+1-603-836-4932
info@wwpass.com

WWPass Technology Overview

WWPass provides secure authentication and storage technology for businesses and consumers.

Safe Deposit Box

The core concept in a WWPass solution is the "Data Container", which is analogous in the non-computer world to a safe deposit box. Using a safe deposit box, a customer can store precious personal or sensitive items. When using a WWPass Data Container, a user can store valuable information in digital form. In real life, safe deposit boxes require two keys before they can be opened: the customer’s key (provided by the bank), and the bank’s security key. In the digital world, WWPass provides a unique digital identifier to every user (called a UserID) and another unique digital identifier to each Service Provider (called a SPID). This SPID is used by Service Providers that wish to authenticate their users.

The Service Provider may be a mail server, an on-line retail shop, a corporate web page, a kiosk, a bank, or any other application requiring authentication. WWPass provides a "safe deposit box" (Data Container) corresponding to each user registration at a particular Service Provider’s web site or application (i.e. for each UserID/SPID pair). To open this box, two digital identifiers are needed: first the user’s UserID and second, the Service Provider’s SPID.

So here’s how a WWPass-enabled model works for a website login:

  1. The User requests to be logged in to the Service Providers’ web site
  2. The Service Provider communicates with a WWPass data center and provides its SPID
  3. The Service Provider asks the User to provide a UserID to WWPass
  4. WWPass uses both identifiers to open the corresponding Data Container and passes its content to the Service Provider
  5. If the user does not yet have a profile with the Service Provider application, WWPass will notify the Service Provider of the login attempt, and the Service Provider will be able to create a new Data Container to store the new user’s profile.

PassKey

In the digital world, “keys” (digital identifiers) may be copied in the same way as in real life; if someone malicious gets a replica, it is possible for the user not to notice its existence for some period of time. WWPass puts enormous effort into preventing unauthorized “key” copies. UserIDs are stored in a special secure hardware device called a PassKey. These PassKeys are constructed with well-known "smart card" technology that is widely used in chip cards and mobile phone SIM cards. One PassKey and its associated password can actually replace many existing cards, keys and login-password pairs for a WWPass-enabled User.

Digital world: encryption & data dispersion

Encryption and data dispersion

Date: 2011/11/11     Length: 0:19

WWPass encrypts all data; every Data Container is encrypted with its individual cipher key. Thus not only is all the data stored by WWPass unreadable, but there is no single secret "cipher key" which, when revealed, decodes all WWPass information.

But WWPass goes further. In order to survive a single storage node breach, WWPass distributes the Data Container content over multiple geographic locations. Every Data Container’s content is converted into twelve unrecognizable pieces and stored at twelve different data centers. This is accomplished using the Reed-Solomon algorithm that was originally designed for highly robust data transmission. In the WWPass implementation of Reed-Solomon, dispersed data can be restored so long as any six of the twelve pieces are available. At the same time, if a malicious entity managed to gain access to less than six pieces of data, it would be impossible to restore any of the original data. WWPass uses the Reed-Solomon redundancy code (6,12) to implement this feature.

Zero knowledge policy

Zero knowledge is one of the main principles of the WWPass architecture. This principle means that all users are anonymous to WWPass, which has no knowledge of any data stored in Data Containers. WWPass asserts to its Service Providers that, "when the owner of this particular PassKey visited your web site previously, you (the Service Provider) asked WWPass to store the following bytes." Furthermore, IDs are not retained in the WWPass Core system, so it is impossible to find out the owner of a particular Data Container without a PassKey. Generally speaking this “zero knowledge” principle is the ultimate solution to insider security breaches and leaks (also known as back doors).

WWPass Applications

WWPass concentrates its efforts on core security development and prefers third-party Service Providers and developers to implement WWPass support into their applications. WWPass provides a fully documented interaction between the Service Provider application and the WWPass Front End. These documents are available in conjunction with PHP and Python libraries, along with examples, in a WWPass Software Development Kit.

To prove the WWPass concepts and to demonstrate the technology, WWPass has implemented services as well as modules for a wide range of web-based frameworks (WordPress, Zen Cart, Magento). These demonstration modules show that some common off-the-shelf technologies can be made more secure and convenient. WWPass’s flagship application is called PSS (Private Secure Storage). PSS is a cloud storage system based on smart card cryptography. It provides a high level of security and does not use any Web technologies to upload/download user files. The PSS application is available for the Windows and MAC operating systems. WWPass also provides a convenient way to sign and encrypt/decrypt e-mail, connect to VPNs, etc. with a PKCS11 library. Third party developers may use WWPass APIs and libraries to create User Terminal applications with WWPass authentication and secure storage.

For your business
Protect valuable assets at a fraction of the cost, attract security conscious customers
more
White Papers
More information about WWPass technology and how you can benefit from using it
more