In this paper we present the exponential security system TESS developed at the European Institute for System Security (E.I.S.S.) embedded in a package of freeware. The system has meanwhile been applied to some TCP/IP based services such as telnet, rsh and rcp supplementing these services with additional security features. TESS is based on the use of the one way function exp that had originally been described by Pohlig and Hellman and is the central feature in the well-known Diffie-Hellman key exchange protocol. The subsequent contributions by El-Gamal have indicated the multifeature capabilities of this proper one way function. Based on these results, the invention of the Beth-Schnorr-Zero-Knowledge Protocols in extension of the Chaum-Evertse-van de Graaf-Zero Knowledge Scheme has made authentication and signature procedures available, which support the view that the exponential one way function is a security primitive suited for supporting practically all mechanisms needed for the design of secure systems.

The implementation of the authenticated key exchange protocol KATHY within the Network Security System SELANE developed at E.I.S.S., Karlsruhe, based on the Günther-Bauspieß-Knobloch scheme forms an integral part of TESS, providing a universal security toolbox for access control, authentication, key exchange, confidentiality protection, digital signatures and verifiable distributed network security management. Its suitability for the incorporation in the X.509 Directory Authentication Framework as well as its free availability make it an interesting system to extend the features of KERBEROS or DSSA towards a proposed Open System Security Architecture.

A further mechanisms composed from TESS primitives is the Electronic Exponential Signature (EES) scheme. It had been developed for EDI purposes and banking applications already in 1989, when after an indepth study of up-to-date signature procedures, prior to the new U.S. standard, the superiority of the exponential scheme became apparent.