Protexx Solutions

Certified Identity Credentials serve an invaluable purpose in the managing of legitimate physical and logical access by personnel employed by, liaising or doing business with, sharing documents and information, either internally within the organization or with external agencies.

IDENTIFY

As part of the vetting process establishing true identity and the background of the person to receive the credential, the process must be absolutely “Trusted” in order to establish the basis of a successful program designed to ensure the integrity and legitimacy of the credential itself – regardless of what technology – e.g. digital photography, embedded finger prints and/or other bionic information that might be adopted as the standard. Once established, the credential bearer could be recognized/identified as the “real person” without equivocation.

For many reasons, the vetting and issuing process must be carried out by an External Trust Authority. Under a program developed by the Department of Defense, a very few private companies have been approved and designated to issue these credentials – obviously, under tremendous scrutiny because of the potential harm “factor”.

It is during the vetting/issuing process that the levels of security clearance, access permissions, need-to-know and other privileges could be established as per the requirements of the agency ordering the credentials.  Other agencies wishing to adopt the concept could then easily move towards a “federation” providing for interoperability.

VALIDATE:

Adding to the overall integrity of this program is the ability to authenticate the individual and certain devices (PC’s, Laptops, Phone, etc.) and also when involved processes such as data creation, transmission, access and sharing. By utilizing various methods such as multi factor authentication, asymmetric PKI, biometrics, out of band authentication, digital signatures and others, the ability to do so establishes the basis for an auditable trail of data communications.

 

AUTHORIZE:

The primary goal is to protect all data in motion from interception and compromise.  The problem of data at rest (the information that resides on hard drives, disk, tapes, etc.) is generally well managed by the IT specialists in their respective agencies and is not discussed herein.

Data in motion is that data which moves from the originating device until it reaches either the recipient or arrives at the first secure storage server in the link. Therefore, we are talking about all wireless communications, Cable-service connected data, WAN and LAN, Satellite and computer data card-cellular transmissions.

Banks and credit card companies traditionally use as a “standard” 128 SSL under the “https” tunnel or VPN. This level of security has been compromised almost 4 years ago and the software to help hackers crack this information appears as free ware on the internet for anyone to download.

Protexx utilizes asymmetric PKI based and delivered highly encrypted VPN’s which do not require compromising user name and passwords – which can be readily “sniffed” and compromised.

How would it work in a typical agency?

Once credentialed, the individual would be further identified through a multi factor authentication process to use a [authorized] device to access the data system. Every transaction is time/date stamped and added to the “trail”.

All data in motion would be encrypted preventing data loss through sniffing or interception.

Physical and logical access would be ongoing and dynamic, granting permissions as per the credential holder and  his/her need to know – this could  extend from the front door of the property all of the way to a particular document and the doors between.

NAVIGATE:

A program based upon Trusted Identity Credentialing combined with multi factor authentication and high level protection of data- in- motion utilizing asymmetric PKI based delivery of the requisite elements, will greatly contribute to the establishment of a secure Agency perimeter and at the same time provide a critical auditable trail. This process would virtually eliminate compromise resulting from unauthorized physical or logical access, sniffing and/or electronic interception.

Protexx Solutions

Certified Identity Credentials serve an invaluable purpose in the managing of legitimate physical and logical access by personnel employed by, liaising or doing business with, sharing documents and information, either internally within the organization or with external agencies.

IDENTIFY

As part of the vetting process establishing true identity and the background of the person to receive the credential, the process must be absolutely “Trusted” in order to establish the basis of a successful program designed to ensure the integrity and legitimacy of the credential itself – regardless of what technology – e.g. digital photography, embedded finger prints and/or other bionic information that might be adopted as the standard. Once established, the credential bearer could be recognized/identified as the “real person” without equivocation.

For many reasons, the vetting and issuing process must be carried out by an External Trust Authority. Under a program developed by the Department of Defense, a very few private companies have been approved and designated to issue these credentials – obviously, under tremendous scrutiny because of the potential harm “factor”.

It is during the vetting/issuing process that the levels of security clearance, access permissions, need-to-know and other privileges could be established as per the requirements of the agency ordering the credentials.  Other agencies wishing to adopt the concept could then easily move towards a “federation” providing for interoperability.

VALIDATE:

Adding to the overall integrity of this program is the ability to authenticate the individual and certain devices (PC’s, Laptops, Phone, etc.) and also when involved processes such as data creation, transmission, access and sharing. By utilizing various methods such as multi factor authentication, asymmetric PKI, biometrics, out of band authentication, digital signatures and others, the ability to do so establishes the basis for an auditable trail of data communications.

 

AUTHORIZE:

The primary goal is to protect all data in motion from interception and compromise.  The problem of data at rest (the information that resides on hard drives, disk, tapes, etc.) is generally well managed by the IT specialists in their respective agencies and is not discussed herein.

Data in motion is that data which moves from the originating device until it reaches either the recipient or arrives at the first secure storage server in the link. Therefore, we are talking about all wireless communications, Cable-service connected data, WAN and LAN, Satellite and computer data card-cellular transmissions.

Banks and credit card companies traditionally use as a “standard” 128 SSL under the “https” tunnel or VPN. This level of security has been compromised almost 4 years ago and the software to help hackers crack this information appears as free ware on the internet for anyone to download.

Protexx utilizes asymmetric PKI based and delivered highly encrypted VPN’s which do not require compromising user name and passwords – which can be readily “sniffed” and compromised.

How would it work in a typical agency?

Once credentialed, the individual would be further identified through a multi factor authentication process to use a [authorized] device to access the data system. Every transaction is time/date stamped and added to the “trail”.

All data in motion would be encrypted preventing data loss through sniffing or interception.

Physical and logical access would be ongoing and dynamic, granting permissions as per the credential holder and  his/her need to know – this could  extend from the front door of the property all of the way to a particular document and the doors between.

NAVIGATE:

A program based upon Trusted Identity Credentialing combined with multi factor authentication and high level protection of data- in- motion utilizing asymmetric PKI based delivery of the requisite elements, will greatly contribute to the establishment of a secure Agency perimeter and at the same time provide a critical auditable trail. This process would virtually eliminate compromise resulting from unauthorized physical or logical access, sniffing and/or electronic interception.