System Architecture

The role of the Security Agent Eco-System is: 1) The creation, distribution and management of agents; 2) Secure communication between agents and authorities over a network; 3) The means to tag, certify, revoke and validate of data ownership and integrity of any data or content. A less abstract visual depiction of the Security Agent System architecture is presented below:

In summary, Security Agents and their related Eco-System present the means and mechanisms for creating a new model of enhanced cyber security effectiveness.

A Security Agent System creates Security Agents and secures the network for communication between agents and should at a minimum include the following properties:

  1. User Centric: The eco-system must serve the data protection needs of the User, for after all, it is their data
  2. Agreement Based: The use, reuse and sharing of data must be explicitly agreed to between owners of data and any relying party
  3. Zero Knowledge Verification: The validating system should by design have no knowledge of, or access to, any User or Authentic Attribute Authority data. That is, any actors (claiming and/or relying parties) should be able to both assert and rely upon claims made, without needing access to plain/unencrypted data. This is a much more stringent provision than the often sited, but much weaker ‘principle of least privilege’, whereby plain data is conceptually only shared/exposed on a needs-to-know basis.
  4. Dynamically Extensible Data Sets: In order to facilitate the confidentiality and integrity of all exchangeable data, the data certificate/certification infrastructure must be capable of dynamically assembling (in real time) data sets of any size.
  5. Authority Enabled: A systematic means of registering the ownership of data and objects (Registration Authorities) as well as a means of zero knowledge validation (Authentic Attribute authorities).
  6. Revocation and Validation: Both relying and claiming parties require mechanisms to both validate data as well as assess revocation, either in real time, pseudo real time (i.e. next session) or statically(data that is simply signed) depending on the nature of the data.
  7. Networkable Public Key Infrastructure: User friendly key management (i.e. operating in the background/not requiring user action), seamlessly networkable to provide an Internet scalable key distribution architecture.
  8. Secure Agent Production and Distribution: In order for the agency to update its agents in a secure manner, the system must establish attestation mechanisms sufficient to ensure trustworthiness.
  9. Secure, Application Aware and Diversifiable Network Protocol. The security weaknesses of SSL are well documented and as such a more secure protocol is required for obvious reasons. Furthermore, the creation of a more robust network protocol can strengthen security well beyond simply eradicating SSL deficiencies, such as phishing attacks. For example, by diversifying the network protocol, making it user/SP, or user/SP session specific, users without protocol access rights would not even elicit a server response (i.e. server returns an error) The benefit of this capability would be a much harder to probe/hack server environment. Further, the lack of login and/or other page accessibility to attackers eliminates brute force attacks and adds yet another hurdle for server vulnerability probing, both of which could be utilized to protect for example the servers, or administrative consoles of critical infrastructure servers.
  10. Internet Scalable Identity Infrastructure. The Internet must evolve its current view of Identity as really nothing more than a system specific unique identifier towards an identity aware, but anonymous as required, infrastructure. In our model this would be accomplished by binding a user’s identity to their agent and through the validation of Personally Identifiable Information (PII) either by an Authentic Attribute Authority such as the passport office or through the use of pseudo Authentic Attribute authorities such as Equifax, Experian, TransUnion etc.

Federate Networks’ system provides foundational technologies to securely connect users, data, content, systems and code “from here to there (network), from now until then (storage), from one to another (runtime) and on this and on that (form factor)”.

While many security companies focus on smaller pieces of a bigger puzzle, Federated Networks believes that cyber-security is all-or-none. In other words “you can’t lock your doors and leave your windows open” and expect to be secure. Recognizing this reality, FN is leading the way by delivering cyber security infrastructure that comprehensively protects against network software security’s most pervasive threat vectors. Take a look at the seamless, end-to-end technology architecture of the FN Connect Securely™ Framework.

Each of the FN Connect Securely components provides an essential set of services, but each element is ancillary to the effectiveness of the whole. For a cyber security solution to be truly effective, it needs to act as one virtual system with none of the seams that create natural attack vectors for hackers to exploit. Importantly, the systems decision-making and decision-enforcement capabilities must be both unified and agreement enabled. More than the sum of its parts, FN’s “one system, no seams” cyber security software shuts down all paths of least resistance, making it unbeatable and unhackable.

EFFECTIVE SOLUTIONS

THE BUSINESS CASE

TECHNOLOGY

Connect secure to all things digital, with uncompromising security, privacy and trust.

Copyright 2012. Federated Networks. All rights reserved.

This feature will be available Spring/Summer 2012.

For more information please Contact Us.

 

FN Secure Agent™

FN's unhackable client enables users to connect securely to all things digital. This gives you full control over the privacy and confidentiality of your data. Files, passwords and online communications including email and social networking are 100% secure.

 

Meta Certificate Authority Services™

FN's Application Security Level Protocol ("ASL") supports a heterogeneous group of agents, each of which can securely perform their roles in a networked PKI system. FN's Meta Certificate Authority services enables the confidential (with zero knowledge) exchange, validation, verification and secure protection of evolving and unbounded data definitions, the data itself and multi-party agreements, in full compliance with social, economic and legal norms and regulations.

Important differences between FN's revolutionary Meta Certificate Authority Services™ vs. existing Certificate Authority solutions include:

Meta Certificate Authority Existing Certificate Authority The FN Advantage
Zero Knowledge Full Knowledge Supports private/confidential data
Dynamically Extensible Static Real time modification to reflect changing user data
Real-Time Revoke Revoke List "Challenges" Globally scalable (Important for identity and other business critical services.)
Natively Supports Sec DNS Sec DNS is New Undertaking No instantiation problem
Multi Party Agreement Single Party Policy Agreement-based enforcement (Singleton decision-making and decision enforcement.)
No Single Root Single Root Compromised private key does not compromise whole system
Fails Gracefully Fails Hard Distributing new keys is seamless
 

Cloud Connect Security Services™

FN has a unique zero-knowledge system that secures the authenticity and integrity of business critical data against both external (hacking) as well as insider threats (rogue employees). Unparalleled end-to-end security coupled with an extremely low footprint implementation (including site hosted as well as cloud services) creates a highly compelling enterprise security solution.

 

Authentic Attribute Authority Services™

FN's security solution establishes an authority to validate the authenticity of data in social, economic and legal contexts. This advanced solution ushers in a new era of cyber confidence and trust for today's evolving world of web-enabled interactions. FN's Authentic Attribute Authority Service can confirm, with certainty and without any knowledge of the actual data, the representations of any party simply by checking with the data attributes owner.

Real-life applications include:

  • An employer being able to verify the degree and graduation status of a person representing their Ivy League education.
  • Conducting a zero-knowledge verification of a business tax ID number with the Revenue Agency to authenticate that a person validly represents a business.