RSA: Microsoft Releases U-Prove CTP

Microsoft on Tuesday released a community technology preview (CTP) of its U-Prove cryptographic technology, as well as opened up its patented crypto algorithms under the company's Open Specification Promise (OSP).

The company also open-sourced two SDKs, C# and Java editions, under the Free BSD license for integrating U-Prove into open source identity selectors. The release will be accompanied by preview code integrating U-Prove with ActiveDirectory Federation Services v2, Windows CardSpace v2 and Windows Identity.

Scott Charney, vice president of Microsoft's Trustworthy Computing group, announced the U-Prove CTP during his opening keynote at the annual RSA Security Conference, under way this week in San Francisco.

"The idea is to get more people to embrace these kinds of technologies," Charney told attendees packed into the Moscone Center auditorium. "Then we can create the identity metasystem that [Microsoft] has been talking about for a while now."

The brainchild of Microsoft's ID access architect Kim Cameron, the identity metasystem is an interoperable architecture for digital identity that assumes people will have several digital identities based on multiple underlying technologies, implementations and providers.

Microsoft acquired U-Prove two years ago from Montreal-based privacy vendor Credentica. Developed by the company's founder, well-known security expert and cryptographer Stefan Brands, U-Prove is an encryption and authentication system designed to allow users to conduct secure digital transactions while revealing as little about themselves as possible -- a process called selective disclosure.

Brands, along with colleagues Greg Thompson and Christian Paquin, joined Microsoft's Identity and Access group at the time of Credentica's acquisition.

Microsoft is now working with a German organization on a prototype national ID card system based on U-Prove, Charney said. The company is working with the Fraunhofer Institute for Open Communication Systems in Berlin on a system that will give end users control over the amount of personal data they share. Germany is planning to issue electronic ID cards to its citizens in November.

Charney also talked about the growing security risks presented by cloud computing, and characterized it as a shared responsibility between the user and the cloud services provider. In fact, he said, the cloud has the potential to shift the balance of power between individuals and the state.

"Everything will go to the cloud if the vision is right," he said, "[including] your health records, your tax records, your diary -- which you'll want to access from all sorts of different devices. As we move more and more of this data to the cloud, it means governments and litigants can go to the cloud and get that data without ever coming to the citizen. The question is: Is that the right place to be or not?"

At one point, Charney added himself to the growing list of advocates for mandatory quarantines of malware-infected PCs. He likened consumers running malware-infected PCs to smokers exhaling second-hand fumes.

"The [Environmental Protection Agency] comes out with second-hand smoke [warnings] and suddenly smoking is banned everywhere," he said "You have a right to infect and give yourself illness. You don't have the right to infect your neighbor. Computers are the same're not just accepting [the risk] yourself. You're contaminating everyone around you."

Published by Microsoft in 2006, the OSP is Microsoft's "irrevocable promise not to assert" its patent claims on a list of technologies. Among other things, the OSP covers many WS specs (WS-Security, WS-Management, WS-Trust, etc.), as well as SOAP and WSDL specifications.

The new SDKs are available for download now. Developers can download the C# edition here or the Java edition here.

About the Author

John K. Waters is a freelance author and journalist based in Silicon Valley. His latest book is The Everything Guide to Social Media. Follow John on Twitter, read his blog on, check out his author page on Amazon, or e-mail him at


  • 2020 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Microsoft Shares Coming Windows Server 20H1 Improvements

    Microsoft recently detailed a few improvements coming to the next release of Windows Server, including faster PowerShell performance and a smaller container size.

  • The 2019 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generation of HoloLens, here's what's on tap from Microsoft this year.

  • Microsoft Bringing Teams to Linux in Preview

    A limited preview of the Microsoft Teams app is now available for select Linux desktop operating systems, making it "the first Microsoft 365 app" to run on Linux.

RCP Update

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.