Three Lists of Ten Reasons Premonition's Importance
By Roy D. Follendore III
Copyright (c) 1999
In order to fully explain what Premonition is and why it is important, it is necessary to explain its relationship to what we know. I have taken the time to express this in for lists of ten different sentences. List one is Encryption for Dummies, list two is Business Applications for Encryption, list three is all about Premonition and list four is about Managed Secure Information Publishing for the Rest of Us.
List One - or "Encryption for Dummies": This is a list of ten sentences (not paragraphs) that describe the current technology used in encryption over telecommunications networks, specifically the Internet/Intranet/Extranet.
1. Current commercial technology utilizes outdated and narrowly defined NSA approved language for its technical components, which limit its ability to evolve. When you add it all up, the cost of this is staggering, both with respect to economic and technical performance.
2. There is a cost to each and every technical philosophy and to ignore this truth is to ignore the notion of engineering. Because standard technologies accept NSA language and philosophies, current standards for technologies consider the heart of security to be the cryptographic algorithm, around which all significant computational activities are directed and processed. Key management and other technical processes is relegated to a support subsystem.
3. The core functional technical design criterion for current technology standards is simply to encrypt data rather than to communicate better. Priorities are simply not properly academically specified coming into the engineering design process. The truth is that many of the people assigned to engineer security systems are unqualified to do so. This implies that simply having great technical engineering and math skills, experience working on algorithms is not enough. The engineering of security systems requires insight and knowledge about the fundamental nature of human communication and why and how people and organizations communicate. Truly new engineering paradigms that provide solutions do not come from technology, they come from the human mind.
4. The cryptographic objective of current technology standards is simply to obtain and use the strongest possible encryption permutation, often using symmetrical fixed keys with specific key lengths with specific algorithms. It is a foolish priority to base a technology upon such a one legged criteria. Strong encryption permutation of course carries its due importance, but it is not all important. To ignore this is to ignore the fact that strength is also brittle. Ignorance of this fact is the primary reason why why security systems fail.
5. Using current technology standards, a transaction always requires the sharing of a secret message key between people. The key represents knowledge. Access always equals access. Therefore Potential Access equals access. When key management transactions take place, access takes place. Key management therefore is equivalent to access management.
6. Within current technology standards the definitions and relationships of a key, cryptographic algorithm, ciphertext and plaintext are predefined and are the primary means of connectivity and security control. Relevance is ignored until implantation occurs.
7. Current technology standards are fundamentally centered on mathematical logic expressed as algorithmic bit level permutations, which are then combined with data. These standards do not incorporate machine intelligence. The necessary building blocks for security engineering therefore do not exist within existing technology standards.
8. Within current technology standards, keys are considered optimum when they are pseudo-random alphanumeric strings. What is being ignored are the specification of other kinds of logical philosophies which are just as important to the proper construction of keys.
9. Current technology standards use mathematical recursion for technically masking internal permutation processes of the cryptographic algorithm. What is being ignored are the specification other kinds of processes which can be more effective for masking internal permutation processes.
10. Current technology standards are designed as an adjunct to operations, so that within organizations they are managed and accounted for as a necessary security overhead rather than a performance-enhancing tool. If today's standards are going to improve then the concept of performance within security solutions must evolve to include organizational performance.
List Two - Business Applications of Encryption: This is a list of ten sentences that describe the current uses and problems of encryption technology/techniques (i.e. pre Premonition) over telecommunications networks, specifically the Internet/Intranet/Extranet (including Electronic Commerce).
1. Current encryption technology/techniques are designed to secure independent files and messages from one individual to another so that files and messages are the basis of transactions rather than a matrix of information and knowledge.
2. Current encryption technology/techniques require associations with respect to algorithms prior to use so that the benefit of algorithms as a unknown permutation factor is eliminated.
3. Encryption technology/techniques require that each key must be created, distributed, maintained with external pointers outside of the cryptographic process, and then managed and used with assigned algorithms for the proper reasons by all parties, which results in security flaws by design (or are formed over time) and the eventual loss of cryptographic control.
4. Serious flaws in the cryptographic security inevitably form from current encryption technology/techniques because over time operational wavers have to be ignored under the terms of inflexible cryptographic definitions and technical process control, thereby remaining undocumented and unaccountable.
5. With current encryption technology/techniques, sensitive transaction keys are operationally used prematurely or reused because they do not cryptographically inherit start and expiration date attributes, which give a cryptographic life span thereby reduces the accumulation of unnecessary junk data.
6. With current encryption technology/techniques, key maintenance and audit trails are not cryptographically authenticated and enforceable to the ultimate key used by the algorithm to encrypt plaintext and decrypt ciphertext, therefore requiring multiple asynchronous references.
7. Current encryption technology/techniques use keys that are treated as simple single-dimensional concepts and therefore have only one degree of freedom because they are logical pseudo-random mathematical strings.
8. With current encryption technology/techniques, key generation and audit trails are not cryptographically bound to applied circumstantial use so cryptographic enforcement of operational accountability and use does not exist along with the valuable reasoning related to transaction pricing and improvements in the performance of transactions.
9. With current Encryption technology/techniques, cryptographic algorithms, which greater permutation factors than keys, are treated as a give away.
10. With current encryption technology/techniques, the secure distribution of information has involved the use of non-rational certificates that increase in size in accordance with the complexity of user relations and purposes of the cryptographic transaction.
List Three – Premonition: This is a list of ten sentences describing what Premonition as a Technology is and its relationship to traditional encryption technology and techniques. Think in pictures and especially the "wrapper" concept.
1. Premonition is a distributed cryptographic based system that transparently secures and distributes highly granular information and knowledge over the Internet with both enforced authorization and accountability as opposed to the narrow traditional encryption techniques that are boiled down to an algorithmic process of permutation.
2. Premonition is a secure Internet web page publishing system rather than simply a cryptographic process for encrypting data.
3. Unlike traditional encryption technology and techniques, Premonition is a system that utilizes Traditional Cryptographic elements both as independent objects and secondary object attributes with the objective of improving communications through enforceable flexibility and enforced adherence to the rational association with organizational policies and procedures.
4. Premonition is a system that wraps the product of traditional cryptography within levels of rational abstraction rather than the external and one-dimensional way traditional encryption technologies alone treat cryptographic transactions.
5. Unlike traditional cryptography, the heart of Premonition is a cryptographically bound matrix of labels, which tell the story of the information/knowledge and can be rationally associated with approved organizational procedure and policies.
6. Premonition is a cryptographic security system that binds internal cryptographic objects late, avoiding the inflexible security problems found by traditional cryptographic techniques.
7. Premonition is a secure information and knowledge-publishing system utilizing cryptography to assure the continuity of information on published web pages.
8. Unlike traditional cryptographic techniques designed with a narrow paradigm to never fail, Premonition accepts the fact that in the real world failure is possible and internally authenticates, verifies and validates itself using its own proprietary Object Oriented paradigm with each use.
9. Unlike traditional cryptographic techniques that attempt to use Public Key (PK) methods as the end all, Premonition is designed to utilize PK processes as objects having inputs and attributes for such things as initialization and multiparty certification.
10. Because Premonition was designed to be a flexible paradigm based on reasoning rather than being built around a single algorithm, when changes are required they are understandable to the engineers and the users.
List Four – Premonition, Managed Secure Information
Publishing for the Rest of Us: This
is a list of ten sentences that describes the uses of Premonition and how it
both addresses the traditional shortcomings of encryption and expands the nature
of managed secure information publishing. Think
of the ability of managers to participate in and manage the process for business
List Four – Premonition, Managed Secure Information Publishing for the Rest of Us: This is a list of ten sentences that describes the uses of Premonition and how it both addresses the traditional shortcomings of encryption and expands the nature of managed secure information publishing. Think of the ability of managers to participate in and manage the process for business purposes.
1. Premonition cryptographically binds authentication, authorization, cryptography and accounting processes related to the transparent distribution of highly granular information across the Intranet and the Internet rather than just encrypting and posting files.
2. While traditional cryptography manages keys, Premonition eliminates the distribution of highly sensitive operational keys used with algorithms by distributing the rational justification related to the generation of those keys.
3. Where traditional cryptography isolates direct management oversight and control from operational process, Premonition rational labeling involves human managers in the management of operational, environmental and policy reasoning.
4. Traditional cryptography does not account for the differences in the role of publishers and authors but Premonition provides publishers highly granular cryptographic control of the security related to information and knowledge transfer.
5. With traditional cryptography the role of the security manager is considered a necessary burden to organizational staffing with the objective of assuring the prevention of information loss but Premonition upgrades the role of security manager to that of a communications manager dedicated to improving active organizational performance.
6. With traditional cryptography, managed information publishing stops with the protection of information, but with Premonition the cryptographic solution extends from the birth to demise of the information publishing process.
7. Unlike traditional algorithm bound cryptographic techniques, each and every Premonition key is bound cryptographically to rational levels of abstraction so that user permissions are independently authenticated and authorized.
8. With traditional cryptographic techniques the act of securing information is distinct and different from the act of publishing, but with Premonition they are the same.
9. Unlike traditional cryptography, Premonition is designed to support the resolution of communications and appropriate connectivity even when successful encryption or decryption is not possible.Unlike traditional cryptography which does not extend to the publishing paradigm, information secured and transferred using Premonition is always capable of authorized archived retrieval and is always accountable, and billable.
Copyright (c) 2001-2007 RDFollendoreIII All Rights Reserved