Smart Card in the Cloud (SCitC) or Smart Card as a Service (SCaaS) is a revolutionary technology that forms a hybrid between physical two-factor authentication tokens and the cloud. The WWPass PassKey is an innovative product taking Smart Cards and online authentication to the next level. Advantages? Anonymity, smart card resiliency, cloud token administration, high security distributed storage, etc…!
Anonymity, Plausible Deniability
Unlike typical two-factor authentication tokens, losing your PassKey does not mean your security or privacy will be compromised. The technology behind Cloud-based Smart Cards dictates that all identifiable information be kept in an encrypted container protected using your WWPass Access Code. The encrypted containers are not even accessible by WWPass and thus you are solely responsible for the contents within (which is generally a very good thing as even the Cloud provider cannot monitor what is stored in your secured container).
The only decryption key is in your head, which you can always deny the existence of such a key ever being within your knowledge. With this architecture you can also utilize Plausible Deniability and claim that the PassKey is not yours and no one could prove otherwise.
The methodology behind the WWPass online authentication solution is unique in that a user’s identity can still remain hidden from the website to which he or she is authenticating in to; a massive overhaul to the modern authentication process. WWPass even provides “Service Providers” (websites or other online services) a mechanism to store highly sensitive information that the user has provided them (with proper consent) in a secure WWPass container that is only accessible when the user and the Service Provider are maintaining an active authenticated session. The implications of this process are truly unique because it puts all of the control in the user’s hands and not the websites’. The user can simply terminate the session by removing his or her PassKey and the secure data becomes unavailable to the website.
Smart Card Resiliency
WWPass introduced their flagship product as a KeySet which encompasses all of the user’s tokens. When you purchase a KeySet, it includes one PassKey (for everyday use) and two Service Keys (for maintenance tasks such as Pass Code resets and rebuilding of a PassKey if it becomes lost or fails). Essentially all of the keys are the same but the use of two of them at one time can perform all maintenance tasks on the KeySet. The idea as that you will want to have your PassKey on you at all times, a Service Key accessible to you (at home, in your backpack, etc…) and a final Service Key in a safe and secure area such as a locked safe or bank security box.
A PassKey can be reconstructed by using any combination of two keys but if only one key remains then it will have no redundancy but can be used as a normal day-to-day PassKey. Additionally, because of the nature of Cloud-based Smart Cards, you can easily buy a replacement PassKey or Service Key from WWPass to replace any failed/stolen/lost keys and they will immediately join your overall KeySet.
High Security Cloud Storage
After downloading the WWPass Security Pack software you may notice the WWPass Secure Storage icon in the Security Console. This application demonstrates the enhanced data security benefits of using Smart Card in the Cloud. The Secure Storage application is the virtual equivalent of your own personal bank vault hidden 50 stories underground in a private titanium bunker guarded by Jedi Knights… or something to that effect.
The overview of the WWPass security model is that by using your PassKey you can authenticate (using your Pass Code) into your own private storage container that uses high-grade encryption on all objects uploaded to the container. Retrieving files involves on-the-fly decryption of files that are only stored in plain text format if you explicitly tell the Secure Storage application that that’s what you want to do.
Hardware Security, Cloud Managed
The WWPass PassKey hardware comes in two flavors; USB (Gen1) or a USB/NFC hybrid (Gen2). Both utilize industry-leading security technologies such as Secure Element and Java Card. The cryptographic private keys used for encrypting and decrypting data and establishing secure connections are non-extractable by design and stored in a Secure Storage container (not on your physical hardware which can be lost or stolen).
If your PassKey was to ever be stolen or lost, it’s a simple matter to go to the WWPass Key Services website to deactivate the hardware tokens so they cannot be picked up and used (not that they would get very far without your Pass Code). Inversely, if you purchase additional PassKey or Service Key tokens you can also go to Key Services to join them to your KeySet creating even more redundancy.
What happens next…?
As modern technology evolves, I fully expect these hybrid Smart Cards to become more essential to data security in day-to-day life. The growing need for anonymity and advanced data security is indicative of a market shift in how people protect themselves when visiting websites on the internet.