There were several pieces of news last week that sparked my interest around my often-noted desire to see higher security around cloud and relevant applications. The first was the ongoing story surrounding the Sony PlayStation network being hacked and leaving millions of gamers vulnerable. This story clearly shows the need to have deeper levels of encryption and/or security to protect sensitive information. As a worse case scenario, imagine this same type of hacking to occur with an EHR/EMR system. I want to be clear: I am still very much a proponent of these systems and other networked-based systems. This recent example reminds us to think deeper into the issues rather than running away from them. More emphasis on examining the security dimensions of X.805 security architecture and then addressing them below the application layer down to the individual user; specifically, the use of biometrics and digital certification to provide better access control, authentication, non-repudiation, and privacy is necessary.
The second news story that caught my attention was the equipment used to accurately identify Osama bin Laden after his demise. Cross Match Technologies provided a hand-held device, SEEK II, which provided facial recognition, fingerprints, and iris scanning for the military. The quality of this product and the size of this product clearly indicated to me that using biometrics as the starting point to any identification, authorization, encryption, and tracking has arrived.
The digital “wax seal” that uses biometrics as the initiation for encryption and tracking mechanisms should be developed to improve supporting the 8 security dimensions. Essentially, any transaction that you plan to use in a network services application has the option of being encrypted and/or provided a digital “wax seal” of authenticity by using biometrics. That seal follows the transaction even if it is just storing information. The seal is also sticky in that it captures any system or person accessing attempting to access and /or use the information. My vision is that most information is encrypted thus for someone or some system to use/access the information, they must use their biometrics (for systems, it could be a machine identifier) to be authenticated to received the encryption key for access to the information.
The idea is straightforward; the computing and storage resources will need to be worked out to make it ubiquitous. The computing resources and storage capabilities are available today – decisions must be taken on deciding implementation and duration of the metadata generated by the digital “wax seal.” Other considerations that must be standardized include the holding authorities for the base information and how interoperability between systems and network layers is accomplished. Finally, I believe that IPv6 will needed to adequately characterize, categorize and transport the metadata needed to make this digital “wax seal” successful.
Given the incidences of hacking, the growth of network based services and the growth of relevant applications that will need to be secure, the time for solving the digital “wax seal” is here. I believe it is achievable so that many relevant applications can be used safely.