| 4.4 Access Control
02. Alternative Encryption | |
|---|
| 4.4.02. Alternative Encryption. | | 1. Pseudonymisation is a major part of the encryption policy where names, words and field values are replaced with a taken. This has identified an interesting anti-agency benefit where the decryption of a record may have alternative solutions. | | 2. All field values are purposefully assigned a list of permitted values and all messages are a string of permitted phrases. Bad language must be eliminated by law and so all message entry is scanned and replaced with legal phrases that will not offend. Each phrase is encrypted with a token, but each token has an alternate phrase that may be a simplified parady of the original phrase. | | 3. Every culture has its own language that is designed to be understood by people of that culture and not understood by people outside that culture. Alternative encryption is like alternate facts as a plausible set of phrases that replace the original phrases. | | 4. Where encryption is illegal or where a court order (with gagging order) demands disclosure of encrypted business data, then alternative business data is plausible. Two diffeent encryption keys are involved, the first will decrypt business data to the original field values and the second will decrypt business data to an alternative set of field values that is equally plausible. A secondary benefit is that offensive language is replaced with sanitized language. |
| 2. Meta Data. | | 1. Politicians lacking technical knowledge state that electronic messages are not recorded. proessed and stored to be used against a person, but only "meta" data is recorded. | | 2. In this context "meta" data means that agencies build up networks of people who communicate with one another. If one person in the network is thought to be a criminal then personnel in that network are thought to be potential criminals. | | 3. Meta data works with one-to-one telephone calls and emails where the identity of the sender and the recipient is self-evident. Meta data will never work once everybody is electronically communicating via encrypted replicated services. | | 4. Every computer has a browser and no downloaded application software that will have security vulnerabilities. Every person opens their browser and click on a bookmarked link to open their personal desktop welcome page. From their personal desktop welcome page, every person can view and listen to their messages; and sent and speak their messages. | | 5. Every electronic communication between a person and their welcome page is encrypted. Every text and voice message is encrypted and replicated to a large number of safe places. | | 6. Agencies are unable to build networks of people because personnel only communicate with the cloud. All communications are encrypted so no "meta" data exists to be recorded to be used against people. |
| 3. Authentication. | | 1. Two classes of approved people have evolved as (1) people with private computers and (2) people with a business computer. | | 2. A private computer such as a laptop, tablet or smart phone is only used by one approved person who has a private login to access their computer. Encrypted cookes stored on the private computer can uniquely identify the approved person without the need to sign-in each day. | | 3. A business computer such as a desktop may have more than one user and may be used in a way where other people may gain access to the oomputer. Normal sign-in authentication is required to uniquely identify each approved person each day. | | 4. How does it work. When an approved person with a private computer signs in they are shown their own private welcome page that may be bookmarked. Subsequent access is as simple as clicking on the bookmark to open their private welcome page. | | 5. An approved person with a business computer is shown a site welcome page that cannot be bookmarked. | | 6. Each welcome page has an encrypted URL that cannot be used by any other computer, it cannot be copied and used by another computer. Every private welcome page has a life cycle of one month that is automatically renewed when used with an encrypted cookie on a specific computer. Every site welcome page has a life cycle of one day, shall expire at midnight and cannot be used by any other computer. | | 7. People with a smart phone do not need to sign in to view their emails and the same method is used to avoid the need to sign in to access their bespoke application service. Sign in once and that profile information is stored as an encrypted cookie on the local computer. If cookies are deleted or the local computer is changed, then the approved person must sign-in as normal. | | 6. A persons private welcome page is how access control is managed - a button is shown for each service they are permitted to access, but no button exists for services they cannnot access. Encrypted messages to a person can be shown on an approved person private welcome page - just like an inbox. Encrypted messages to another person can be sent from an approved person private welcome page - just like a sent folder. |
| 4. To Do. | | 1. Pseudonymisation already exists, but needs improvements to handle free-format text as a series of tokenized phrases. | | 2. Authentication with encrypted cookies already exists, but needs URL improvements to support private welcome pages that can be bookmarked. |
| 5. Pervasive Encryption. | | 1. IBM uses the term pervasive encryption to define total encryption of all business data. | | 2. It is not logical to hold any business data in a format that is readable by criminals when a few functions can encrypt all business data to make it meaningless, worthless and impossible to have it stolen. Every person and every company has a duty of care to encrypt all business data so it cannot be stolen. Every company that chooses not to encrypt all business data has a wish to have that data stolen and sold to criminals. | | 3. Pervasive encryption is a good starting point, but those that have used pervasive encryption fo rmany years, have learnt the benefit of alternative encryption where the criminal is given a bunch of fake business data, rather than encrypted data that may be cracked one-day. Fake business data is plausible, criminals may try to sell it, but its just made up to look like real data. Fake business data can never be cracked by a criminal to decrypt the original business data - it is not reversable. |
| Document Control: | | 1. Document Title: Alternative Encryption. | | 2. Reference: 164402. | | 3. Keywords: ITIL Alternative Encryption. | | 4. Description: Authentication with Alternative Encryption. | | 5. Privacy: Public education service as a benefit to humanity. | | 6. Issued: 13 Jul 2017. | | 7. Edition: 2.2. |
|
|