easy site maker

About Authenticity™

All Authenticity Enterprises, regardless of the way their solutions are crafted and positioned to meet the particular needs of decision makers in their market, sell one product, which is Authenticity™.

In a nutshell, Authenticity™ is Pervasive Accountability with Privacy.

Expanding that,

AUTHENTICITY™ is the condition that exists when we have

  • Digital Signatures Everywhere backed by
  • Measurably Reliable Identity Certificates that are
  • Owned by their Users and which provide
  • Privacy via Accountable Anonymity.

“Digital Signatures Everywhere” means that every event in a system's logs is digitally signed by either the   person who did it, or the individual person who is responsible for the actions of an IoT device or other automated element. Taking liberties with the term “digital signature,” it also refers to authentication to the whole system.

“Measurably Reliable Identity” refers to the Identity Quality Assurance (IDQA) system that is an essential  part of the Authenticity Infrastructure.

Measuring The Quality Of An Identity

Identity Quality Assurance is a methodology for assuring that an identity assertion (credential plus identity  infrastructure) is appropriate, as measured in each of eight categories, for access to and privileges in the specific digital and / or physical assets or procedures which use it.

Each of the eight metrics is measured on a scale of zero to nine which, when added together, yield an aggregate  Identity quality score of zero to seventy-two.

The Eight Dimensions of Identity Quality™

  1. Degree of Protection of Personal Assets Does the user have "skin in the game" or are the organization's assets the only ones at risk? If the only reliable way to prevent credential sharing is with credentials that protect the user's financial, reputational and identity assets then to what extent does the identity protect those personal assets?
  2. Quality of Enrollment Practices What type of enrollment procedure was used? Did it involve PII corroboration (“KBA”)? Was it face-to-face notarial or remote? How is provisioning performed? How is the process supervised and audited? How many eyes are watching? Each risk profile and highest protected digital asset value will call for a particular enrollment procedure.
  3. Quality of Means of Assertion Does the credential support OpenID, i-Name, Shibboleth, CardSpace? Does it use SAML assertions? A well-used identity is a more reliable identity; the more places it is used the better.
  4. Quality of Authoritative Attestation Who attests to the validity of the assertion, that is, the claimed identity? Is the attesting party a certification authority? How reliable are their attestation practices? How is identity status reported: CRL or OCSP or another method?
  5. Quality of Other Attestations To what extent do colleagues of the subject corroborate the subject's claim of identity? The more acquaintances who are willing to put their own identity quality scores at risk, and the higher those scores are, the higher this score will be.
  6. Quality of the Credential What are the characteristics of the credential and its carrier? Is one key pair used for everything, or are different key pairs or simple serial numbers used for different applications? The carrier of the credential is equally important. Some risk profile / asset value situations call for two, three or four factor hardware tokens, or a one-time password, while a soft credential in the client computer or even a record in a directory will suffice for others.
  7. Quality of Assumption of Liability If fraud is committed with the use of the credential, who carries the liability? Is that commitment bonded? What are the terms of the bond? What is the source of funds for fulfillment of the bond? Are there caveats or is the commitment absolute, regardless of the circumstances that made the credential available to the perpetrator? To protect assets and processes of the highest value, where a compromised identity would have the most serious consequences, there should be both civil and criminal liability involved in the issuance and ongoing use of the credential. Equally important is protection against fraudulent repudiation. Nonrepudiation is perhaps the most difficult goal for a trust system to achieve, but it is necessary for the system to be useful to relying parties where significant transactions are involved. 
  8. Reputation of the Credential How long has the credential been used without revocation or reported compromise? How many transactions and authentication events has it been used for in total? The longer a credential has been used without incident, the more reliable it tends to be. Note that the reputation of the credential is not the same thing as the reputation of the subject. For example, if a subject with a very good reputation has a habit of lending his or her credential to family members and colleagues, resulting in documented confusion over who is responsible for what, then the reputation of the credential is greatly diminished.

Each of the eight Dimensions of Identity Quality is measured using a scale of 0 to 9, with 0 being the lowest rating in a particular “dimension.”

“Owned By Their Users” Since the Osmio VRD identity certificate is part of a universal credential that gates access to health records, financial accounts, social sites and other things of personal value, it is unlikely to be shared.

“Privacy via Accountable Anonymity” Just as your car's license plate makes you accountable for what happens while it's on the public roadways, while at the same time not disclosing the identity of the driver or owner unless there's been an accident, the Osmio VRD credential allows the user to assert his identity without disclosing his identity except at the direction of a court order.

One Person, Multiple Linked Credentials

Just as people lose their driver's licenses and passports, they also lose their smart cards, identity tokens, smartphones, hard drives, fitness bracelets, watches, rings, and anything else that might contain a PrivacyPEN. There must be, and is, a reliable recovery procedure for each type of loss.

Replacing lost driver's licenses and passports typically starts with the vital records department of a municipality, a state or province, or a national health service. The original birth certificate is really an entry in a paper database of sorts, an authenticated register of births, kept in the protected archival facilities of an agency of duly constituted public authority where these foundational records of a person's existence cannot get lost. The losable credentials are all logically linked to the non-losable credential in the archives.

So it is with a well-designed system of digital identity credentialing. Such a system is based upon the following

  • the starting point for any identity credential is the immutable information about the subject's birth. The subject's date, time and place of birth, identity of parents, and other unchanging information is the foundation of all identity assertions;
  • the foundational identity credential is a digital certificate, digitally signed by a certification authority whose identity certification business is not a sideline to a site certificate business 
  • an identity credential that is used for everyday work, commerce and social networking is vulnerable to loss and theft. 

Therefore, the foundational identity credential takes the form of a digital birth certificate, to be used in much the same manner as a paper birth certificate. That is, the digital birth certificate, and particularly its PEN™, is to be stored in a very safe place and used only for the purpose of generating credentials that are used in everyday life. When one of the latter is lost, stolen or compromised, or when a new credential in a new form factor is needed, it will be generated using the PEN™ corresponding to the foundational certificate.

Most of the eight measures of identity quality of any credential are inherited directly from the foundational certificate, ideally a Digital Birth Certificate, that signed the certificate signing request of the utility or device certificate used in the everyday credential. However, the everyday Utility Certificates may carry their own IDQA scores. In fact, the Credential Quality score applies only to the actual certificate and the card, token, hard drive or other device that houses it.

Consulting, Implementation and Management of Accountability Services

The Company will provide a complete package of services to enterprises and organizations that want the benefit of pervasive accountability in the operation of the containerization engineering systems for which they are responsible.

Enrollments

The licensed Authenticity Enterprise named Reliable Identities, Inc. will provide enrollments that produce secure certificate-based identity credentials in whatever form factor is desired by the client:

    • SIM Cards

    • MicroSD Cards

    • Soft Wallets Kept in ARM Trustzone

    • Soft Wallets Using TPM

    • Soft Wallets Kept in Browser or Other Client Keystore

    • Foundational-Utility Two Tier Credentials

    • Smart Cards

    • USB Tokens

    • Fitness bracelets

    • Fingerprint Reader USB Tokens

    • Jewelry

    • X.509v3 PKI Credentials

    • Other PKI Credentials

    • Non-PKI Credentials

    • Iris Reader Phone Tokens

The physical token-wallet or soft wallet will accommodate a key pair for every relationship credential that represents a new or existing relying party relationship with the subject, as well as Osmio VRD credentials. The Osmio VRD credentials will include an Osmio VRD x.509v3 provisional credential, an Osmio VRD signing key pair, and an Osmio VRD encryption key pair; and the capacity to generate and store additional Osmio VRD key pairs will also be included. The Osmio VRD key pairs will not be advertised but will be there for when we are able to show the subject why he or she should use them.

Authenticity™ includes The Osmio Wallet

The Osmio Wallet consists of a cluster of identity certificates of three types

    • Foundational Certificate (one per enrollee)

    • Recovery Certificate (one per enrollee)

    • Utility Certificates (as many as the user wants)

The Osmio Wallet can be made to interoperate with any of the following digital identity initiatives:


Commercial Digital Identity Initiatives National Digital Identity Initiatives
DID Estonia
Sovrin India
OpenID Denmark
OpenID Connect USA
FIDO Belgium
Oauth2 UK
Kantara Sweden
Liberty Alliance Netherlands
OneID
MiiCard
ForgeRock
Ping Identity
Okta
Gluu

AuthentiLaw is an Authenticity Enterprise

Each Authenticity Enterprise focuses on providing its Authenticity deliverables to its own market; and each is managed by an Authenticity Entrepreneur with experience, reputation, and contacts in that particular market. 

Definition of the Market

The market consists of law firms of all sizes.

Each Authenticity Enterprise focuses on providing its Authenticity deliverables to its own market; and each is managed by an Authenticity Entrepreneur with experience, reputation, and contacts in that particular market. 

Revenue Sources

Revenue sources include the consulting, enrollment, and ongoing service and support revenues from the Authenticity In The Enterprise™ suite. 

Authenticity In The Enterprise™ Services

1.Initial Assessments

2. Planning Services

3. Implementations of AITE Components

  • Digital Identity Certificates that carry a measure of their own reliability – the product of our rigorous enrollment procedures
  • CertAuth™ implementing certificate authentication throughout your network
  • CredentialBridge™ linking the existing identity credentials used by your organization to PKI Digital Identity Certificates
  • Network Microsegmentation assuring you that all network assets and workloads are properly isolated, and reachable only by users who are not only authorized but who possess the PENs (private keys) accompanying those identity certificates. (Rebrand of Illumio’s product)
  • DSE™ – Digital Signatures Everywhere – assuring you that events are digitally signed by the person responsible, with little or no additional effort on their part
  • Logchain™ – A network log that resembles a blockchain, with all network events immutably recorded and signed. (technology from Paragon IE)

MSPs will continue to share in the revenue stream as long as they continue to help support the customer organization to whom they introduced us.

Competition

While we have taken a cursory look at logistics and distribution services providers and have not seen anything similar to the methods of AuthentiLaw, much more competitive analysis is called for.

Organization and Management 

Authenticity Capital is a business unit of The Authenticity Institute, Inc. which, along with The City of Osmio, Inc. owns and licenses the Quiet Enjoyment Infrastructure, including its Authenticity Infrastructure, to each Authenticity Enterprise.

Marketing and Sales Strategy 

Although it is not a franchise, the Authenticity Enterprise business opportunity is sold in a manner that is compliant with the franchise laws of the US, EU, Canada and other jurisdictions in order to provide a measure of protection should any of those jurisdictions construe it as a franchise. The offering is made via an offering document that complies with US FTC Uniform Franchise Offering Circular requirements.

Financial Management 

The cash flow projection for each Authenticity Enterprise is maintained by the Entrepreneur in its own separate tab in one shared spreadsheet document called The Authenticity Economy, fllename TAE1.ods. Since any identity credential created by any Authenticity Enterprise is universal, that is, will authenticate anywhere, linking the spreadsheets in one file allows us to measure the effect of the marketing efforts of one Authenticity Enterprise on others, and on the whole Authenticity Economy.

Each business opportunity is priced differently. The default royalty rate on gross collected revenue is sixteen per cent, although different enterprises will justify lower rates dependoing upon their business model.