..VirtualSAFE Authentication Authority (VSAA)

Virtual Identity
Strong User authentication is a secure process involving the creation of a Virtual Identity, based on User residence and jurisdictional or multi-jurisdictional requirements. A Virtual Identity is based on a secret known to User only, a shared secret, and some physical material such as dual user-unique certificates, to guarantee confidentiality. User’s Virtual Identity is not accessible by the VirtualSAFE administrator, since the information is disclosed and encrypted, and can only be re-assembled by the owner of the Virtual Identity when the appropriate credentials are presented.
User’s data is accessible by a third party only if User has signed legal consent, or access is triggered by User’s Power of Attorney. This process is equivalent to a conventional process involving a bank safety deposit box, where the user has one key and the bank has the other key. Both are required to unlock the information before proceeding with the transaction in a manner that is both anonymous and accountable.

VirtualSAFE Deposit Box
VirtualSAFE Deposit Box is a repository of User’s information, stored in a dislocated and encrypted format, employing an algorithm known only to User, or his/her Power of Attorney. The assembly of data is possible only through a process of triangulation of disclosed data, according to User’s unique and private key algorithm. All transactions and access are digitally signed, and the time stamped, for future compliance and audit control by the Power of Attorney.

VirtualSAFE Intelligent Lock
VirtualSAFE Intelligent Lock represents an intelligent lock policy that enables access to User’s dislocated and encrypted information, using different encryption standards (i.e. RSA, Elliptic Curve [Certicom], GOST, and others) in the same transaction/session. This process is virtually based and it is similar to the assembly of a number of pieces of a puzzle, enabling a high level of security and strong authentication.
The gluing mechanism between diffracted digital certificates allows different users and business units, or departments, to share ownership contractually according to signed consent. To ensure the privacy of transactions, VirtualSAFE uses a triple policy-driven multi-algorithm and a strength-encryption algorithm to protect User’s information. The algorithm employs User’s unique VirtualSAFE public key to encrypt the data that is then digitally signed and encrypted by VirtualSAFE. Based on policy, the encrypted data is communicated over a true SSL link to the VirtualSAFE AA.

Power of Attorney Consent/Escrow
Managed legal consent is a process digitally signed and time stamped by User. It delivers all contract parameters between parties within a contractual organization and/or project hierarchy. Some of the contractual attributes and values are description, limitation, and validity. Key escrow uses the standard VirtualSAFE triangulation process to aggregate dislocated and encrypted multi-key data, using known contractual principles of data ownership.

..VirtualSAFE Attribute Authentication Authority (VSAAA)

Over a remote network, VirtualSAFE™ is configured as a VirtualSAFE™ Attribute Authentication Authority which provides an access control portal to sensitive applications and data management facilities, hence enabling a secure end-to-end extranet for maintaining authorization, authentication and accountability of all external users or applications. It is based on the VirtualSAFE™ process, digital signatures and optionally zero footprint certificates. Strong User and application authentication via VSAA directs, controls, and audits access to sensitive resources to any level of granularity, conforming to the industry-wide ISO 8583 standard. The VSAAA is configured to enable existing applications to comply with privacy legislation worldwide, delivering unanimous, auditable compliant data for government regulators and reporting without extensive change to existing applications. Applications run by users, businesses and governments provide audit data for all digitally signed delta changes at the user, business and government premises, and escrows encrypted pre-signed codes in a VirtualSAFE™ proprietary process of dislocation using standalone or group administrative authentication strings. Access to user, business or government portal is authenticated by VSAA and is typically a separate internal or external user access authentication process. Audit repositories are required to have links between VirtualSAFE™ and the audit application, proxy VirtualSAFE Deposit Box, and are installed at the user, business or government location. The user's, group or application VSAAA will store transactional codes, and data referencing transactional content. VSAAA will continuously monitor all delta changes and match them with the stored data in the user's, group or application audit repository. A VirtualSAFE application agent has only one task, which is to send existing application changes to the VirtualSAFE Audit Repository to match the session data with the application data. Any activity unmatched with the audit data will trigger an error message and terminate the present policy driven sessions. The system will notify the VirtualSAFE administrator and the user, business or government for future processing. The Audit Repository will have the option to terminate all or some sessions or forward the user, group or application to VirtualSAFE for additional authentication.