We solved the world's cybersecurity problem - this is we how did it (Part 7)
AMULET? (OC-DAPS) and 'Nomes? (RC-DAPS) technologies together form the Certitude Digital Asset Protection Suite

We solved the world's cybersecurity problem - this is we how did it (Part 7)

Device-independent personal identity authentication (requires no hardware)

The cross-device hardware-independent personal identity capture and authentication modules of 'Nomes? technology can be used to permanently solve identity issues in tens of thousands of applications and situations (and probably many more). We will package these up in flexible user-friendly apps and utilities easily modified to suit specific needs.

Device identification and authentication

The multidimensional device identification capabilities of AMULET? technologies include not just the ability to rigorously and reliably identify and validate any intelligent device, but also all of the circumstances, environment, and history of the device. This capability can be distributed as modules and apps for use by an untold number of applications and processes needing this service and ability.

Digital asset enciphering/deciphering (keyless and multi-layer)

The keyless, multi-layer, multi-encryption enciphering capabilities of AMULET? technologies never produce from a given source the same result twice (or of the same length) any of the times it may be encrypted, even when doing so sequentially microseconds apart on the same device. For speed, reliability, portability, applicability, and security, no other enciphering technology even comes close. These capabilities can be bundled and presented as apps or utilities other software can leverage - these capabilities can also be implemented in firmware.

View/playback obfuscation technologies

Our suite of view and audio/video playback obfuscation technologies, as well as their copy-tracking and identifier-injection features, are exemplified by our Kaleidoscope application and can be rendered as independent modules that third-party software developers can then license and afterwards include and call in their applications.

Proving entitlement to a package before delivery without surrendering identity

Our 'Nomes? technology supports a unique capability where it is possible for the intended recipient of a 'Nomes?-enciphered digital asset being stored on an agnostic third-party server not under control of the sender to prove that the claimant is in fact the intended recipient. This saves network bandwidth, because the server is not required to send the digital asset to something which is not entitled to it.

This feature is possible because in the 'Nomes? enciphering process the intended recipient is baked into the digital asset. There is a phase of that process where a hash of enciphered recipient metadata can be set aside. The recipient can render the same hash and enciphering on the copy of the same metadata they are already in possession of, and if that result matches the one set aside in the digital asset, the claimant and the intended recipient are also a match.

This capability can be rendered into modules and made available to IT administrators, service providers, server host providers, and third-party software - it is especially useful to help mitigate Distributed Denial of Service (DDoS) attacks on networks.

How did cybersecurity ever go so far south?

All roads lead to IBM

All cybersecurity problems today have as their common origin a single set of excuses from IBM, one of the richest and most powerful companies on Earth at the time. 1980: "Processors are too slow; we don't have enough memory or storage space. And we don't have the network bandwidth to do security right." You never want to give a mercenary Fortune 10 company even a remotely-plausible excuse not to do the right thing if you can possibly avoid it because the results are never pretty. And the 600 billion dollars we will suffer in cybersecurity losses this year alone are the direct price we all have to pay for IBM leveraging that excuse beginning nearly forty years ago.

[By the way, as to that original excuse: in 1980, Moore's Law was fully in effect, which says that computing processing power (and by extension, speed and capacity) double every two years (later reduced by Intel to eighteen months). All IBM would have had to do was wait eighteen months, and all those excuses would have gone away. Our staff is on average considerably more intelligent than the same average across IBM's engineers, but they had 50,000 times as many people available they could have applied to the problem than we did. We were able to successfully analyze the problem domain, and architect and prototype what turned out to be a comprehensive and effective whole-cloth solution to all of the cybersecurity problem in approximately one year (2,000 man-hours), not counting implementation (which for a company the size of IBM is far more trivial than it is for a company with a staff of three).

[But as has been their consistent history, IBM wasn't about to forego one thin dime of the year-over-year nine percent gain in profits they were raking in at the time just to do anything the right way. And so, for the want of a year's labor ($100,000 at the time), the discipline to wait for technology to catch up, and 35 or so points in lower average employee IQ committed at the appropriate time, the entire world now suffers 600 billion dollars every year in preventable cybersecurity losses. Greed trumps intellect (a true shame in humans, given that greed is merely an amplification of the survival instincts emanating from the primitive brain stem - no different than what many lower forms of life bring to the table).

[Now, if you are inclined to go to IBM's defense with yet another excuse, say something like "Hindsight is 20/20, and IBM couldn't have known what was coming even though they controlled all aspects of the industry at the time", let me ask you a simple question. Our tiny little company with pathetic resources anticipated and started solving all of these problems twelve years ago so that the results of our efforts would coincide with what we predicted would be the period of greatest need. How do you reconcile your excuses for IBM with the proven fact that a few intelligent, yet un-empowered, random people could accomplish what we've done?]

IBM and their imitators set the model and tone for hacker profiteering

We've used IBM as a metaphor for the behaviors of it and a number of other bad actors (CA, FireEye, Symantec, and McAfee, among others) who want to emulate IBM, or at least IBM's success back in its glory days. And that mimicry, especially in the derivative cybersecurity approaches and products that have evolved from it, has contributed significantly to the problem. There hasn't been any real innovation in cybersecurity in over four decades - all development in the area has gone into more sophisticated forms of encryption (fancier padlocks on a toolbox, which thieves circumvent by just picking up the toolbox and walking away), creating more elaborate eggshells around bigger and bigger piles of stuff (piles that attract and motivate hackers, who then bring their better tools, brains, and focus to the eggshell), and after-the-fact breach analysis, Maginot-Line-style let-the-hackers-lead-the-dance threat vector analysis, and my personal favorite, erecting a bunch of false passageways on a server (which tells a hacker exactly where all the good data is buried - looking at you, FireEye... Gee, guys, why don't you just erect a massive pyramid in the middle of an empty desert and put all your gold in it and in your case throw in a neon sign or two hackers can easily recognize? BTW, how did that 5,000-year-old technology work out for the Egyptians?).

Previous articles about industry corruption and ineptness

We've described some of the industry's cybersecurity problems and their causes in some of our earlier articles:

·      In "David Versus the Greediest Goliath" (https://www.dhirubhai.net/pulse/david-versus-greediest-goliath-f-scott-deaver/), we take a lighter, less-technical approach

·      In "AMULET? intellectual property protection versus Container-Related Asset Protection (CRAP)" (https://www.dhirubhai.net/pulse/amulet-intellectual-property-protection-vs-asset-crap-f-scott-deaver/), we take a more serious look at the sheer stupidity of aggregating individually-unprotected digital assets into bigger and bigger piles and then trying to protect the piles with the latest derivative of the same failed technologies that didn't work the first time

·      In "IBM, CA, Symantec, McAfee: The Car-Jackers of Cybersecurity" (https://www.dhirubhai.net/pulse/ibm-ca-symantec-mcafee-car-jackers-cybersecurity-f-scott-deaver/), we examine some of the odds of taking a cybersecurity loss today as compared to how losses are managed in the automotive industry

·      In "Encryption is NOT the panacea IBM is telling you it is" (https://www.dhirubhai.net/pulse/encryption-panacea-ibm-telling-you-f-scott-deaver/), we take a gander at the silliness of relying on encryption as the "be-all-and-end-all" answer to any cybersecurity problem

·     Other related (and topical) articles you might find interesting: "Mark Zuckerberg, call me. Of course, you are Facebook, so while you should, you won't (kinda like you treat user privacy)" (https://www.dhirubhai.net/pulse/mark-zuckerberg-call-me-f-scott-deaver/), and "On intellectual property and cybersecurity: Why not DRM?" (https://www.dhirubhai.net/pulse/intellectual-property-cybersecurity-why-drm-f-scott-deaver/), and "Of high heels and Afghan poppies" (https://www.dhirubhai.net/pulse/high-heels-afghan-poppies-f-scott-deaver/) and "Should Consumer Reports Set Cybersecurity Standards?" (https://www.dhirubhai.net/pulse/should-consumer-reports-set-cybersecurity-standards-f-scott-deaver/) and "At This Very Moment, Five Percent of Your Workforce Is At Least Considering Some Form of Corporate Revenge Porn" (https://www.dhirubhai.net/pulse/very-moment-five-percent-your-workforce-least-some-form-deaver/).

A harsh reality: Cybersecurity is in the state it is in today for no other reason than all the industry giants we paid all those hundreds of billions of dollars over the past forty years have failed miserably to do what they were paid to do.

Period.

It is simply amazing to me that day-after-day, week-after-week, month-after-month, year-after-year for forty long years a company could prove itself to be nothing but an abject failure on the topic of cybersecurity, and yet clients still buy the empty promise that the company's next great product is going to actually work this time and solve all of the problems their failures of the past created.

Next installment: Profiteering from hackers through captive server clients (Part 8)

Previous installment: The Holy Grail of personal identity authentication (Part 6)

Copyright ?2018 F. Scott Deaver. All rights reserved.

要查看或添加评论,请登录

社区洞察

其他会员也浏览了