A UXP Identity Object is created from KCL Code. The KCL Code is generated in two ways:

  • Custom-design KCL structure
  • Conversion from an ID Definition originating from the ID Definition XML Source file

The UXP Identity Object contains integral components, or artifacts, that embed in the UXP Object. These artifacts include User Definitions, which are the permitted users, and policies. Together, these artifacts participate in generating the unique UXP Protection Scheme within a UXP Object. Therefore, the UXP Identity precedes the UXP Object.

UXP Identity Construction Components

The UXP Identity construction requires:

  • Owner-Defined Artifacts
    • Public attributes
      • Name
      • Address (optional)
      • Phone  (optional)
      • UXP internal metadata (these attributes are UXP Technology generated automatically)
    • Private attributes
      • User Definition(s) – the listed permitted Users (User Credential) for access to a UXP Object
      • Policies
      • Configurations(s) (optional)
  • UXP Technology Components

Owner-Defined Artifacts

These artifacts are a combination of owner-defined and UXP Technology-generated attributes.

As noted, two types of attributes exist:

  • Public
  • Private

Public Attributes

The public attributes are mixed set of details. Some attributes are automatically generated; other attributes are supplied by the UXP Identity owner/creator. Not all owner-supplied attributes are required.

After the UXP Identity is active and saved as a *.iic file, the public attributes can be seen on the OS as a pop-up. To see the pop-up, the *.iic file needs to be proximal to UXP Technology. Clicking the file opens the pop-up. This pop-up is called the ID Content page, Figure 2 below.

These public details include:

Private Attributes

The private attributes include:

  • User Definitions
  • Policies
  • Configurations

User Definitions: User Definitions are embedded in the Identity and designated by the Identity owner.

A User Definition includes:

  • Valid User (machine, process, human, or any combination)
    • Challenge Pairs
      • Prompt
      • Response
  • Optional device and location configurations, user specific

Policies: Policies are specific access and mitigation protocols defined by the data owner. Both access and mitigation policies center around behaviors designed to protect the UXP Object and its data.

Policies are referred to as rule presets in throughout UXP Technology documentation. More specific information on the rule presets, see the Workflow Guide/Section 3.1.2 Rule Presets.

Configuration(s): A configuration in the context of a UXP Identity refers to defining specific parameters for where data access is permitted. These include two types of information noted below:

  • Network location
  • Hardware / device

A configuration uses both information types to create a unique fingerprint using the device and location that locks down where data is accessed.

UXP Engine

The UXP Engine plays an overall central role in UXP Technology. The Engine participates in the creation of any Object type.

In UXP Identity construction, the UXP Engine manages the construction process.


The UXP Engine Libraries supply the constructing functions for steps 3a through 3d in Figure 1 shown above. These functions are:

  • Creating the empty special purpose UXP Object
  • Creating KCL Code from ID Definition
  • Loading artifacts into the special purpose UXP Object
    • KCL Code
      • User Definition(s)
      • Policie(s)
      • Configurations(s), such as network, device, location (optional)
    • Public information
      • Name
      • Address (optional)
      • Phone (optional)
  • Setting up the special purpose UXP Object internal metadata

P-Code Execution Engine

The P-code Execution Engine is responsible for step 3e shown above in Figure 1. The Execution Engine initializes and publishes the KCL Code into a UXP Identity Object. From here, the Identity is ready to use.

UXP Identity Construction Process

UXP Identity construction can be initiated using a wizard in the Workflow/Desktop Assistant or from a customized Identity generation process.

UXP Engine Library Functions

Step 1. Define ID Definition XML Source: The ID Definition XML Source file mentioned above in the introduction and Figure 1 is required to construct an ID Definition. Using *.xml structure is the recommended approach for creating an ID Definition.

The ID Definition XML Source is fully editable in this format.

Within UXP Technology, the easiest place to start is with a provided code sample called sample ID Definition *.xml.

The *.xml schema can be viewed in the Workflow Guide/Section 3.1.1 Managed ID Interface (MID). In this guide, the ID Definition is referred to as Managed ID.

Components within the ID Definition XML source file:

  • User Definition(s)
  • Policies (rules)
  • Configurations(s)
  • Public information

Programmatically, there are three methods for creating the ID Definition XML Source:

  • ID Library (utility within the Workflow/Desktop Assistant provided in the Developer Kit)
  • Sertainty Scripting (utility provided with UXP SDK – UXP Scripting Language, UXL)
  • Custom-built application using *.xml (sample ID Definition *.xml)

Step 2. Convert to ID Definition: The UXP Engine converts the ID Definition XML Source into the ID Definition, a binary format using C++ class objects.

Step 3. Construct and Publish *.iic from ID Definition: The *.iic construction from the ID Definition consists of a single function with multiple activities.

UXP Engine constructs:

    • 3a: The empty special purpose Object is created. Also, the keys and the internal virtual file system are automatically created.
    • 3b: The KCL Code is generated from the ID Definition.
    • 3c: The KCL Code along with the public attributes are loaded into the internal virtual file system.
    • 3d: The UXP internal metadata is set up and loaded into the internal virtual file system. The metadata includes general information (owner, creation date, sizes, etc), event table, credential support information, configuration details, and signatures.

P-code Execution Engine publishes:

    • 3e: The P-code Execution Engine initializes the KCL Code. The UXP Identity is now finalized and ready to be used in the construction of a UXP Object. The *.iic can be utilized in two forms:
      • *.iic file on disk
      • *.iic structure in-memory