All insured InterComputer solutions are built on the foundation of the InterComputer Interoperating System (IOS). The IOS runs on top of a standard Internet connection, integrates security and controls, and provides cross-enterprise identity and authority management. The IOS is our patent-pending, fully reusable core technology, which can be represented by the concept of adding and integrating layers to the traditional OSI model as follows:
Session Layer: This is the first “security relevant” layer. The purpose of this layer is to establish the organizational and individual identities of all involved parties to enable insurable identification and authorization. This layer makes certain that the upper layers in the model truly are the agents of the persons/organizations identified and authenticated in the system, and that the messages sent between them do factually represent the actions of those persons/entities. We use X.509 identity certificates in this layer–either our clients’ existing certificates or those we create at their request.
Presentation Layer: This layer defines the lexicon and syntax of what we are communicating, i.e., how the data is presented (XML). InterComputer’s unique adaptation of XML as a messaging protocol enables user-developed applications to “inherit” most of the significant benefits of the InterComputer InterOperating System.
Application Layer: This is the application or the context in which the data are presented. User-developed applications operating here can easily take full advantage of the security, transport and data structure features and benefits of the InterComputer InterOperating System. This capability makes deployment much faster and more cost effective.
Access Control Layer: This is the second “security relevant” layer. This layer uses the authenticated identity provided by the session layer to control access to data. This function is role-based, meaning in that access is governed by the digital role and not the digital identity. (This is, therefore, a Mandatory Policy as opposed to a Discretionary Policy. ) InterComputer’s identification/authorization/role delegation paradigm allows organizations complete control over the issuance and management of electronic identities and roles, all interlocked with a matrix of digital signatures. This requires three distinct people to create and delegate a fully-functional, insured electronic identity/authority to an employee: a manager to authorize the creation of the role, a manager to approve the assignment of that role to the employee, and the employee to accept the responsibilities of the role. This electronic identity/authority allows its owner to 1) authorize role delegation, 2) approve role delegation, 3) originate authorized messages 4) approve messages.
Legacy Data Layer: This is where the IOS translates between internal and legacy system data formats. Messages must pass the access control checks before reaching this layer, which automatically extends data base access monitoring to legacy data. The security policies of the Access Control layer apply to this layer and to native data.