This topic contains 8 replies, has 3 voices, and was last updated by 
Josh Stern January 12, 2023 at 12:39 pm.
-
Posts
-
joshThe Token2 website – not recommended – uses key text to advertise greasy, anti-customer implementations. But at the same time, they are integrated into a system of propaganda that has been sold to many top firms & they focus on programmable/configurable tokens that can be ready replacements for a variety of older gen systems. It would be worthwhile to do opposition research & white papers on their products from the POV of what the catches are & what the valuable features of continuity are & what extra features GT products can add to achieve greater security and convenience/efficency.
-
josh-e.g. Who can get control of unrestricted time sync there?
-
-
joshIC commands can be used to ask for different actions – for example, to place gloved hands on hips or over mouth at a certain test stage. The main goal is to detect true id change and prevent theft of secure info – e.g. maybe another site has a password you are protecting in a special wallet.
-
joshI continue to believe that more usage can be made of these ideas & the general principle of private key storage that is designed to never be readable from non-dedicated circuitry. Directions about which public keys or biometrics are allowed to cooperate can also be stored securely on such devices without requiring later direct reading from the outside (i.e. if you don’t have the right key it’s extra hard to find a locksmith)
-
joshI reflected on short term solutions for digital authentication credential & storage where custom mfg. is not available.
Possible off the shelf is
– small pen drive that the user is instructed to keep with them on their person rather than left at home or work or auto
– custom crypt storage on the drive created/accessed by custom software in administrator mode running scripts that uniquely reside on the encrypted drive (unique how – custom & salted)
– store 1 or more additional private key pairs that are privately shared with GT administrators along with digital signining using the non-shared private keybiometrics? maybe someone can suggest a base using some ready off-the shelf method that convenient & can be combined with the above in a synergistic way?
-
joshMicrowave: Emphasize that the salt for reading the private key should be in some sense private to the scripts stored on the pen drive. They should be constructed in a way that would require one off analysis to figure out how to extract the private key, rather than 1 analysis for the method.
-
pers_d7pyza
KeymasterAnother id that can work with a secure dongle or pen drive that’s kept especially private: The drive itself or secure software session using the drive can generate “recognizable icons” for a user that are also watermarked with the pkey signatures. These can be exchanged on secure channels so that the network generally supports the id of recognizing a familiar crypto channel icon, where it is easy for the software to verify round trips with pkey security. The icons don’t add much from a pure crypto view, but they could help A & B in human factors land to recognize a secure connect with the same “C” and some mismatch with “D” and the phone conversation may be able to help start diagnosing what the problem was.
In addition to the crypto security, the interface may make the icons vivid to the user & possibly allow unobservable choice if icons through a local neural link interface or googles. Doing this in early discrete steps and exchanging to secure storage makes it harder for an adversary to mimic with anything plausible, and can be used to promote habitual awareness of which connections have been “secured” in the GT network sense.
-
Josh Stern
ModeratorBack to this topic with new enthusiasm.
Biometric checking is still something we need. My focus on the other bits below isn’t meant to deemphasize that. However…
Chips that really work like building keys are good too. Let’s look at some idea & realizable feature sets:
a) very small, so they can be carried around wherever you go & even put under skin for extremists. Doesn’t have to be small enough to lose. But we can envision a standard wireless pad that interacts with the chip placed on its surface & only that. So the size of the chip can be variable.
b) Manufactured to create & hold multiple private keys that are never shown directly.
c) Libraries are implemented to allow standard remote PK authentication from “wallet” stored at a remote website to local key on local pad that is required to access the wallet!!! The notion of a session can be, even for RESTful Web, based on a local computer session that delivers proof of credential with every request (where that is desired).
d) Functionality to Reset or revoke can be implemented. Functionality to create copy keys for others can be implented too – perhaps both have to be placed on the same pad? Some appropriate method.
e) We should be able to lock our screens or lock our entire BIOS/OS (might require a wired wakeup)
Looking at the above, it seems like this set of features could be more secure, faster for work/access, & more convenient than other methods at modest cost.
You must be logged in to reply to this topic.