Library

Persistent protection with encryption of data itself is a logical next step for firewall network enhancement. Encryption can be viewed in various means and has surfaced as an essential element for protecting information exchanges, for policy enforcement, and for differentiated attribute accesses.In general, protecting data may be found in traditional secure network tunneling with a Public Key Infrastructure providing the key management support. A movement to persistent protection encryption would entail creating self-protecting data objects. The financial services, in the form of an ANSI x9 standard, has published x9.73 which sites a dynamic key management schema called Constructive Key Management® CKM®.

Guide to Attribute Based Access Control (ABAC) Definition and Considerations - NIST special publication 800-162

An overarching security framework design will facilitate a secure Information Sharing Environ-ment, in a collaborative environment, with mobile remote access or fixed access, based on policy driven requirements. Cryptography can be both an enforcement mechanism as well as a differential access mechanism to enterprise data

The management of information flow can be achieved through tagging techniques and tagging protocols. Over time, tagging has taken on different means such as labeling, asserting and credentialing. The intent is to define information flow and control. Different approaches have surfaced to address labeling such as identity tags in communications routing and access distribution. More recently, shifts in computer protocols such as from HTML to XML have expanded the possibilities of using tags

Constructive Key Management® (CKM) provides Cryptographically Enforced Management of keys, objects, and access. CKM's Object Level Access Control (OLAC) techniques allow users to control anything that can be named, from a character, page, image or sound in a document to a field in a database. In addition, CKM's Role Based Access Control (RBAC) techniques cryptographically enforce who should be able to see which piece of data or information. The approach of differentially encrypting data based on the need-to-know principle allows secure communication among groups of individuals with a variety of roles. Those individuals who have a legitimate need to view information have access to it, while others don’t.TecSec's Constructive Key Management® (CKM) technology is a standards-based and patented cryptographic key management technology that uniquely resolves critical information security and information management complicated by today's vastly networked world. The need to identify authorized users, protect and control sensitive information assets, and restrict access to information in compliance with privacy statutes and regulations has never been greater.

The TecSec Constructive Key Management® (CKM®) product that incorporates a smart card is a software and hardware combination designed to cryptographically protect data from unauthorized access and use. It is a physical realization of Role Based Access Control concepts. When encrypting data, the user can selectively designate the read privileges (Roles) needed to read this data from amongst the ‘Write’ privileges that he possesses. The data is then accessible only by those authorized individuals who hold the correct ‘Read’ privileges; resulting in a one-to-many secure data distribution system. By being able to independently administer ‘Read’ and ‘Write’ access privileges, the abilities to create, modify and read data are treated as selectable privileges. Thoughtful use of Key Management processes in the construction of the keying material enables these security characteristics.The heart of the system is the CKM® Combiner

Constructive Key Management® or CKM is embodied in numerous standards (X9.69. X9.73, X9.84, X9.96) published by the American National Standards Institute (ANSI) and is being incorporated into ISO 22895 which includes reference to the cited ANSI standards. These standards are also incorporated herein by reference

Explanation of how PKI and CKM can work together. These technologies are complementary in application and CKM® products are designed accordingly. CKM® is interoperable with all of the leading PKI vendors (see attached overview) and has incorporated PKI functionality into its CKM® Desktop product.

Confidentiality or secrecy is the prevention of the disclosure of information. This can be enforced with cryptography. A small amount of data – the cryptographic keying material – is distributed secretly so that a larger amount of data – the ciphertext – can be sent over non-secure networks (data in transit) or stored on publicly accessible areas (data at rest). Forward secrecy is not being able to compromise future communications even if current communications are compromised. Backward secrecy is not being able to compromise previous communications even if current communications are compromised

3 page chart showing flexibility of CKM and comparison between PKI and CKM ; benefits of using CKM to enhance PKI

Power point presentation of CKM enabling PKI

Detailed document on smart tokens. Credentials may be associated with an application that defines one or more member identity elements such as a biometric function, a Smart Token™ identity, or a PIN/Password. CKM is used to bind the identity elements to an encrypted object through an encryption process. The Identification and Authentication (I&A) object may consist of private keying functions that can authenticate the member to the network and other members, and other functions that may need to be stored secretly that are included in a Member Profile.

Constructive Key ManagementA slideshow depicting Role Based Access to Information by Content Enforced by Cryptography.

TecSec™s CKM® - “ Enabling Secure Information Sharing & Collaboration. Role Based Access Control to information and protects that information while in transit and at rest – regardless of transport and storage mechanism – enabling a collaborative threat warning processCollecting, analyzing and disseminating terrorism intelligence, sharing that information securely and collaborating with a large number of agencies is not a simple task. TecSec™s CKM® can help with the tasks of secure Information Sharing and Collaboration.CKM®, short for Constructive Key Management®, is a technology and methodology that enables secure information sharing and collaboration. CKM provides a framework for secure information sharing across agency lines. It provides Role Based Access Control to information and protects that information while in transit and at rest regardless of transport and storage mechanism enabling a collaborative threat warning process.

Slideshow depicting CKM® enabling DRM prepared for ANSI March 2002.

The guidance provided herein is the third version of the Cloud Security Alliance document, "Security Guidance forCritical Areas of Focus in Cloud Computing,” which was originally released in April 2009.

The guidance provided herein is the third version of the Cloud Security Alliance document, "Security Guidance forCritical Areas of Focus in Cloud Computing,” which was originally released in April 2009.

Identity Management IDSEC.Attribute Listing for Financial Services Components. Material associated with Financial Services - Secure Packet Based CKM, blockchain and Distributed Ledger 2016

Single slide detailing the security layers of Financial Services and the applicable ANSI X9 and ISO Standards.

Marketing slick on Financial Solutions overview

TecSec® CKM® - A Simple Solution to Enterprise Management of Access Control to InformationELECTRONIC DATA IN HEALTHCARE—STREAMLINED PROCESSES AND IMPROVED QUALITY OF SERVICESThe use of electronic mechanisms to store and transmit information is quickly becoming the standard across healthcare organizations. Paper records and forms are being replaced by electronic forms and applications, which use intranets (internal to organizations), extranets (between organizations) and the Internet (multiple organizations) as the mechanisms to transmit information.

REPORT TO THE PRESIDENT REALIZING THE FULL POTENTIAL OF HEALTH INFORMATION TECHNOLOGY TO IMPROVE HEALTHCARE FOR AMERICANS: THE PATH FORWARD

2008 Congressional Budget Office report on Health Care: Capturing the Opportunity in the Nation's Core Fiscal Challenge - Based on Data from CMS and CDC

U.S. health care spending is expected to increase at similar levels for the next decade reaching $4 TRILLION in 2015, or 20 percent of GDP2TecSec paper

The Health Insurance Portability & Accountability Act, the Gramm-Leach-Bliley Act, & CKM® The purpose of this memorandum is to summarize selected elements of the Health Insurance Portability and Accountability Act (HIPAA) and Gramm-Leach-Bliley Act (GLBA) as they relate to TecSec’s Constructive Key Management® (CKM®) technology. It is intended to be a brief overview of the salient parts of these complex laws where TecSec can assist its clients with compliance.

Nearly every business acquires, uses, and stores personally identifiable information (PII) about its employees, customers, and business partners. Organizations are expected to manage this private data appropriately and take every precaution to protect it from unauthorized access or theft. Misusing, losing or compromising this information can carry a significant financial cost, damage a business’s reputation and in some cases result in criminal prosecution.

NIST document listing certs and explanation

NIST Document: This Standard specifies a text based Cryptographic Message Syntax (CMS) represented using XML 1.0 encodingthat can be used to protect financial transactions and other documents from unauthorized disclosure andmodification. The message syntax has the following characteristics: ...Support for biometric security, enhanced certificate techniques such as compact domain certificates and keymanagement extensions such as Constructive Key Management (CKM) are provided.

NIST Certific 687 to TecSec for FIPS 140-2 Certification

Brief overview of some standards for technology including smart card

OpenVEIL® is the Open Source connector to KeyVEIL® that allows applications to be written that are CKM Enabled® through the use of the KeyVEIL® key management sys-tem. OpenVEIL® also includes cryptographic algorithms and protocols that can be used to provide bulk data encryption services to applications

one page slick of SCADA Security system

Today's cars are so complex electronically that they're perhaps best thought of as mobile computer networks. The cars of tomorrow, which are already starting to appear today, will be increasingly connected to the Internet, to each other, and to roadside wireless infrastructure.

Application Oriented Network (AON) CISCO Systems and CKM

Globalization of businesses and the increasing integration of information technologies arecompounded to make diversity of identity management a potential obstacle to the continuingdevelopment of the enterprise’s objectives. To address this, there is a requirement for anintegrated approach to identity management to automate, accelerate, and simplify identitycreation and maintenance. In a broad context, identity management can be referenced as IdentitySecurity or IDSEC for abbreviation

Establishment of Identity can be a difficult process. Identity is what makes something or someone the same today as it, she, or he was yesterday. Importantly, identity can refer to a thing (e.g., a computer) as well as a person. Identity is, normally, a global event (i.e. Don is always Don). Things and people can have different identities when working with different systems, or can have more than one identity when working with a single system, perhaps when working in different roles.

Digital Rights Management (DRM) can be a difficult undertaking. The average lifespan of certain DRM technologies can be measured in days. Some DRM technologies are hacked even before they become standards. Others are hacked after wide deployment in the industry.Along with the advent of Digital Rights Management and the electronic distribution of digitized media comes the need for strong and reliable digital security. In fact, one of the MPAA's (Motion Picture Association of America™s) objectives for Digital Cinema (dCinema) is highly secure, end-to-end, conditional access content protection including digital rights management and content watermarking protection.

TecSec’s object management greatly expands the functionality of encryption throughenforcement of information rights management. CKM provides a range of solutions,safeguards information, and selectively shares data within or outside of an organization.TECSEC’S reduced role for the server and heightened functionality at the workstationhas brought a paradigm shift that provides role based access, at the object level, toanything digital that can be named, be it physical, logical, or functional

DRM License & Rights Packaging–Binding Content, Rights, User–Protection Method, Mobility–Key Sharing, Escrow, Distribution–Key Mis-use, Tamper Resistant

Document showing how CKM can enhance PKI

Inspector General of DoD 2008 Report. The life cycle of the contractor Common AccessCard (CAC) consists of approval, issuance,reverification, revocation, and recovery. DoDofficials use the Contractor Verification System(CVS) to approve contractor CACs, and theReal-time Automated Personnel IdentificationSystem (RAPIDS) to issue CACs.

A new direction for implementing encryption within the tactical multinational environment can be added to the existing security techniques. By combining Department of Defense (DoD) Information Systems Security Organization (ISSO) and the Department of Commerce oversight of two existing programs, the concern over loss of encryption devices in a tactical situation can be addressed while maintaining a balance between security techniques and the exploitation of these techniques against the US. These two existing programs are concerned with Levels of Robustness and Export Approvals for security products and technologies.

Homeland Security Advisory Council

September 11, 2008A report from the Homeland Security Advisory Council on the top ten strategic challenges that will face the incoming Secretary of Homeland Defense.

power point on DHS and TecSec solutions including identity tokens and permissions; access control and sharing of data

TecSec®, Incorporated has positioned itself as a central part of the solution set for the cross-agency sharing of information consistent with the charter of the Department of Homeland Security. date 2002

Product Slick for VEIL Office

Financial Solution Brief Overview

Marketing slick for SCADA Security

Product Slick for VEIL Mobile

Enterprise Builder is responsible for managing VEIL® users, the attributes that are available to the system and the mapping of those attributes to the VEIL® users. It also creates and maintains the CTS, Soft Token and Smart Card tokens.

Slick for VEIL Desktop

Product Slick for VEIL Cloud.