Strong Privacy Protection


Privacy protection prevents unauthorized access to secure information system where secret or sensitive information is stored. Behind the NAT firewall of an organization's private network, the information is protected and therefore many organizations are not willing to entrust their secure information to the public cloud.

Cloud-based services, rapidly expanding 4G LTE mobile networks and government secure information and communication infrastructures depend on identity management, access control and trusted internet connections to provide strong user privacy protection.
  
The Challenge

An information system needs solutions to provide security and protection that can
  • block unregistered access to the network of the secure information system
  • encrypt the information when it is stored on disk or in transit over the networks
  • authenticate the user identity before providing the user access to the secure network 
  • authorize the user identity before granting the user access to secure information.
The CIS Solution

SIPbiz.net provides solutions for cloud-based strong authentication, authorization and privacy protection using distributed PKI technology. The site's sensitive information can be stored in an encrypted database, shown as eDB in the diagram, by the SIPbiz.net boundary controller. Only SIPbiz.net boundary controller has the encryption key, which was created when SIPbiz.net is installed, to access the encrypted information. The encryption key is itself encrypted and stored by another database, the encrypted Trust Store or eTS

Cyberspace Identity Management

All user requests to access the cloud resources must be sent to the SIPbiz.net boundary controller.  A cloud resource, such as a web server, would only reply to the requests from SIPbiz.net proxy server.  The proxy server validates the ID using the ID registration list in the encrypted database, shown as eDB in the above diagram, before forwarding the request.  All other requests that are not sent from SIPbiz.net boundary controller are rejected.

SIPbiz.net ID

SIPbiz.net user identity (ID) is the concatenation of the user name, the at sign (@), and the name of the SIPbiz.net site.  The name of the SIPbiz.net site is created by the site administrator during the installation.  For example, if SIPbiz.net site name is SecureSite then bob's ID is bob@SecureSite. 

Mutual Inclusive Communications

Before the users of the two SIPbiz.net sites can access each others' resources, the sites must be connected.  SIPbiz.nets must exchange their PKI certificates and import them to their encrypted trust store, shown as eTS in the diagram, to be used in the connection establishment. One of the SIPbiz.net sites can initiate the secure connection but both must verify the others' credential via the information in the imported certificates.  Without the remote certificate in the secure eTS of both sides, the connection attempt will be aborted.

The successful connection establishment creates a secure TLS link which encrypts the information exchanged by the sites.

Each SIPbiz.net can initiate and accept multiple mutual inclusive connections.

Benefits and Capabilities

SIPbiz.net cybersecurity solution operates effectively in the current environment and it also lays the foundation for future capabilities with cyberspace identity management by applying the PKI privacy technology.  SIPbiz.net identity management allows organizations to form trusted communities based on mutually agreed connectivity, while working together to exclude unwanted intruders and inappropriate membership.  SIPbiz.net identity management enhances privacy through mutual inclusivity.

SIPbiz.net enhances user privacy protection with the following properties of SIPbiz.net ID:
  • SIPbiz.net ID is stored in an encrypted database (eDB) resided with SIPbiz.net
  • The eDB is securely protected by being behind the site's NAT firewall
  • SIPbiz.net ID can only be contacted by the ID of other SIPbiz.net sites
  • SIPbiz.net sites must be connected for the ID to be accepted by the remote 
  • The SIPbiz.net connections are always mutual inclusive.
Learn More

For additional information on how your organization can benefit from SIPbiz.net Strong Privacy Protection solution, please contact sipbiz@sipbiz.net.