|
Projects
Shared Access Control
Software Deployment Assistance
Binary Identification/Authentication Key (BIK)
Shared Access Control
This is a unique security system that allows companies to significantly reduce risks associated with misuse of information resources by highly privileged users, users in "the position of trust". This system is based on the well known and widely utilized military concept of "parallel access control", where more than one authority gives sanction in order for a transaction to go through. It eliminates the "position of trust" where only one individual makes a critical decision. However, this concept is not without its flaws. "Transaction freeze" is the most obvious problem for information systems in this situation. This occurs when one of the individuals needed to authorize a specific transaction is not available or not capable to make the authorization decision, thus keeping the transaction from being performed or at least performed on time.
In the regular IT environment, administrators or trusted users often have to perform transactions that may potentially damage company systems, lead to "denial of service", mask fraudulent activities, or expose sensitive information. In any of these cases, the harm can be substantial. The users have knowledge, credentials, and access. Superiors or fellow colleagues may not know about, and often cannot prevent, an incident based on human error or, worse, one done on purpose as an act of revenge, sabotage, or fraud. Modern access control systems, unable to deal with these situations, can only either fully allow, or completely restrict the activity.
True Security™ Proactive, Shared Control is the first "parallel access control" system specifically designed to flawlessly operate in the enterprise information world. It effectively and immediately deals with all kinds of "insider" situations - proactively - before the potential of damage arises. It does not obstruct or delay the work. It is not based on behavioral recognition, and therefore cannot be fooled. It operates "near-real-time" and allows sharing of the responsibility and decision-making power for all critical transactions in the enterprise information system.
See our True Security™ Proactive page for more information.
Software Deployment Assistance
This technology was designed to help administrators protect their information system from the potential harm that may come by way of new software deployment. As with all new software installations, there is a good chance that, even after performing all the necessary tests and trials, unforeseen (often substantial) problems can arise in the final deployment process. It's a tedious, expensive, frequently lengthy procedure, all of which makes companies hesitate to upgrade their infrastructure.
A useful example of this problem is Host Based Intrusion Prevention System (HIPS). Even with the long and painstaking proper deployment and configuration process of HIPS, the system can often be either overly restrictive, which leads to production problems, or wide open, undermining the very purpose of HIPS. Even more unforeseen problems can occur where reconfiguration of HIPS needs to be done in advance, prior to the information system upgrades. It becomes an extremely difficult task in the large enterprise. This is one of the main reasons why such highly effective security systems are so unpopular. As modern software gets more and more sophisticated, with operating cycles so complicated that no test environment can fully reveal in a reasonable amount of time, there exists an urgent need for a different solution - a solution that deals with potentially dangerous situations of new software deployment quickly and comprehensively.
True Security™ Proactive, Deployment Partner is a new concept and a new answer to the software deployment problems. It allows you to quickly and safely move from the testing phase of deployment to the production phase, enabling administrators to centrally monitor and control the behavior of new software. Deployment Partner gives you the ability to remotely and instantly resolve conflicts while the new program completes the entire operating cycle. It prompts the administrator if there is any unusual or incompatible situation, giving him an inside view and the ability to make an immediate decision. Deployment Partner is also capable of learning software behavior, thus helping to prevent conflicts from happening in the future. In addition, it enables administrators to instantly resolve situations of "system denial" associated with user access control. This capability is absolutely essential when configuring access control or other privilege-managing systems. Deployment Partner is a practical solution to a complicated and very expensive problem. It can save your company hundreds of hours in software deployment time and thousands of dollars in consequences of slowed performance or production downtime.
See our True Security™ Proactive page for more information.
Binary Identification/Authentication Key (BIK)
BIK is a very elegant access control solution. This original concept was designed more than ten years ago by renowned Ukrainian scientist Professor Vitaly Bardachenko, PhD (1947-2007). It's an ordinary size key consisting of twelve-plus segments that rotate along a common axle. Each segment has a hole on one side and can be turned around the axle, setting a binary combination - 0 or 1, based on which side the hole is. Once set, the key is inserted into a reader and quickly removed. The reader consists of a key inlet and two pairs of infrared light emitting diodes (LEDs) on each side of the inlet. While the key is removed, light from the LEDs passes through the holes on either side of the key reading the combination, acting just like perforated cards use to work in the old computing days.
This information input system was originally designed for high security applications. It is not sensitive to electromagnetic shock or harsh environmental conditions. The key and the reader are physically rigid and are not susceptible to EME snooping or electromagnetic radiation. BIK does not contain electronic circuitry or batteries. Codes are not stored on the key and, once dialed, can be instantly, physically erased with no trace or possibility of recovery. BIK allows for practically any number of possible combinations. The minimum of twelve segments produce over 16 million combinations with just two key inserts. There can be any number of segments, thus increasing the combination choice exponentially. These qualities make BIK very attractive for different military field applications.
The binary nature also allows for various inventive and safe ways to create and remember complicated passwords. For example, phrases consist of words, and words of vowels and consonants that can be easily perceived as binary code - perfectly acceptable for physical access control systems and easy to remember even under high stress conditions.
It's safer than a keypad, smaller, lighter, much more reliable, less expensive to manufacture and, unlike keypads, requires no maintenance.
To learn more, please contact our Development Center.
| |
