Internet Authentic Ecosystem “a la Rus” (W3A)

From IIW

Session Topic: Internet Authentic. Ecosystem “a la Russe” (W3A)

Convener:Nadya Onishchenko

Notes-taker(s): Nadya Onishchenko

Tags for the session - technology discussed/ideas considered:

Internet identity, authentication, protection of personal data, electronic communications area.

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

There is a new concept of building the systems of legally significant public communications. In this model, as in the NSTIC, the participants of public communications are as follows:

- people (physical persons);

- legal entities (business, state):

- objects like transport, buildings, houses etc.

They are SUBJECTS or USERS.

As in a real world there, all electronic communications are carried out in a very aggressive, non-sterile, criminal environment and our losses are real.

The new concept is creating a special protected area where we can provide security. The special software will be used to realize this concept. It is like “robots” which can do everything their users say.

This software (these “robots”) is like a medical “robot” for working in sterile areas. And they let humans perform all necessary and admissible operations without penetrating the sterile space of electronic communication. At the same time this software don’t let us perform any prohibited or harmful operations.

So there is a full assurance of sterility and security of communications in the area. The software (“robot”) manages the data of the user’s personal file, provides the user’s distribution data (including personal data) only according to the user’s will and the law. The software creates, stores, and manages the user’s personal archives (Personal Data Service) and keeps track of all of the user’s daily activities (LifeLog).

When “robots” contact each other, they have to show something like an identifier. Let’s call it an INTERNET-PASSPORT (or just passport for short).

Every “robot” has any quantity of these identifiers. These passports are dynamic. It means that each “robot’s” internet-passport is unique and unlike any other “robot’s”.

Each passport has special parameters. They can be single-use or multiple-use, for one day or for a long time, for one purpose or universal. The passports can contain liability limit for financial operations.

The structure of internet-passport is as follows::

there is a pseudonym, unique dynamic code, a determined set of obligatory requirements (such as technical requirements and user requirements that are targeted for passport use).

Each “robot” can require additional information about its prototype from another “robot”.

Depending on the user’s wishes and depending on the status of the “robot” that is requesting these data, it can be given or not.

Complementary (logical) protection schemes:

  • during every new session a user proves the legitimacy of the previous one;
  • a user is notified about all major activities from independent channels chosen by him- or herself;
  • for the conduction of important operations a quarantine period is introduced between the moment of giving the command and its implementation (during this time the users in question can get all the information about the forthcoming operation through other independent channels and if necessary can block its implementation);
  • the used banking accounts have a limited list of payment addressees (therefore the intruder to the system will be unable to transfer money to his or her own account);
  • the toolbox the user is provided with will make him or her legally accountable for the operations conducted in the electronic environment with the help of “robot”.
  • Well, let's look at the results so far:
  • we generated a sterile communication area, where communication subjects are represented by their virtual “robot”;
  • we gave users a convenient identifiable assistant, which will perform many routine operations for its owner;
  • we built a simple system of communications between robots;
  • we localized the human factor having excluded any possibility to carry out illegal operations in the sterile area;
  • We protected the user’s personal date in the system;
  • We completely simplified user authentication during his contact with his “robot”;
  • “robot” is software.

This work is a private concept. The author is a Russian programmer with extensive experience and good tested and true intuition.

http://www.slideshare.net/Nadya_0802/iiw13-1