Page 32 - Cyber Warnings
P. 32
Modify existing browser code to require an active CyberID session.
Ship CyberIDs to clients.
Remove website portal and data from the browser-based environment
Deployment completed
The CyberID retains all activity in volatile RAM while in use and monitors communication links
for attack. Each token, regardless of the community it is related to, is exactly the same except
for its encrypted serial number.
The CyberID token has no knowledge about a community owner or token owner. The only
visible difference between any two tokens is labeling.
How it works:
The client plugs their CyberID into a computer and clicks on start. The software on the CyberID
segments RAM to create Virtual Environment (VE) in which to work, a node comes into
existence temporarily. SecureAxcess links to an authentication server to validate the token
hasn’t been reported lost or stolen. If it has, it self-destructs.
The authentication server returns location of the community owner’s portal to SecureAxcess.
SecureAxcess then connects to the community.
The community’s proxy server identifies a CyberID is attempting to access the secure portal.
The proxy connects to the authentication server verifying an active session and ID.
Assuming the connection is valid the SecureAxcess triangulates servers and monitor for man-in-
the-middle. If any attack to the communications is detected the SecureAxcess implodes
removing all traces from RAM.
At this point, a CyberID session has been initiated, validated and security monitoring for the
environment has been established. The community owner loads their logon and takes control of
the client’s experience while SecureAxcess technology and the CyberID protect the session.
The client inputs credentials and the community owner validates the CyberID and credentials
for validation and then provides access to service that is associated with the client.
The communication link for data interaction is from the proxy to the client with the security
session never having vision into its encrypted communications.
When the CyberID is removed from the computer the session breaks and communication
between the authentication server, local computer and proxy is terminated. On the local
computer the secured volatile RAM is flushed and released leaving no footprint behind.
This all sounds great. But what about increasing security for “Protected” data used and retained
by retail websites such as payment data?
32 Cyber Warnings E-Magazine – April 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
