Today’s method for Internet interaction was designed on the fly and built with limited knowledge of what the Internet was or what it would become. Browsers were designed to browse this wild new digital world in a “user-friendly” fashion. Browsers brought the public to the Internet by making navigation easy.
As the public came to the Internet, alleged secure portals were added to this browser-based environment. The decision to move secure services into a public environment granted access to known users and set in motion indirect assertion of identity. Indirect assertion of identity is guessing.
20 years ago, the drive was for Internet usage, not security. When security stood in the way of convenient public access to secure services, security was rejected as a hurtle to the adoption of services by consumers and security protocols were compromised to meet a business desire. In 2017 these “business defined security protocols” cost $600B in cyber damage.
The time has arrived to re-evaluate uninformed decisions from the past with knowledge garnered from years of experience. Browser-based access is designed for public activity not security. Accessing secure activity from a browser-based environment was, is and will continue to be a violation of security protocols.
For the purpose of this article, the following definitions apply:
- Existence is “having objective reality”
- An Aura is a physical device used as identification.
What is existence?
Existence is a unified interdependent system where the endpoint, server and communication are unified into a single process. The process is broken into two parts, an Aura and its environment. When the Aura comes into contact with the Internet, it is connected to its other half, the secure environment. When the Aura is removed, the connection ends.
The process permits an Aura owner to connect to any USB c compatible device anywhere anytime and a private portal winks into existence for “ultra-secure” communication. When secure activity is completed and the Aura is removed, the private portal winks out of existence. Similar to Einstein’s “Spooky Theory”.
How does existence-based access work?
- Insert the Aura: Connect the Aura into an Internet connected computing device. This begins the process of creating presence. While the Aura is connected to a computing device, it is present.
- Authenticate: The Aura contains the endpoint software. Once executed, a uniquely serialized virtual operating environment is created and the process of maintaining a state-of-existence begins by connecting to a Pre-Authentication server to be validated.
- Pre-Authentication process:
- Challenge and response process between the Pre-Authentication server and the Aura
- Path to the location of secure services is returned to the serialized environment
- The serialized environment connects to the secure services location
- Connection to Existence Server:
- Check connection type, anything other than an Aura operating environment is rejected
- Services connect to Pre-Authentication server setting up triangulation
- Serialized environment allows application of role-based protocols prior to loading a login process
- Triangulated monitoring of the process begins verifying that all elements remain present throughout secure activity
- Perform Secure Activity: starting with an identified individual prior to login allows knowledge data to be validated along with the presence of the Aura
- Remove Aura key: The removal of the Aura ends the owner’s presence at the secure service provider
- Secure Environment Vanishes: Once the Aura is removed the serialized virtual operating environment implodes leaving no footprint on the computing device being used.
The existence environment is an empty container much like a bottle. When a bottle is filled with milk, soda, juice, etc. it is referred to by the content of the bottle. You go to the refrigerator for milk, soda or a juice never thinking about the container, be it a bottle or can.
Similarly, existence containers take on the properties of what is loaded into them, much like the bottle. Secure Aura is introducing a blockchain payment system in an existence container, so it becomes an “Existence-based Payment System”. Cyber Safety Harbor offers a communication suite for messages and file transfer, so it is an “Existence-based Communication Suite”.
It does not matter what is loaded into an existence solution. The key to the system is the ability to:
- Remove public access to secure services
- Identify an Aura before granting access to a portal
- Apply role-based access prior to user interaction
- Evaporate when access is completed leaving the only record of activity within the secure environment
The breaches of the past have destroyed any value of data credentials. Existence is focused on protecting the use of data by providing a second unique factor for authentication. Existence can be initially deployed in parallel to existing infrastructure providing a method to verify presence before executing a transaction. (If I’m not present, it is not me.)
Once presence is applied, secure services can migrate into existence based-access for interaction. As existence’s functionality is fully realized, it creates a closed secure existence community of known users thus, improving overall data security. With the removal of public access, monitoring granted access become manageable.
Computer science is binary. Therefore, authentication is a binary decision:
- Indirect Assertion of Identity that uses complex data and the hope that the owner of the data is the entity presenting it
- Direct Assertion of Identity that bases access on a state of existence via a serialized private portal
Indirect assertion of identity is fully mature with over 20 years of history. The result of guessing as an authentication protocol has proven results. “”. $600 Billion divided by 365.25 equals $1.6 Billion per day in cyber damage. An existence solution would cost less!