040309 Site Copy Scratchpad - Instigations

superfluitysmackoverSécurité

23 févr. 2014 (il y a 3 années et 8 mois)

73 vue(s)

Site Copy Scratchpad


OsmiumGroup.org


Setting the standards for secure information appliances


Reception Area

The Osmium Standard

About Us

News


Sponsorship


Osmium Compliant Products

Compliance Testi
ng

Contact Us


The Osmium Standard


Identity Is The Foundation Of Security



Nothing we do with computers, cell phones, PDAs or other information appliances will be
secure until there is a sound way to keep files, directories, keys, identifiers, and other important
items in a truly protected space.

Many organizations including
Wave Systems, Phoenix Technologies, Microsoft, Intel and
others have attempted to build secure repositories for private keys into our computer hardware.
Others such as Sun Microsystems and Vita Nuova have built software
-
only virtual machines that
isolate t
he memory spaces where programs operate.

Each of those efforts is a step in the right direction. Each “adds security” to the machine on
which it operates.

Real security will require an architecture that addresses vulnerabilities that come from other
parts

of our world of information and communication. Real security calls for an integrated system
that allows the user to determine whom to trust, and that uses a reliable source of identity
credentials. True security requires that VPNs to which our information

appliances connect are
reliably closed networks, not just “tunnels” that are open at the ends.

The Osmium Standard
applies to the elements of a Public Key Infrastructure which reside
within the hardware and operating system of a client, whether a personal

computer, PDA,
telephone or other information appliance.

Osmium requires not only that private keys be stored securely, but that there are no loose
ends in anything to which the information appliance connects.

About Us

The Osmium Group was founded in 20
04 to define and manage the Osmium
Standard for computer and information appliance security. The Osmium Standard
is part of the Quiet Enjoyment Infrastructure, documented in the book
Quiet
Enjoyment
,
by Wes Kussmaul
.

Specifically,

the Osmium Standard applie
s to the elements of a Public Key
Infrastructure which reside within the hardware and operating system of a client,
whether a personal computer, PDA, telephone or other information appliance.


The Osmium
Team

Led by _________ and ___________, the Osmium G
roup reflects the highest
standard of professional qualification in operating system design.


VIVOS.org


Identity Is The Foundation Of Security


Need reliable identities right now? VIVOS®
and VIVA™ deliver
.


After spending millions of dollars on network security, corporations still have major
security problems.


Meanwhile, your ATM card allows your bank to dispense cash with confidence from a
mac
hine on a city sidewalk.


The technology used by your ATM card is more ancient than the floppy disk. So why
are bank ATM networks generally secure, while corporate information networks, in
spite of continuous investment in the latest security technology, a
re barely able to
keep ahead of intruders?


The difference is not one of technology. The difference is one of outlook, philosophy,
and architecture.


Your bank's ATM network starts with the premise that knowing who you are is the
foundation of security.


I
f a trusted co
-
worker asked you to share your ATM card and associated PIN, what
would you say? Of course, they would never ask in the first place.


If that co
-
worker asked you for your network password, what would you say? In
many companies, collaborative
work gets done by sharing access

credentials.


Identity is the foundation of security. Let our VIVA™ Enrollment Services and
VIVOS® Enrollment Workstation help you make your company's precious information
resources secure
--

and manageable:



through strong establishment of identity and



by designing and building online spaces on a foundation of strong identity.

Reception Area

VIVA™ Enrollment Services

VIVOS® Enrollment Workstation

About Us

News


Contact Us


VIVA™

Enrollment Services


The Importance of Reliable Identity


Identity Is The Fo
undation Of Security™


Who is using your company’s VPN?

Is that really your supplier’s employee? Or does he work for your competitor?

How do you know?

Now, with VIVA™, you can establish the identity of anyone, anywhere in the
world, and issue secure networ
k access credentials.


VIVA


WORLDWIDE FACE
-
TO
-
FACE IDENTITY VERIFICATION


What good is an identity management system if the identities it manages are not reliable?


Whether you need to convene an online meeting or allow individuals around the
world to hav
e access to your company's files and network resources, you need to
know that people are who they say they are. You need to establish their identity.


Until now, there has been no efficient way to do that.


Now, the
Village Identity Verification Agency

b
rings consultants, contractors,
personnel from partner organizations
--

literally anyone
--

into your network in the
secure knowledge that they are who they say they are.


In doing so, we use all the important technology one would expect: biometrics,
digi
tal certificates, smart cards and other hard tokens. But the essence of the
process has nothing to do with technology. We bring your candidate face
-
to
-
face
with a qualified authentication professional. Our professionals have



The legal accountability of a
public official



An established professional background of reliability



Training in verification of identity credentials



Knowledge of the process of certificate and token issuance

We are a Founding Partner of the International Association for the Certifi
cation of
Authentication Professionals (
ICCAP
), which sets uniform worldwide standards for the
practice of identity verification. ICCAP solves the problem of the
huge vari
ation in
notary standards

with an additional layer of certification which is consistent in any
jurisdiction.


Click below if you would like more information about how the Village Identity
Verification Agency can help you make your team more effective thr
ough strong
authentication.


Identity is the foundation of security. Let VIVA™ make your company's precious
information resources secure
--

and manageable:


VIVOS
®

Enrollment Workstation


Identity Is The Foundation Of Security™




The VIVOS® Enrollment
Workstation


VIVOS
® is a transportable integrated system of hardware and software that lets you, the
authentication professional, quickly and easily verify and record the identity of an individual and
issue digital identity credentials


certificates and t
okens


in a number of forms.
VIVOS
® lets
you



Record a digital video with voice recital (oath) of the affidavit of the candidate’s identity

(in most jurisdictions this binds the affiant to penalties of perjury)



Verify candidate’s driver’s license and/or p
assport



Capture the biometric iris scan of the candidate



Capture the digitized fingerprint of the candidate



Verify personal information online via corroboration service (in North America and UK)



Digitally record the written signature on the affidavit and d
igitally sign the written signature



Create an event record: GPS location, US Navy signed time stamp, video, biometrics,
affidavit, passport



Digitally sign and record the biometric information, the affidavit recital, the location and time
stamp



Create a dig
ital certificate for the individual whose identity is being authenticated



Sign the digital certificate by a remote Certificate Authority



Implant the digital certificate in one or more hardware tokens: smart card, USB, iButton



Transmit the files created du
ring the session to a remote secure facility

The entire authentication process requires as little as five minutes and requires no more than a
normal user’s understanding of computers.

NOTE: For maximum protection the operator of this
equipment should be I
CCAP certified (
www.iccap.org
)

and should be able to administer an
oath in your jurisdiction.


Authentrus.org

Protecting your privacy with the Personal Intellectual

Property
Infrastructure...


Reception Area

The Personal Intellectual Property Infrastructure

About Us

News


Sponsorship


Companies Using PIPI Compliant Products

Compliance Testing

Contact Us


The Personal Intellectual Property Infrastructure

Most privacy

protection frameworks rely upon , if not the kindness of strangers, then the integrity
and good intentions of strangers. They provide guidelines for disclosure of information about how
information about you is to be used, and leave it to the individual to

read those lengthy
disclosures before clicking on anything.

Authentrus’s Personal Intellectual Property Infrastructure (PIPI) takes a different approach. It
turns information about you into your personal intellectual property, provides a framework with
wh
ich you can easily manage disclosure by category of inquirer or by individual inquirer,
provides tools by which your disclosure choices may be implemented, and it provides a
consensual framework for disclosed parties to either abide by or suffer the penalt
ies of
infringement.

When implemented, PIPI delivers a workable means for accomplishing an old ideal:
ownership and control by individuals of personal information about them.


About Us

Authentrus

was founded in 2004 to define

and promote

and
promote the us
e of

the
Personal Intellectual Property Infrastructure
.


The Authentrus Team

Led by _________ and ___________,
Authentrus

reflects the highest standard of
professional qualification in operating system design.


News


Your privacy is under attack!

Learn ho
w the
Personal Intellectual Property Infrastructure from Authentrus
delivers on the promise of putting you in control of information about you.

The companies that accumulate information about you regard that information as
their own corporate asset


and t
he law generally supports that view.

The
Personal Intellectual Property Infrastructure provides



a means to legally claim control of y
our information



the technology to control its disclosure.


ICCFS.org

Prot
ecting
your privacy and security
by
ensuring

due process


Law Enforcement Infrastructure


Does security require the sacrifice of privacy?

Does privacy require the sacrifice of security?


Learn how the Law Enforcement Infrastructure from the International C
ouncil for Forensic
Security can assure that law enforcement has what it needs to monitor the encrypted
communications of those who can legitimately be considered suspects, while protecting the
privacy of the rest of us.

The Law Enforcement Infrastructure

further assures that all law enforcement operations


Reception Area

The Law Enforcement Infrastructure

About Us

News


Contact Us


The Law Enforcement Infrastructure


ICCFS and its Law Enforcement Infrastructure achieve two goals which often appear to con
flict
with each other.

The job of law enforcement officers often seems to fly in the face of the presumption of
innocence. They must treat some members of the population as suspects, before they are
convicted or even before they are legally accused of com
mitting a crime. That means that they
must be able to spy on the private communications of those who may legitimately be considered
suspects.

Suspects who know what they’re doing will sometimes encrypt their communications, making it
impossible for those w
ithout possession of the appropriate cryptographic keys to intercept those
communications.

The subject of key escrow for purposes other than replacing lost private keys is
controversial,
because of the possibility of abuse of the power that is conveyed wit
h those keys. Therefore the
use of those keys by law enforcement must be governed by strict adherence to due process.

Interception of older forms of communication such as voice telephone is governed by specific
due process, and that process usually involve
s judicial authorization. But there is little in the way
of due process governing access to cryptographic keys, leaving law enforcement to make

up the
rules as it goes along. As long as that situation exists, personal privacy is at risk.

The Law Enforcemen
t Infrastructure, which was first described in the book
Quiet Enjoyment

by Wes Kussmaul, provides not only for judicial due process in the management of cryptographic
key escrow; it also provides a means of prevention of the abuse of access to private keys

without
requiring law enforcement to disclose the identity of suspects.


About Us


As our system must confront the need for privacy, it must also confront the need for law
enforcement to intercept communications when it can demonstrate that a party to the

communication is legitimately considered a suspect. But it’s not enough to casually
invoke the concept of due process to protect against abuse of the system; due process
must be implemented in algorithms and procedures that are as rigorous as those used i
n
the rest of the Public Key Infrastructure that is QEI


News


Contact Us


Abyx.org

Assure yourself and your customers that
your
collaboration facilities
are

secure.


Reception Area

The Abyx Building Codes In
frastructure

For Providers of Collaboration Platforms

Building Inspectors

About Us

News


Contact Us


The Abyx Building Codes Infrastructure


How do you know the building you’re using is sound? How do you know it’s secure?

In almost every jurisdiction in t
he world, the answer comes with a set of building codes that
guides a building inspector.

When it comes to online buildings, there are no geographical jurisdictions. That’s the whole
point


if your team consists of people who are physically situated in Ad
elaide, Belem, Ypsilanti
and Zanzibar, the building codes for the structure in which you work together cannot be mandated
by a particular geographic jurisdiction.

If you provide online collaboration facilities, either as a vendor of collaboration platforms
, or
as a user of collaboration technology, let our Building Inspectors assure your users that they can
share sensitive information in confidence.


For Providers of Collaboration Platforms


Whether you provide software, or application hosting services, add

value to your product
by providing independent, objective evidence that the users of your platform can share
sensitive information with confidence.

Contact our vendor representatives for more information about using the Abyx building
codes to help you sel
l your product.


Building Inspectors


Your information is never secure in a private, cryptographic tunnel

if it is exposed
at the ends of the tunnel
. Indeed, a tunnel

can be less secure than the outdoor
space

around it, because it gives its occupants a false sense of security. Building
codes are sets of standards and procedures that ensure the integrity of the virtual
buildings that enclose, for example, the ends of tunnels.


About Us

News


Contact Us


Dorren.org


Get a desktop that's secure, manageable, and free of hidden vendor
agendas

Announcing InDoors, an operating system that

Knows the difference
between indoors and outdoors

When you use an operating syst
em that knows the difference between indoors and outdoors, you
always know whether a given facility is secure and usable, that is, whether it meets building code
and has been issued an occupancy permit.

Like every other operating system, it also supports t
he outdoor environment. You can browse,
chat, surf to your heart’s content. But when you want to get something done, especially when you
want to get something done with others, you’ll want to come indoors to your work group’s office,
or the meeting place o
f the civic or nonprofit group that you’re involved with.


Indoor Operating System

We can work around the vulnerabilities of popular operating systems so that the components
of QEI provide genuinely secure, manageable, usable, and private space inside thos
e operating
systems. An even better solution for the long term will be to gracefully exchange the vulnerable
and cranky old operating system foundation for a more reliable, secure, and manageable one,
while keeping most of the familiar user interface and a
pplications programming interfaces.


SquareByte.org

Delivering a sound new economics to the open source community


The world of architecture, construction, and property management would not work, build
ings
would not get built and used, if it were not for one powerful little device. That device is the
occupancy permit
. The occupancy permit to a building is a legal instrument issued by the relevant
local authority that attests to the satisfactory treatmen
t of all parties by each other. It certifies that
the architect designed the building properly, the contractor built it properly, and the owner has
paid his bills to the architect and contractor. Everybody is, well, if not delighted with each other,
at lea
st they’re happy enough to sign off on some minimal contentment.

The Real Estate Professional Infrastructure is not a new concept. In fact it’s been around for at
least a thousand years. We’re just applying it to a new kind of structure, the one that’s bu
ilt inside
servers and information appliances.


As with physical real estate, our bounded online spaces need qualified architects, contractors,
and property management people to ensure that they serve our purposes. As with physical real
estate, we need a
system of certification of their credentials and of the results of their work.


Village.com

Publishers: Own your own online service!


The media industry has been incredibly meek throughout the information
revolution, asking
“Where do we fit in” instead of “We understand audiences. Move over, this is our space.”

But the business model and technology of the online service has never been more accessible to
the media community.

Learn how the Village Business Mo
del can leverage your targeted special
-
interest magazine or
other audience
-
defining media entity to provide a major new source of revenue and earnings!


An online service differs in important ways from the anarchic outdoor space we know as the
Internet. Tr
ue, we get there using the Internet information highway just as we get to physical
buildings and communities using open, outdoor public roadways.


But exhibitors and attendees at a conference serving your highly targeted audience don’t want
to be out




Media Industry Infrastructure

Where are these online buildings built? Who owns them? Who pays for them? How do they
connect to each other in a rational way? We find our answer in the surprising intersection
between skills and methods in the media industry
and those of the urban planning profession.


PublicRoads.org

Securing our public information highways


Who’s managing our information highway system?

Who is touching the DNS system?




Public Roadways In
frastructure

The roadway system, the Internet, is far ahead of the virtual real estate it needs to connect


the secure online places where people can safely gather. Its protocols, like those for the next
generation of concrete Interstate highways, are wel
l established.

But the facilities that control the Internet are entirely too vulnerable to terrorists and vandals.
The Public Roadways Infrastructure invokes a
ccess controls
that
based upon strongly established
identities

to secure our public online roadw
ays
.


Lexipedia.org

Talk with IT about buildings, not construction materials




Usable Vocabulary Infrastructure

What information technology provides to the online world is no more mysterious than what
arc
hitects, contractors, and property managers provide to the real estate world. The disorganized
collection of vendors and professionals calling itself the information technology industry exists
simply to provide facilities in which we can get our work done.

An understanding of their
construction materials and methods is entirely unnecessary to the task of determining what
facilities are needed and how they should work. By using the well
-
understood language of real
estate
, management can f
inally direct information technology, rather than the other way around.