Fundamental to UXP Object Creation

 

Function

The UXP Identity contains and protects the empowering components that permit the UXP Object to be intelligent and proactive. The UXP Identity continues securing the UXP Object, once authenticated, while the data is in-use.

The UXP Identity is necessary for generating a UXP Object. In a protected format, the Identity houses the owner specified access and mitigation policies and a list of permitted users for a dataset. These policies and the user list (together, referred to as artifacts) are required to create the unique protection scheme within the UXP Object. Before a UXP Object can be generated, a UXP Identity must be present at the time and place when a dataset is protected. It provides essential artifacts that are incorporated into the process for constructing the protection scheme for the UXP Object.

File Format 

Once created as file, the UXP Identity Object appears as an inert, binary file showing an*.iic extension. This file type is unidentifiable unless proximal to UXP Technology libraries. It looks ordinary and nondescript on any O/S and can be easily designated as junk.

Internal Components

The primary differences between a UXP Identity and a UXP Object are that the Identity is uneditable and contains no customer data. Additionally, the UXP Identity contains two types of artifacts, public and private. Both types are defined and controlled by the process or person who creates the UXP Identity.

The following components are universal in the UXP Identity:

  • Policies
  • Permitted users
  • UXP Intelligence
  • File system
  • Header file
  • Metadata

Virtual File System

The Virtual File System stores and manages within the UXP Identity the following (including headers):

  • KCL Code
    • User Definitions
    • Policies
  • Public artifacts
  • Internal metadata
  • Other elements

Within the system, the files are segmented into pages. Each file is individually and uniquely protected with encryption and cloaking. Figure 2 below shows a simulation of an Identity’s Virtual File System.

KCL Code

The KCL Code is created when the UXP Identity is created. Acting as a light-weight executable embedded in the UXP Identity, this UXP proprietary program is written in a C-like language. As shown in Figure 1 on the UXP Object page, the Identity provides the KCL Code for the Object. The KCL Code is the UXP Object’s Intelligence.

Unique to each UXP Identity, the KCL Code consists of User Definitions and access and mitigation policies.

The KCL Code is also integral in the UXP Identity’s encryption key production.  The keys are randomly generated by the UXP Engine, another proprietary engine external to the Identity.

Additionally, the KCL Code manages all encryption keys internally throughout the UXP Identity’s life cycle. Keys are embedded unseen in the Identity and protected using a proprietary, recursive UXP protection scheme.

As an executable, the KCL Code requires proximity to UXP Technology, specifically the UXP Engine. The UXP Engine provides the executable environment for the KCL Code. Otherwise, the KCL Code sits dormant and undetectable in the inert UXP Identity.

For additional information on the KCL Code, see the KCL Guide.

User Definitions

User Definitions are embedded in the Identity and designated by the Identity owner. These User Definitions represent the static list of permitted users allow to access the UXP Object.

A User Definition includes:

  • Valid User (machine, process, human, or any combination)
    • Challenge Pairs
      • Prompt
      • Response

  • Optional device and location configurations, user specific

The User Definitions guide the KCL Code’s intelligent and proactive actions during initial authentication.

User Definitions in the Developer Guide are referred to User Credentials. More specific information on User, see the Workflow Guide/Section 1.8 User Credentials.

Policies

Policies are specific access and mitigation protocols defined by the data owner. Both access and mitigation policies center around behaviors designed to protect the UXP Object and its data. The KCL Code manages the policies within the UXP Object.

Policies are referred to as rule presets in throughout UXP Technology documentation. More specific information on the rule presets, see the Workflow Guide/Section 3.1.2 Rule Presets.


Internal Metadata

The Internal Metadata contains all the virtual file system data.  All other user-specific data is stored as virtual data files.


UXP Header

Every UXP Identity contains a header that allows the UXP Engine to identify the entity as valid UXP Identity. If a UXP Header isn’t found or read, then the entity is not considered a valid UXP Identity.


Encryption Keys

Standard AES-256 GCM encryption is involved in the UXP protection scheme, but the UXP scheme eliminates key sharing. The KCL Code participates in generating the encryption keys during UXP Identity creation. Keys are randomly generated without exposure and contained hidden within the UXP Identity. External key management becomes obsolete because the KCL Code manages the keys.