokens was a clear improvement over existing methods. All had a desire to immediately deploy the technology in operations.
The feedback provided by the field testing was invaluable.
It matured the technology from “cult gadget” into a true enterprise “tool”.
The new token is actually now a platform with a
great deal of configuration and integration
options. It comes with configuration software and
cradles which now allow an administrator to quickly
and securely configure multiple tokens on behalf of
a group of users. The login policies, user screen
names, and the generation, storage and update of up
to 50 simultaneous login records can now managed
with this next generation token
Compliance with Directives
“In addition to the customer exposure, another benefit of participating in the ACTD is the acceleration of product and technology certifications” stated Mr. David Schoenbrot, Vice President of Mandylion. “With the desire to mature and field successful ACTD technology as rapidly as possible, OSD and our Co-Sponsor DISA, provided invaluable mentoring throughout the various certification and policy reviews” added Schoenbrot.
As it turns out, because the Mandylion technology is not needed to either enforce or enable IA, it required no special certifications for routine use on almost any DoD system. according to the DoD
Directive 8500. The Department of the Army issued
Army Regulation 25-IA in the Fall of 2003
officially sanctioning the use of password
generator tokens, when they are used as memory
Transition from Development to User
Once a technology is matured, the goal of an ACTD shifts from development to transition; to get the technology to the warfighter. The ACTD is currently at that stage with the Mandylion Technology. All efforts are now focused on getting this proven technology that it has been matured to the warfighter as quickly and broadly as possible.
To that end, the ACTD has developed a formal transition and deployment strategy for the Mandylion Technology. In expending OSD resources on the transition, the ACTD hopes that the "early adopters” will further champion the technology within the Services and encourage its even wider adoption within the DoD community. With wide spread use of the technology, the ACTD will have accomplished its mission; identify and mature commercially available technology that meets an identified pressing need and deploy the technology to the warfighter
to meet that need identified.
About the Technology
Mandylion Labs’ developed and patented this innovative and inexpensive password manager in a 6 year development effort. It is a key chain sized device that helps any user instantly create cryptographically strong passwords that immediately work with
any web site, login or system. To insure purely random passcodes, algorithms embedded within the token’s firmware continuously sense and take input from the user's random and unique interaction with the device. This random data is utilized by the algorithms in generating passwords which can be throttled to meet any password policy as to length, composition and renewal period.
A key feature is that the device functions as a memory aide to the secure and convenient
storage of a user’s passwords along with their
automatic update. The technology was designed to do away with the inherent weaknesses traditionally associated with the use of passwords; namely the individual being asked to create, remember and regularly change their passwords. Passwords created with the device thwart all known brute force and dictionary type hacking attacks.
Originally developed for U.S. military and national security applications, more advanced versions of the device have the ability to embed user identifying watermarks within the passwords generated. The biometric version of the unit can asymmetrically bio-authenticate the individual logging in to an ordinary web site.
About Mandylion Labs
In 1998, Mandylion Labs originated a simple and intuitive concept toward password management. Today, we're a recognized as the leading innovator in access control utilizing durable password techniques. Government, Corporations and ISPs use our solutions to reduce the cost and complexity of managing their access control systems in the Window NT and Unix and Linux environments while increasing the enterprise's entire baseline of data security. Mandylion products provide organizations with a least cost compliance tool with the information assurance requirements of
Sarbanes Oxley, Gramm-Leach Bliley, FISMA (Federal Information Security Management Act).
The Company is located in Vienna, Va. Our number is 703 – 628 4284.
Our e-mail address is