New Internet Secure Architecture.  


Internet Business Model - Integrated Management functions Architecture.


COPYRIGHT 27 February, 2005, Last update 11 February 2013


Don E. Sprague; The IBM Information Network/Global Network Business Model Architect.  


Introduction:



We can not have good security if we do not know who is supposed to do what.  That means, great security begins
with a detailed registration process to provide comprehensive information about each user and the connections they
approve.


In the past, there were different communication methods or languages for the many Value Added networks.  They all
adopted a common communication language and became Internet Service Providers.  They did not adopt a common
network management structure.  This architecture provides a common network management structure that all ISPs
can adopt.



Anything that can be recorded electronically can be delivered electronically.  That phrase was originated in 1980
and it was the basis for the Architecture and Business Model that became the IBM Information Network Business
model in 1984.  



The Internet is a somewhat of a limited intelligent operating network.  The network’s device information is organized
and shared across ISPs. However; detail information about users and other non-network things is disorganized in
distributed databases. That makes it a disorganized distributed database. When the network management functions
are structured,   information about people and business will be organized so security and ease of use can be
realized by default.  



Security, ease of use and revenue come from a registration system that feeds an inventory that controls usage and
provides reports. Consolidated management functions allows both business and individuals to control their
information.  



When the management organization process is completed, then:
- All users and destination are properly registered using a common registration process.
- All users and destinations have a secure ID vault that they use to controls their access.
- Information owners control their information using their access vault.   
- Access is through owner approved trading partner registration.
- All applications are registered and approved by the device owner,
- All trace or tracking applications are registered and approved by the user
- Cookies or such are NOT allowed on any device. A substitute for cookies is acceptable.
- An instruction to execute an application in an email can only invoke a previously installed application and the user
must be notified and allowed to approve the application initiation.





Cyber attack display and prevention.


A cyber attack is an unauthorized connection attempt between electronic devices.  To determine if a connection
attempt is unauthorized, the information about all authorized connections must have been recorded electronically.


The very best display tool can not display information that is not recorded electronically.  Once the information is
recorded, it can be displayed by virtually any display tool.  The issue is how to get what information recorded.


Information about an attack basically has three phases:
- Planning before the event,
- Execution during the event,
- After the event activity.


It is good to display or report information about attacks that happened in the past.  It is best to display information
about attempts while they are in process but are being prevented.  


The issue for displaying any information is to get it recorded then reported electronically.
- To record information about authorized connections requires each user and application to be completely and
accurately registered.  
- Once they are registered, communication partner agreements can be established.  
- Any attempt to establish a connection is compared against the approved tables or lists.
- Any attempt that does not match the approved list is an attack attempt.  
- That attack attempt can be prevented and displayed realtime and later in reports.


To further reduce attacks, the operating system should: 1) not allow code in a file or email to execute with just the
depression of a key, and 2) not allow an application to execute code that is not a resident part of the existing
installed code. The operating system should always display a warning that some application is requesting to run or
be installed.  An email or file of any type should only be able to request that an existing installed application displays
information in the file or email.


The detail registration and reporting process is defined later.  


NOTE: Before code was installed on machines to allow remote installation of code or remote control of the computer,
there was no way for external takeover of a computer. All openings can be removed or controlled to only allow
authorized takeover.





New vision:


In the future, there will not be cables in the house.  There will be a secure router at the cable end where it enters the
house.  Cell routers will emerge as cell capacity is expanded with revenue from cell TV/radio. Most if not all
computers in the house will be wireless to the cable or cell router.  Desktop, laptop, TV, and cell phone are equal
devices. Any device can be the master that controls the others. All TV’s will have WIFI so the cable or satellite
control box is not needed.  All TV and radio will be transmitted on the Internet or Phone Company Line Layer
Protocol as just additional streaming content.  They will be original programing with commercials making them like
original free TV over the air except it will be over the Internet or Line Layer Protocol.  Full Cell/wifi Internet Radio and
TV will obsolete existing functions of cable and satellite TV and FM/AM and satellite radio. Cell/wifi Internet TV/radio
will have commercials that the user can interact with.  Traveling users TV and radio stations will have commercials
for the local area as well as national.  The commercials will also be tailored to the user based on their user selected
priorities.  When a traveling user tunes into a national or international radio or TV station, the continent will be the
same regardless of where the user travels in the cell or wify network.  The commercials will be both local and
national. Local commercials will be based on the user location when commercials are presented.  Users will be able
to interact with commercials to ask for directions or even order a product.  


Computers in devices such as Microwave, automobile, clock, and light fixtures will also have WIFI to the house router
on the end of the cable or cell router and will be accessible via the Internet.




Relationship vision:



All computers are basically the same.  Input, process, and output applies to all of them.  A Cell phone. a laptop, a
desk top and an HD TV are all computers that are the same but slightly different.  Likewise, all connections of all
computers are basically the same.  Hardline and cell phone and wifi are basically the same only slightly different. All
computers can use the same software and connect to any other computer through the network.  Any type of
connection of any device can allow communication to any other device through any other type of connection.  All
data communication rides on top of the voice network.  Voice over IP is Voice riding on IP that rides on Voice. Today’
s voice network is a computer network that routes voice that was converted to bits and computer bits from any origin
to any destination.  Thus, IP is a data layer on top of the voice data network.  The phone companies could
implement a Line Layer Protocol that eliminates the need for the IP layer.  That is: all devices present bits to the
Line Layer that routes them from entry to exit point. For example: smart phones convert voice to bits.   Really smart
phones recognize words and convert them to their computer readable value.  



NOTE: This is somewhat of a natural elaboration or expansion of the basic concept that was in the original 1987
“Operating Intelligent Network” invention disclosure.  That paper described the machine to machine network
communication.  It did not address comprehensive network management detail.  Additional parts of this are a natural
extension of the 1987 “Computer Shorthand” invention disclosure.


NOTE: This detail structure and vision was initially written in 2005. The single logon concept was used in the IBM
Information Network in 1985.  It was lost when TCP/IP was adopted by all the commercial services providers.  I
advanced the renewed call for a single logon various times since 1996 in online forums and request sent Microsoft
and Yahoo and other ISPs. Parts of this detailed architecture was shared with Johan and Mykael Lourens in 2010.  
Part was shared with IBM in June of 2012.  Part was shared with Merchant Customer Exchange on 12 Sept, 2012.  






Overview:


All users and business want improved security and ease of use. The government wants a method of displaying and
preventing cyber attacks.  Merchant Customer Exchange (MCX) is an effort by many merchants to implement a new
Mobile Payment System.  All networking parties have the same requirement for information about users and
authorization for interconnections.  The requirements for all mobile, wireless or hardline connections are the same
requirements for any online transaction. Once any communication path is approved and established, then it is just
another online transaction session.


When user information is organized, the original or master source resides in the users machine for users and in a
business application for businesses.  All access is granted based on contracts or approvals found in the user vault,
the business application vault and the ISP vault.  Some user information will reside in the network.  The user vault
performs a function that is similar to a combined Quicken vault and the OpenID single logon.  Both of those are
similar to the first single logon that was delivered in the 1980s at the IBM Information Network.  There was a
registration process to setup the capability for machine to machine communication approval.


The user vault is a single place where users manage all their information.  All information is much more than Ids,
passwords, name and address.  It contains  “all” the stuff about a user including the date they were born and when
they purchased their cell phone or car. It includes but is not limited to, name, date of birth VIN numbers and
medication.  Any and all information the user needs to keep track of is included in their vault.   



Record once then share when appropriate.  


Today, people must enter much of the same information each time they sign up for a new service.  Users have
entered the same information thousands of times.  It could be recorded once then shared when the user approves.  
A secure information vault enables a single registration and logon to old or new services.  


NOTE: all information about people is already recorded many places.  The typical user does not have all their
information recorded at one place.  This process helps users organize and maintain all their information in a secure
place.  Once the users have all their information recorded, they do not need to reenter it but can share parts of it
when they choose.   


- A secure vault along with the secure single logon concept makes all security authorization and reporting easier to
implement.  We know that existing registration processes are not adequate.  The ISPs and business and users and
the government and and MCX and Quicken and Single Logon all require a comprehensive information vault for each
user that includes detail end user identification and communication approval tables along with their single logon.  
Today’s openID is adequate for social sites and news outlets.  It is not really adequate for financial and business
activity.  If openID was really good for financial use, it would be the preferred way for me to logon to BOA and other
financial services.  


- To be a valid business, financial and security tool, the single logon requires a complete real registration process
that is acceptable for all business and financial activity.  To get an open ID, I provide some basic potentially fictitious
information but not necessarily any verifiable business and financial information.  Security needs a single logon
registration process with legally acceptable identification and financial information.  







Background:


Since the beginning of computer use, people have been concerned with revenue and security.  As more people
began to use computers, they became concerned with ease of use.  The original 1980 Electronic Customer Support
Business Model and implementation was to address connectivity and transport. It was not specifically to address
network management issues like security, usability and revenue. Those things were implicit in the original physical
architecture. This new architecture explicitly provides a simple structure to consolidate the network management
functions.   



You can’t have good security if you don’t know who is supposed to do what.  This business model includes the
registration of users in an integrated inventory that allows control and reporting.   There are many isolated
management structures today.   They need to be integrated just as the physical network components were
integrated after the original architecture was introduced.  



In 1980, the issues of networking presented a business opportunity that changed the world. There were millions of
users on thousands of isolated networks. There was no structure to interconnect all the users, applications, and
networks. That is when the Business Model that led to the Internet was first written to address the business
opportunity.



Today the conditions are ripe for an Internet Business Model with integrated management functions which will
provide enhanced security, simplify usage and revenue built in. Just as networks were isolated in 1980, today there
are many isolated security, and usability schemes generating differing revenue streams. There is a simply solution
for today’s issues just as there was a simple solution for the networking connectivity and transport issues in 1980.


The solution will:


- Provide significant increased security,
- Simplify Internet usage resulting in increased satisfaction and expand business opportunities,
- Provide significant cost savings for users and increased revenue to business
- Cost relatively little to develop, install, operate and maintain.



What devices do what things?


If it’s a computer, it can be connected to the network.  All sizes of computers are still just computers.  A cell phone is
just a smaller notebook that is just a smaller laptop that is a small portable desktop that is just a smaller mainframe.  
They all work with zero and one. A large wall mount TV is just a larger version of the small TV in your cell phone.  All
the computers in your office or house or car are just computers that you could access from any other computer.  


Any computer can do the same stuff that other computers can do.  Your big screen TV can be a cell phone.   Both
can be connected by cell, WIFY or hard wire.   They can all use the same software.  Any communication device can
use any communication path or method.    When cable is installed at a pole outside the house, the cable can be
connected to a WIFY router, a cell router, or a cable to the house or business.  That is; the cable does not need to
run through walls to connect to a device,.  


We don’t need to run cable throughout a house or business.  We only need to allow all devices to securely and
wirelessly connect to the network to communicate with any other device on the network. All TV, printers, laptops,
desktops and so on can connect wirelessly.  


Everything must be in the online inventory.  Actually there are many distributed components of the inventory.   It just
a matter of how and where things are included in sub components of the overall distributed inventory.  Then it is just
a simple matter of when and how who gets access.



Who is allowed to do what?



Everything there is to know about people is already recorded at many places and delivered may ways.  However; it
is not all recorded at one place for the user to access and control. When users organize their information in one
secure place, they can control and share it as needed.  They can define connections that they approve.  Users can’t
have good security unless they know who is allowed to do what.  That means, good security requires good
registration, directory, and reporting.  



There is great value derived from user information.  When product providers know about what people have been
doing, they can make products to meet existing consumer demand.  When they know what people plan to do, they
can make better products to meet future demand.  Better products at lower cost is good for everyone. Thus, people
have an incentive to share the appropriate information. The sharing does not always need to include the users
name or individual identifier. It can include just demographics or it can, when appropriate and approved, include the
users name.



Users can easily record all their information in their encrypted inventory database.  The user must be known by their
inventory database.  They can be known with just an ID and password and they can also be known by their voice or
face or by a one time token password that is sent to the users.  



NOTE: The network does not enable a person’s mind to be creative. People were creative before the online network
and before telephone and before the interstate highway system.  The modern communication tools allow creative
minds to share information faster.  To have creative freedom does not mean that people can do illegal things.  It
does not mean that people can invade the privacy of other people or take information about them that is not in the
public domain.  The advent of computers and their interconnections does present opportunity to use computers in
different ways.  People can invent new ways to manage information.






When user and industry information is properly recorded electronically, it can be properly distributed.  Users can
enter the information once and share it as they approve.  When this solution is fully in place, a new user can easily
establish all their electronic communication relationships.


The new user can simply sign up for the secure information database and enter their information once.  Then they
will initiate the automatic activation of all their electronic communication connections.  


Using automated registration for standard security:
- The users secure inventory database imports the users favorite list and or bookmarks.
- It talks with the master directory to find all their destinations that have setup their secure database.
- It communicates with each target and initiated the Secure registration process.  
- It displays each target applications approval request with all appropriate information automatically filled in.  
- The user selects:  I approve in the terms and conditions electronic approval box for each individual communication
partner.  
- The secure communication registration for all standard targets is complete.  
- ID and password maintenance in Standard security is automatically performed.


E-Wallet using Standard Security can be included in users Standard security online setup if the destination has an
online E-Wallet activation box.  
— The user clicks to activate E-Wallet and accept the terms and conditions.
— The destination application sends a setup approval form to the cell phone.
— The user selects the approval box on the cell phone.
— Standard security E-Wallet setup is complete for the users communication with that company’s cell phone or
WIFY connections.  


When a person walks into a new store, they can easily just press a couple of buttons on their phone to activate their
secure ID and E-Wallet with that new store.  They don’t have to reenter all the registration stuff for every new store
they go into.  Users don’t need different applications for each store.  


In just a few months after this is generally available, stores will put up signs announcing that they use Secure ID.  
They will ask their customers to sign up now. That will replace their more expensive efforts to get their customers to
sign up for the stores demographics tracking.  


In just a few years after general availability, the cash register paper sales will have been cut in half.  Most people will
use their Secure ID and E-Wallet for all their point of sale and online transactions.  


If a user finds a new site online, they simply select the link to activate the secure ID connection with that new trading
partner.  They don’t have to reenter all the registration stuff for every new destination.


The users must be able to trust the destinations.  That means that all business must also be completely registered.  
Before a user approves a trading partner entry, the uses must be able to read the business registration
information.  The user and the business have one real bit value address that is identified in the registration and
trading partner approval.  



When a person purchases stuff, other business like to know so they can sell their competing stuff.  When we dine at
one place, others places want to know what we ate.  Even the grocery stores want to know what we ate.  They want
to sell us their stuff and they want to know why we did not purchase in their store.  



That is a snapshot of the process.  It is defined in more detail later.  There are three levels of security:
- Basic security,
- Standard security,
- Top security.


Al three require the same registration, inventory, security, and reporting services.   


NOTE: A site can allow unregistered people to access the site for viewing only.  When properly setup the view only
access user is securely separated from controlled access areas.



There are automatic registration processes for both Standard and Top security.  All three levels have manual
registration processes.


Users control their inventory database.  It is encrypted on the users device and can be loaded on a portable device.  
A secure encrypted online copy is maintained by the users ISP.   In the event the user needs the backup copy, it
can be accessed and downloaded by the user after the user passes the backup retrieval approval process.  


When any application is running on a users machine, the users inventory knows.  NO application is allowed to run
without approval from the users inventory database. Things like Cookies are not needed and can be eliminated.  A
potential substitute can be an indication that the users machine maintains in the users inventory database. The user
has access to view and or delete the substitute.  Business does not have access to the cookie substitute unless the
user allows their inventory to share the information with the business.  



The users secure inventory database should have user management screens that your grandparents can easily
understand. It must allow users to control the sharing of their current and past activity related to purchases or
viewing or navigation on both the electronic highway and the concrete highway. It must allow the user to enter
information about things they are considering purchasing or doing on either highway in the future.



Demographics data inside and across ISP operational directories can be sold in two forms.  
- Each ISP can sell the data generated on their service.   
- Each ISP can sell advertisements in their image of the directory.  



This is a base service that will make other services easier or possible.   For example, the secure ID directory makes
the Secure E-Wallet possible. The idea of E-Wallet was defined in 1996. That disclosure described the need for a
single device that can be the users cell phone, e-wallet, their access to their smart house and all other PDA
applications. One device to open the garage door and turn up the heat after paying for groceries on the same
device.  It will also control the TV and home entertainment such as TV. It seems that those things need the secure ID
vault to really work.  



This process levels or equalizes the Internet.  All applications are equally easily accessed.  Business or users can
have a single site without the need to duplicate portions on several different platforms or supplier sites.  For
example, parents can have a family site with kid pages with simple secure parents control over access for any family
member or friend.  



All users and application owners should enter their directory information and easily make updates to their directory
as needed.  Users need to establish their communication partner approvals in the directory.  A typical
communication partner should not change anything on another users computer. That means, the application is not
allowed to add cookies or make any other change to the users machine. The doors for the remote finger must be
closed.  



The entry transport ISP communicates with the users directory vault to establish the entry connection and allow
transport to approved destinations. Entry transport ISPs records and reports of user activity can be displayed as
appropriately needed. Sharing some of the report data is of value to the users.   It allows users and advertisers to
match information to appropriate users which allows lower product costs.


All users and application owners identify what information will be public and what will be exclusively shared.   All
information labeled as public will be in an open or public directory.


Typical application owners want a significant public entry.  There is a free basic entry and levels of fee entries.  
There is a user controlled directory search sort capability.  The free directory search sort is prioritized by the user.  
A fee directory display is on a side bar and is based on fees paid to advertise.


All applications are equal.  There is no hierarchy with one being a focal point or control over others.


All public directory entries include the users shorthand names and real bit address.  That is: “don@myplace .what”
has the bit value in the next field. When users or application owners approve communication partners in their vault,
the shorthand name and the real bit value is included in the user and application owner communication partner lists.
The real bit address and shorthand name is compared in the users vault and in the ISP entry portal vault.  This
reduces the capability to make phony shorthand names to fool users or directories.  The communication partner
entries include identification of what the communication partner is allowed to do.  




Business Model


Simple any to any “when authorized” is the business driver.  The original 1980 business Model drove the activity to
get the “any to any interconnections”.  This model drives the “easy when authorized”. People want easy but secure
access to information about products as well as friends and family.   People know that ease of use can compete with
security and confidentiality.    


There are two aspects to the business model:
- Commercial services,
- Social services


When users have easier, safe and confidential access,  they will use more services and more willingly voluntarily
share information with business.  That will result in better target marketing which reduces advertisement cost.  


User control of access to their individual social site equalizes the network and liberates people.  They can have
individual social sites that are easily accessed by anyone the user approves.


Business wants information about users behavior which can translate to revenue and sales. Business and users do
have an interest in keeping some things confidential. Although user and business information is being recorded
electronically, they have a right to limit electronic distribution of the information.  


Business and consumers want lower cost:


Both consumers and business benefit from wider distribution of information.  When companies know more about
consumers, the business can make better products to fit the consumer demand.  When consumers know more
about products, they consume more of the best price performing products. Information sharing benefits the
consumers and business by enabling lower cost to manufacture, sell and purchase.





User perspective


Nobody does anything anonymously on the network.  All of your information is already recorded many places.  Each
time you sign up for a new service, you must reenter the same information. You could record it once in your secure
vault.  Then, when you sign up for a new service, you don’t get another ID and password.  Your secure vault does it
for you.    


You like social networking but don’t like to lose control over how your information is used.  With secure vault, you
can have your own social network site on any service provider that is seamlessly linked to your friend and family
social sites. You can easily control who gets to see various parts of your site.  Nobody uses your name to do push
marketing to other people unless you chose to allow then to do that.  You push your connection to just the people
you select.  


You can be in the public directory or you can keep it private.  


With secure vault, you can use the highest level of Internet Security.  You can prevent the use of cookies. That
reduces the exposures that enable unwanted spy ware or malicious code infecting your machine.


Users can easily change their own trending product or service interest areas in the directory.  That allows the paid
advertisers to be prioritized based on the users trending interest.  If a user does not create or change their trend
interest, an email can be sent to the users explaining the benefit of updating their interests.



Project mission:


The purpose of this process it is:
- To enhance security and simplify tasks performed by user and service providers.
- To provide optimum information management and delivery for users and service providers.
- Enable users to control communication partner authorization tables.


Which will:


- Increase users access to more business and social destination because it is easier,
- Increase business sales because of simplified user registration,
- Provided revenue to the directory and security vault operators and transport ISPs.
- Flatten the network to equalize applications    



The Problem:


Users seek ways to simplify the complexities of using ever growing numbers of online services while business and
individuals seek greater security to protect confidential data. Business seeks more information about users while
users and business seek ways of maintaining privacy.  


The first rule about IDs and passwords is: DO NOT write the ID or password on anything.  That means that almost all
users are violating the first rule for every ID and password they have.   The second rule of passwords is to make
them unique for each destination.  Typical users have dozens if not hundreds of destination and they use the same
passwords. That means that the typical user is also violating the second rule about passwords.  Very secure
destinations require the passwords to be changes on a regular basis.  Some even require a token device or send
text messages with individual use passwords.


It is very difficult to know the truth about how safe a trading partner really is.  The more information you can find out
about a business, the safer you are when you agree to do business with them.



Background:


The internet does not exist just for users convenient access to information and to do social networking or just to
facilitate business.  The Internet exists because of the need and cost benefit from the electronic collection and
sharing of information. The original business model says: ”Anything that can be recorded electronically can be
delivered electronically and any user can share information with any other users when authorized.”  Those two
concepts: any to any, when authorized were originated in 1980 when the Internet Business Model was created. The
Internet Protocol that was globally adopted in the mid 1990s does a good job of transport but does not adequately
include the required global interconnected: - registration, - directory, - reporting and - security services to limit
access to be only when authorized by users and service providers.


The Internet is somewhat like the Wild Wild West or a potluck buffet in the park. Although the Internet Services
Providers deliver well defined interconnected global network transport services, there is a myriad of disconnected
user directory information and security schemas.  The directory and security services are basically disconnected
today as the networks were in 1980.  


Although some people think there is privacy, that is not true. The Internet is a massive dynamic distributed database
that includes information about users.   



Information sharing benefit:


Users and business benefit from sharing information about each other. The cost to deliver products to users is
reduced when business has better information about users.  The task of finding products is simplified when users
have better information about business. Information is power and money.  The biggest cost of the Internet is the
access and backbone transport. Some of the biggest revenue of the Internet is captured by a some destination
application providers who give away low cost host services but sell demographics and usage data about users.  
They also sell advertisements to users.


Solution


Secure Intelligent Internet Access vaults that contain registration, directory, reporting, and security services.  The
vaults reside on the end points and in the Internet Services Provider transport access entry point (aka at the
telephone company entry point). The management of trading or communication partner access authorization is
performed by the users and the ISP access point.


The vaults at the telephone company entry access ISPs will have the most comprehensive user demographics data.
Users can authorize and manage the sharing or sale of that information on an individual basis.  This is accomplished
through a comprehensive ISP entry registration process.  The registration feeds the comprehensive uniform
directory.  Usage data is uniformly recorded.  The authorization to communicate is managed based on the
communication partner defined approvals. Various reports show the usage activity.   Entry point ISPs have the
capable of sharing the various information when appropriate. The ISPs can sell the demographics and other
appropriate data to reduce cost of a simplified and more secure network.  




After a simple registration, users will have a single Internet ENTRY ID that is tied to all authorized target applications
and services through a secure vault.  Three levels of security are defined:
- Basic - vault,
- Standard - intelligent data sharing linked vault, and
- Top security - standard intelligent vault and smart phone token image and voice matching.


For all three levels of security, the users select a secure bookmark or favorite. The secure favorite vault passes the
ID and password to the destination.  For basic security, code resides at the user desk and at the Internet Access
Service Provider.  For standard and top security, additional code resides at the destination.


NOTE: A site can allow unregistered people to access the site for viewing only.  When properly setup the view only
access user is securely separated from controlled access areas.



Additional future enhanced secure ID services:


Secure cell E-wallet
- E-credits, debit cards.
- Single electronic demographics store card aka nuisance card.  
- E-receipt,
- E-coupon




Secure ID allow an automatic connection between a users mobile device and a stores fixed device. Any device can
hear other devices that come close.  A store has WIFY that any computer can talk to after they logon. With Secure
ID, the user can simply walk into the store WIFY range and there is automatic logon to do approved business if they
have previously agreed.  The agreement can be store chain wide or store specific.  The agreement can be tied to
the store’s frequent buyer demographic “nuisance” card.   


Cell E-wallet use secure ID vault app components on the users cell phone that communicates with a secure ID app
components on the store Point of Sale machine.  The Cell E-wallet takes the place of credit and debit cards.  Cell E-
wallet works in conjunction with existing credit, debit and demographics services  that use secure ID and Cell E-
wallet. The demographics cards are nuisance cards because a person can have dozens of the cards.  E-Wallet
eliminates the many by replacing them with one E-Card for demographics and store discounts.  One cell phone app
serves as all of the users credit cards, debit cards and in store demographics and discount cards.  The user phone
Cell E-wallet app communicates with the store counterpart to easily sign up for the store demographics card.  No
forms to fill out.  Just select OK on the E-wallet.


The Cell E-wallet app also receives a complete store receipt with each item listed. The E=receipt  can be loaded into
a users money management tool such as Quicken or Quick Books if they sign up to use the Secure ID and E-wallet
apps.


Upon entering a store, the store can be allowed to do push marketing to the user.  The user can sign up to allow
their E-wallet to communicate with the store and alert the user to in store coupons for store specials and advertised
items.  Typical ecoupon programs are not as successful as they could be because they don’t push the coupon at
the correct time. Cell E-wallet allows the user to sign up for push marketing when they enter the store.  


E-wallet push marketing uses the users trending product or service interest setting to prioritize the in store
advertisements.  



E-Wallet connection required a closed door function.


Today, computers are setup with open doors that allow remote takeover.  That was not always easily done.  It took
design changes to allow the easy remote viewing and remote control.  I refer to this as closing the remote finger
door.  In the mid 1980's, the IBM Information Network had to send a person to it’s remote locations when a
Transmission Control Unit need to have the reset button pushed.  That caused two problems.  It was a cost to send
a person to the location and it was a significant service disruption until the reset button was physically pushed.  I
suggested an electronic  remote finger.  A real key depression or command in Tampa  sent an electronic signal to
the remote TCU that electronically press the button.  To do that required an electronic door that was only to be
opened with proper approval. A few years later, we implemented a similar and larger process using IBM’s Remote
Screen Viewing Support Facility when it first came out.  That required significant code on the viewer and the viewed
machine to not only enable the process but to also address security to limit access to be only when approved.  


All the open door capability must be closed on all machines to a security process that only allows approved remote
fingers to take over.  That is accomplished in part with Secure ID’s communication partner approval lists.  It is
supported with a trace process on each machine that records and reports all details of the remote finger activity.
Most if not all remote finger or robot activity should be approved by an actual local physical finger approval.  The
request should be displayed in clear words that grandparents understand.  It should define the existing fit in the
communication partner tables as well as the details of the requestor affiliation and identification in the master
directory.  


Blocking unwanted code in email of files.  


Local applications must be in the list of approved entities that can take over the machine to do unlimited code
execution.  There must be limits on what any form of E-Mail can do with respect to running a machine.  Generic E-
Mail includes texts or instant messages or what ever form a file is received. It is convenient to allow email to execute
some code to display some things.


It must never be possible to allow a depression of a key when viewing an email to have the email application or
linked site or included code to take over and do unlimited execution on a machine.  The physical key depression in
an email should inform the user that an unexpected executable code function has been requested from code that is
included in the E-Mail. A substitute for executable code in an email is to allow the Email to request execution of
approved code that exists on the users machine.  Such as: an email needs adobe player.  The depression of a key
in an email does not allow code to be loaded and executed.  It can only allow a call to a small set of approved code
that exists on the users machine.  It does cause a request to the user and the users approved trading partner and
code approval list.  The user must know of all attempts or requests to load and execute any code.


A key depression in an email, text message or any just received file
— must not allow a call to execute code that is in the email, text message or file.
— It can allow a call to the ask the user to invoke known resident installed code to inspect and load code from a file
or email.  
— It can call the use of existing code that displays stuff in the email or file.  




Extended services:

Once Secure ID inventory is going, additional processes will be possible.

FOR EXAMPLE: Medical information can be included in the individuals inventory.  When doctors and patients are
linked in the inventory, prescriptions can easily be recorded electronically and sent to the patients drug provider and
insurance company.  This extension can use both the Internet and cell phone capability.  


NOTE: Not all past medical information needs to be recorded.  Information about today and any subsequent
information is recorded.  If a user or business desires or requires past information, they could pay the cost of
entering historical information.  



NOTE: Medical information is just one example of extended services.  Anything that can be recorded electronically
can be conducted electronically.






Registration Overview:


The user accesses the Secure ID main site then completes the initial registration and accepts the terms and
conditions.   Then the user downloads and installs the Secure ID vault code.  The initial registration information is
already filled in when the user first enters the vault.  The user completes the directory and inventory activity.  Then
the user selects done to complete the registration in the master directory and activate their Secure ID vault.  


Secure target application access is enabled after the Secure ID code has been installed on the users desk and the
user has activated their Secure ID.
- For basic security, the user can enter the target application ID and password using one of two processes.
- For standard and enhanced security, the user must be in session with the target application.  
- Top security includes the use of smart phones as token devices with voice and image recognition.



Standard security flow initial setup overview


This applies to all existing or new registration to target applications that have been updated to use Secure ID.
- User has already completed the registration and activated their Secure ID.
- Target Application owner has activated their Secure ID vault.  
- User enters the Secure ID setup process and select automatic registration to all Standard security Secure  ID
targets.
- Secure ID imports the users favorite list and or bookmarks.  
- Secure ID talks with the master directory to find all destinations that have installed Secure ID and that match the
users Favorite list.  
- Secure ID communicates with each target and initiated the Secure ID registration process.  
- Secure ID displays each target applications approval request with all appropriate information automatically filled in.  
The user selects; I approve on the terms and conditions electronic approval box for each individual communication
partner.  
- Secure ID for all Standard targets is complete.  
- ID and password maintenance in Standard security is automatically performed by users and the target applications
Secure ID vault.  



E-Wallet using Standard Security
- E-Wallet setup can be included in users Standard security online setup if the destination has an online E-Wallet
activation box.  
— The user clicks to activate E-Wallet and accept the terms and conditions.
— The destination application sends a setup approval form to the cell phone.
— The user selects the approval box on the cell phone.
— Standard security E-Wallet setup is complete for the users communication with that companies cell phone or
WIFY connections.  
- The user could activate E-Wallet in each store where they want to use E-Wallet.  
— When in the store, the users selects activate E-Wallet.
— The same Standard security automatic process is completed as above.  
- ID and password maintenance in Standard security is automatically performed by users and the target applications
Secure ID vault.  



Alternate/manual Standard security process.  
- User has already completed the registration and activated their Secure ID.
- Target Application owner has activated their Secure ID vault.  
- Users selects their Secure ID App.  
- User accesses the target application by selecting the favorite or any other way.
- On the target application, the user selects activate Secure ID logon.
— The users machine and the target machine talk and sets up the initial Secure ID communication partner
registration.  
— The user machine displays the target application approval request with all appropriate information automatically
filled in.  The user selects I approve on the terms and conditions electronic approval box.  
- Secure ID for that target is complete.  
- ID and password maintenance in Standard security is automatically performed by users and the target applications
Secure ID vault.  



Top Security flow initial setup overview


This applies to all existing or new registration to target applications that have updated to use Secure ID.


Standard and Top security can be activated at the same time.  They are basically the same
except Top Security has additional activity.


For Top security, the Secure ID vaults on the User and the destination application exchange Top security
registration and tests.
- The users Secure ID vault displays a Top Security approval notice to the user requesting the user to approve the
request transmission to the Top security destination.
- The user selects yes to send the Top Security request.
- The destination application sends a onetime code to the users cell phone.
- The user enters the onetime code.
- Top security access has been approved for the associated activity.


Additional or future Top Security can include the use combination of a camera, audio device and touch screen to
verify the identity of the user. It could even verify that the user is known and alive.


E-Wallet using Top Security
- E-Wallet can also employ a combination of the Top security activity defined for online activity.


Alternate/manual Top security process.
- The manual Top security initiation process is the same as the Standard security initiation.
- The additional Top security steps are performed.


Basic security flow initial setup overview


Since people will want to begin using the basic functions of Secure ID before all destinations have the host code, the
basic process is provided.  
- User has already completed the registration and activated their Secure ID.
- To use Secure ID, the user must log onto the machine or to secure ID.
- Users selects the Secure ID App.  
- User enters a destination address or select a link to import bookmarks or favorites.
- User enters the destination ID and password.
- All ID and password maintenance in basic security is manually performed by the users.



Once the Secure ID vault is populated with basic destinations, the user selects the secure ID list just as they would
for any other favorite or bookmark.  The ID and password is passed to the destination.


Alternate path to populate the vault destination data.  After initial registration, users click on existing bookmarks or
favorites.  In the registration tool, the users select add secure destination approval. Then users enter the
destination ID and Password.  After all the destination Ids and passwords are entered in the secure vault, the user
simply selects the secure destination favorite.  The secure vault send the id and password to the destination.  


For new destinations, the vault can communicate with the destination to select the ID and password.  



Individual Registration form:


Short sample:


p - Name,
1,3 - email address
p - my web page, social network site, .    
1,2 - dob,
1,2 - sex,
2 - race,
1 - address include GPS field
3 - second home address
1,2 - Cell Phone
,,,, and so on and on ,
- pet 1, pet 2, parents, Grandparents, kids, Primary Doctor information,,,,,
,,, and so on to include all things that is recorded electronically and that people need to know and share.  It is one
place to record all contact information for people including name, phone, address, birthday, and so on,
,,,, This list will include the approved favorites and E-wallet partners information,,,




For each item, first field is account owner or user controlled privacy setting: The user defined the privacy level for
the field.
- _ = default no external sharing   
- P = public to all viewers / partners,
- E = exclusive to the partner/account,
- 1 = viewers / partners in list 1
- 2 = viewers / partners in list 2,
- 3 = viewers / partners in list 3,
- additional list as setup by owner,



Individual Account owner:


Name: Last, first, Middle, middle, middle, middle, middle (named used today)
Original name, Last, First, middle, middle, middle, middle. (Name at birth)
Other names


Address (primary present)
- GPS (if known), country, state/province, county, city street, house, unit, zip


Address (secondary)
Address ( additional)  


Account number,


Family member list 3
Family member list 4


Friend list 5
Friend list 6


and so on,,,,,,,


Parental control is basically the same as a business administrator control over employee authorization control  


Parent control allows the family administrator to determine the security settings for a family member.  The
administrator can give blanket control to a family member or they can control some or all of the family member
settings.  This gives parents control over child access.  


Family member information.


- same detail as family owner.


Business account owner:


Type of business: select all that apply:


Automobile manufacturer, retail sales, wholesaler, service, distributor,

* select all business types that apply.  
* Search sort capability with sort options.  Name, business type, GPS or zip code, etc.


This list includes all the information the company needs for Secure ID vault communication with users.  






Mobile solution:


NOTE: this information was shared with MCX- Merchant Customer Exchange.   


- A cell phone is just a small computer. Any transaction using any computer is equal to any other transaction.  For
every item that is sold to the mobile user, there are hundreds of transactions that occur.  Those transactions use
other devices not limited to desktop, laptop and mobile devices.  


-  Move a portion of the merchant payment code to the customer computer or smart phone. Code can run on either
device and do basically the same activity.  The smart phone can communicate with the merchant computer that
communicates with the Payment Card Processing service.  The consumer receives the complete itemized bill on
their device. The consumer reviews the bill and selects their payment method.  The selection process is like the one
on the merchants physical device.   The consumer moves their finger to simulate sliding the selected card through
the electronic card reader.  The consumer device sends the information to the payment system.


-  It would be best to allow the smart phone to communicate with the Payment Card Processing service either
through the cell network or through the merchants store.  Two smart phones can be held close and communicate.  
The same process could be used to allow a smart phone and a point of sale card reader to communicate.   


- If the merchant has WiFi in the store, and if the consumer has a smart phone with WiFi, and if the two are
authorized to communicate and know each other, they can do payment processing and much more.  


- They can do Consumer Loyalty Card with automatic registration.  The communication between the merchant and
consumer can begin when the consumer enters the store.  The consumer can sign up for loyalty discounts to be
pushed to their smart phone when they enter the store.



- The MCX single logon concept can make the mobile solutions easier to implement.  However; the existing single
logon information vault is not adequate.   MCX needs a comprehensive information vault for each user that includes
user financial information along with their single logon.  Today’s openID is adequate for social sites and news
outlets.  It is not really adequate for financial and business activity.  If openID was really good for financial use, it
would be the preferred way for me to logon to BOA and other financial services.  


- To be a valid business and financial tool, the single logon requires a complete real registration process that is
acceptable for all business and financial activity.  To get an open ID, I provide some basic potentially fictitious
information but not necessarily any verifiable business and financial information.  MCX solutions need a single logon
registration process with legally acceptable identification and financial information.  



- An MCX mobile transaction will electronically share debit or credit card information.  The MCX single logon initial
registration is where the users debit or credit card information needs to be recorded.  Once the user completes the
initial secure ID registration, it is easy to link the Merchants and Customers financial inventory vaults.   They can
install a limited portion of the payment card processing application on their mobile or stationary device.  Applications
like Quicken can have the payment code installed and allow both mobile and stationary activity.   Quicken is an early
example of a secure financial single logon or openID.    I participated in getting the first Single Logon going on the
IBM Information network in the 1980s.  


-  Merchants and their customers have many other communication partners with business and financial information
from every transaction.  Paying taxes or getting insurance and yard sales are part of the total trading partner
exchange activity.  


-  A total solution will address situations like the purchase of a TV and the registration of the serial number with the
manufacturer.


- Iinitial registration in the MCX users vault includes but is not limited to:
- name, address, DOB,
- SSN,
- Copy of driver license with photo,
- Recent passport type photo for facial recognition may apply for future or top level security,
- more,,,,
- future registration may include smart phone voice and finger print recognition,


The automatic process includes but is not limited to:
- Online registration and linking merchant and customer secure vaults,
- In store linking mobile devices secure vaults for electronic check out,
- Download receipt with line items to users devices,
- Register purchases with manufacturer, (type, model, serial,,,,)  
- and more,,


- Advertisement effectiveness use, measurement, and validation process. When a person interacts with an
advertisement on their network device, the advertiser knows the advertisement was viewed and the advertiser knows
of the viewer action.   The viewer could ask for more information about the product or the user could inform the
advertiser that the advertisement is not good.  Business likes the real time feedback.  Advertisement agencies
prefer aloha advertisements that go out but are not actually measurable.   




THE WAY payment card processing IS:


When I swipe my card at point of sale, my physical card goes through a merchants physical card reader. The
application on the merchant computer communicates with the Payment Card Processing service.


THE NEW payment card processing WAY:


Move a portion of the merchant payment code to the customer computer or smart phone. Code can run on either
device and do basically the same activity.  The smart phone can communicate with the merchant computer that
communicates with the Payment Card Processing service.  The consumer receives the complete itemized bill on
their device. The consumer reviews the bill and selects their payment method.  The selection process is like the one
on the merchants physical device.   The consumer moves their finger to simulate sliding the selected card through
the electronic card reader.  The consumer device sends the information to the payment system.


The thought process to define this solution is the same thought process I used over 20 years ago. I was making a
presentation to people from the financial industry.  They said that bad checks was a huge problem and they needed
a way to verify that the person had money in their account.   I said that they already had a process that works.  
Simply use the basic process they use for the credit card process to do check approval and clearing. There was
discussion and agreement that it would work.  They went back and developed the debit card.   In the past and today,
I defined a new solution that uses a portion of an existing proven process.


I have been an advocate of the Electronic Wallet for many years.  In 1996 I described the concept of a Personal
Digital Assistant with e-wallet, cell phone and unlimited applications.  It was ahead of it’s time.  Today, e-wallet is
overdue but there have been problems holding it back.  It is a logical step in the complete Electronic Customer
Support concept.  


It would be best to allow the smart phone to communicate with the Payment Card Processing service either through
the cell network or through the merchants store.  Two smart phones can be held close and communicate.  The same
process could be used to allow a smart phone and a point of sale card reader to communicate.  


Many uses of Smart Phone WiFi to merchant WiFi:


If the merchant has WiFi in the store, and if the consumer has a smart phone with WiFi, and if the two are authorized
to communicate and know each other, they can do payment processing and much more.  They can do Consumer
Loyalty Card with automatic registration.  The communication between the merchant and consumer can begin when
the consumer enters the store.  The consumer can sign up for loyalty discounts to be pushed to their smart phone
when they enter the store.



Enter information once, then owners share it as they approve:  


Today, people must enter the same information many times. OpenID helps address some of that duplicate entry
activity.  However; to be a valid business and financial tool, the single logon requires a complete real registration
process that is acceptable for all business and financial activity.  To get an open ID, I provide some basic potentially
fictitious information but not necessarily any verifiable business and financial information.  Mobile solutions need a
single logon registration process with legally acceptable identification and financial information.  


MCX Vault for user business and financial information:  


An MCX transaction will electronically share debit or credit card information.  The single logon initial registration is
where the users debit or credit card information needs to be recorded.  Once the user completes the initial secure
ID registration, it is easy to link the Merchants and Customers financial inventory vaults.   They can install a limited
portion of the payment card processing application on their mobile or stationary device.  Applications like Quicken
can have the payment code installed and allow both mobile and stationary mobile activity.   Quicken is an early
example of a secure financial single logon or openID.    I participated in getting the first Single Logon going on the
IBM Information network in the 1980s.  



MCX transactions are part of total trading partner activity:  


Merchants and their customers have many other communication partners with business and financial information
from every transaction.  Paying taxes or getting insurance and yard sales are part of the total trading partner
exchange activity.  A total solution will address situations like the purchase of a TV and the registration of the serial
number with the manufacturer. The management of the information is the pivotal part of a simple yet comprehensive
total solution.  



A total Merchant Customer Exchange is more than E-wallet transactions and information.  It is part of a simple
updated electronic customer support architecture and Business Model. The original Architecture and Business
Model that brought about the Internet was to address the problem of the thousands of separate networks.  An
updated architecture and business model is one with comprehensive interconnected information management
process to support a total any to any when authorized Business Exchange Model that includes e-wallet as a
component.  In fact; e-wallet is a simple extension to a comprehensive enhanced Internet based mobile architecture
that includes a formal structure for Security, Ease of Use and revenue generation.


The MCX secure vault single logon requirements could be fed to the OpenID process.  They could have the existing
basic openID and the enhanced MCX business and financial medium and top level secure ID process.  


MCX is more than purchases.  


A complete MCX architecture includes methods of allowing merchants to know that consumers are making
purchases as a result of properly places advertisements.  Consumers benefit when they inform merchants of
existing and future purchase interests.  When watching a show on cable, there is no real feedback about their
effectiveness.  When watching the same show online, the advertiser knows that one set of eyes saw the
advertisement.  The consumer could choose today’s interest areas which results in advertisements that meet the
consumers needs today.



Online advertisements can include a coupon selection opportunity.  The consumer can click on the coupon selection
button and have coupon stored in their secure ID vault. People could see an advertisement and select to get more
information or even order the product and have it mailed.  All with just a few clicks without logging on again or
entering the same information again.   




Neutral physical network and neutral network management:  


The original architecture was to have a Neutral physical network that made all users equally capable of
communication when authorized. There must be Neutral network management.  We don’t want one provider to lock
in the users to their process. Each network site must be an equally valid standalone network location without
requiring users to go to a current popular site to find or like the information.  Business should be able to maintain
their own site on any ISP without the need for duplicate sites.  


A person must be able to use the same tools to conduct transactions with all merchants and other trading partners.  
Point of sale is not limited to physical stores.  Online merchants or trading partners are part of the solution.  Mobile
devices are simply smaller online devices with batteries and wireless communication.  The MCX solution begins with
the basics of online transactions.  Today, the basics of online transactions needs a simple information management
improvement that makes the mobile transaction solutions easier to implement.  The mobile part can be an almost
automatic or an inherent part of enhanced basic online MCX process.





Just in time Marketing.  

Just in time Marketing is a natural extension of just in time production.   We have items in stores because people
want to see and touch the stuff.  We have online sales that cost less because it is made to order or it is in a
warehouse instead of a high price space in a store.  Combine the two gives a third option.  Stores have one of each
item or model.  People see and touch, then order.  It comes from the same warehouse as online purchases.  Or, it is
made to order.  That is using the “Just In Time” production process for “Just in Time Marketing”.





Historical information:



In 1980, the issues of the networking presented a business opportunity that changed the world. There were millions
of users on thousands of isolated networks. There was no structure to interconnect all the users, applications, and
networks. That is when the Business Model that led to the Internet was first written to address the business
opportunity.


In 1988, IBM helped develop a new Internet Protocol to interconnect networks based on requirements from people
like Kahn and Cerf. In an article called "What Is The Internet (And What Makes It Work) - December, 1999 By Robert
E. Kahn and Vinton G. Cerf" they write: "For a long time, the federal government did not allow organizations to
connect to the Internet to carry out commercial activities. By 1988, it was becoming apparent, however, that the
Internet's growth and use in the business sector might be seriously inhibited by this restriction."


The 1988 requirements were primarily for connectivity and transport to replace a closed Internet that was open to
government uses. Once a government user was on the pre 1988 Internet, they could do anything. On the post 1998
Internet, it was unofficially open to business. Issues like Security, Ease of Use and revenue evolved from initially
extremely poor to today’s ad hock or hodgepodge environment. Today, there is a business opportunity to address.


In 1985, three years before the government 1988 requirement, the IBM Information Network (IBM/IN) had
implemented the IBM Electronic Customer Support Business Model that was the first plan to establish the
interconnection of all ad hock or hodgepodge of disconnected networks. The IBM/IN Business Model was what Kahn
and Cerf referred to when they said the Internet could not compete in the business Sector.


Today, most companies have an Internet Business Model for using the existing Internet. In 1980, the Business
Model to create the interconnection of all networks was written. It was in place in the IBM/IN by 1985.


The original IBM/IN Business Model that was adopted by the Internet developers in 1988, was to establish the inter-
connection of all networks. It did not include a formal structure for Security, Ease of Use and revenue generation.


Today the conditions are ripe for an Internet Business Model with; Enhanced Security, Simplify Usage and Revenue
built in. Just as networks were isolated in 1980, today there are many isolated security, and usability schemes
generating differing revenue streams. There is a simply solution for today’s issues just as there was a simple
solution for the networking connectivity and transport issues in 1980.



Pages from the 1984 IBM Information Network, Network Services Marketing Guide are available online.  That guide
describes the Electronic Customer Support Architecture and Strategy which became the IBM Global Network
Architecture and Strategy and is now the original Internet Business Model.


In 1983, when IBM first introduced the business model to interconnect all network, the idea had to be sold. Thus the
need for a marketing guide. The basis for the marketing activity was to help customers understand that: anything
that can be recorded electronically can be delivered electronically. In 1980, IBM had over 33 separate isolated
internal networks. IBM had thousands of customers with one or more isolated networks.
- IBM would do software problem determination and print a dump.
- Then go back the branch and do more PD.
- Then down load a tape through one of IBM’s networks.
- Then drive to the customer location to install the fix.


The solution was to improve IBM and it’s s customers productivity and satisfaction through electronic delivery of fixes
and other IBM customer support.
- First connect IBM customers to IBM’s network for Electronic Support.
- Also connect IBM suppliers for electronic order activity
- Second, Once IBM customers and suppliers were connected to IBM’s network for Electronic Business with IBM,
there was virtually free capability to do Electronic Business with their business partners.
- Next was to allow individual consumers to do electronic business with all companies.
- The last phase was to enable people like you and me to do electronic communication with friends and family.


That concept was in place in 1988 when the Internet developers adopted the IBM Information Network Business
Model. That was a Unifying Connectivity and Transport Business Model. Today there is an opportunity for a Unifying
Security, Usability, and Revenue Business Model.


Otddo

Copyright Don E. Sprague

This Internet Security architecture was written in 2005 and was posted at another site.