Strong Privacy Protection

Privacy protection prevents unauthorized access to secure information system where secret or sensitive information is stored. Behind the NAT firewall of an organization's private network, the information is protected and therefore many organizations are not willing to entrust their secure information to the public cloud.

Cloud-based services, rapidly expanding 4G LTE mobile networks and government secure information and communication infrastructures depend on identity management, access control and trusted internet connections to provide strong user privacy protection.
The Challenge

An information system needs solutions to provide security and protection that can
  • block unregistered access to the network of the secure information system
  • encrypt the information when it is stored on disk or in transit over the networks
  • authenticate the user identity before providing the user access to the secure network 
  • authorize the user identity before granting the user access to secure information.
The CIS Solution provides solutions for cloud-based strong authentication, authorization and privacy protection using distributed PKI technology. The site's sensitive information can be stored in an encrypted database, shown as eDB in the diagram, by the boundary controller. Only boundary controller has the encryption key, which was created when is installed, to access the encrypted information. The encryption key is itself encrypted and stored by another database, the encrypted Trust Store or eTS

Cyberspace Identity Management

All user requests to access the cloud resources must be sent to the boundary controller.  A cloud resource, such as a web server, would only reply to the requests from proxy server.  The proxy server validates the ID using the ID registration list in the encrypted database, shown as eDB in the above diagram, before forwarding the request.  All other requests that are not sent from boundary controller are rejected. ID user identity (ID) is the concatenation of the user name, the at sign (@), and the name of the site.  The name of the site is created by the site administrator during the installation.  For example, if site name is SecureSite then bob's ID is bob@SecureSite. 

Mutual Inclusive Communications

Before the users of the two sites can access each others' resources, the sites must be connected.  SIPbiz.nets must exchange their PKI certificates and import them to their encrypted trust store, shown as eTS in the diagram, to be used in the connection establishment. One of the sites can initiate the secure connection but both must verify the others' credential via the information in the imported certificates.  Without the remote certificate in the secure eTS of both sides, the connection attempt will be aborted.

The successful connection establishment creates a secure TLS link which encrypts the information exchanged by the sites.

Each can initiate and accept multiple mutual inclusive connections.

Benefits and Capabilities cybersecurity solution operates effectively in the current environment and it also lays the foundation for future capabilities with cyberspace identity management by applying the PKI privacy technology. identity management allows organizations to form trusted communities based on mutually agreed connectivity, while working together to exclude unwanted intruders and inappropriate membership. identity management enhances privacy through mutual inclusivity. enhances user privacy protection with the following properties of ID:
  • ID is stored in an encrypted database (eDB) resided with
  • The eDB is securely protected by being behind the site's NAT firewall
  • ID can only be contacted by the ID of other sites
  • sites must be connected for the ID to be accepted by the remote 
  • The connections are always mutual inclusive.
Learn More

For additional information on how your organization can benefit from Strong Privacy Protection solution, please contact