A Zero-Trust Identity Model for Modern Security

Kurt Milne, Chief Marketing Officer

Redefining trust in the world Gene Rodenberry envisioned for us.

Today, we have talking computers. But username and password that authorize our digital activity still hasn’t really evolved. Without redefining trust -- Gene's vision remains crushed under the weight of uncertainty and crime!

Kirk and Spock had it easy

Gene Rodenberry envisioned a future Star Trek world where people were enriched by the boundless accessibility of a talking computer. But, that world isn’t what we have today. Instead, we have boundless obstacles fighting the headache of security solutions that are a bolt on mix of access controls that evolved over time.

In the mainframe era of green screens and punch cards during the 1960s and 70s – security was enabled by physical access control since users could only get to the data through the physical terminal. Username and password were invented because multiple people shared access to a terminal. That was largely adequate for the time.

Then, client server computing happened. The Internet happened. And finally, the Smartphone happened. Now you can interact with any other connected computer on the planet, from your desktop, tablet, or your phone. All the while, entirely new business models of eCommerce and social interaction have transformed our society, yet the security gates and controls used for individuals to enroll and identify themselves to these powerful digital platforms haven’t evolved much. 

So, while eCommerce and social interaction now flourish online and on mobile, so does the identity theft and computer fraud. It turns out the incremental changes in security are proving to be not at all adequate for the current hyper connected era.

We now have talking computers just as Gene envisioned. But, because the technology we use to verify our identity and authorize our digital activity hasn’t kept up – A Star Trek reality remains crushed under the weight of uncertainty and crime. 

Incrementalism is not enough

Many companies and government agencies now require second factor (2FA) or Multi Factor Authentication (MFA).  From a security and control perspective, that incremental improvement is better than relying on just username and password.  But, with so much time and effort put into digital transformation, 2FA/MFA makes it harder for users and can reduce digital engagement.

I believe to optimize digital engagement and realize the vision that Gene set forth in Star Trek – while also reducing fraud and crime -- we need a fundamentally different approach to authorize trusted people and devices to interact with digital platforms.

Fundamentally different approach

Armor Scientific’s mission is to change how users and devices are added to and interact on a trusted network.

The Armor cofounders were successful in past roles creating and selling cyber security solutions. After talking to 100+ customers about their specific needs, they realized a new approach was needed to establish trust between users and digital platforms.

They were inspired by the idea of bringing high assurance to someone’s individual identity, and combining that with a shared consensus authorization on a distributed ledger as a trust mechanism. Armor Scientific was lunched to create a solution that quite simply makes legitimate access easy, and illegitimate access untenable.

After five years of bootstraping and angel funded operations, we are excited to announce the Armor Platform. It is a solution that includes a combination of Digital Identity Token for users, and a cryptographic and blockchain enabled Trust Domain. 

Armor Digital Identity Token - derives a user specific picture of trust based on numerous factors - behavior, biometrics, GPS location, as well as prior successful enrollment and consensus authorization by other devices in a Trust Domain. With a high assurance of each individual’s identity, our customers can create a comprehensive picture of risk - what they know already (signature), what they can learn (AI), what they can learn from others - IP reputation, domain blacklists, 3rd party data feeds (credit, prior fraud) and their own security resolutions.  

Armor Trust Domain – include continuous cross verification and authorization, and cross-protocol inline integrity check. When any part of the Armor Platform is deployed by a customer, a cryptographic seed initiates a private Trust Domain to which all subsequent verified users and devices are joined to. No trust is given outside the Trust Domain. And, within the domain, a baseline of trust is established upfront.

In the Star Trek vision of the future, when someone talks to the computer, the computer doesn’t reply with “Who’s talking to me? Do I know you?” That fact was previously established.

With Armor’s solution, consensus verified identities of users and devices creates trust, that is the foundation of a communication fabric over existing infrastructure.

The Armor Assurance Domain provides a one-way publicly verifiable ledger (meaning all identities and devices belong to a common Assurance Domain) which gives our customers an immutable record to prove if someone is or is not responsible for any specific ledger entries. By providing a double or single-blind trust relationship, any two previously verified people or devices can communicate without necessarily needing to know personally identifiable information about each other, while still guaranteeing the integrity of both parties. Each can hold the other accountable by virtue of their contract and nothing can be added to it without prior express agreement, though either can choose to remove their own grants.

The Armor approach is transformational – and is the key to cross-platform digital engagement – across applications, digital and physical platforms, and IoT devices.

We make the Stark Trek vision a reality today: safely, securely, and simply.