EMCSSL provides a scalable infrastructure for passwordless authorization suitable for an unlimited number of web services.
The infrastructure sits on the EMC cryptocurrency block chain, using the block chain as a decentralized store of hash sums for client Secure Socket Layer (SSL) certificates. Users can generate certificates without any central authority and quickly replace them as needed. This decentralization makes the system effective both for scheduled replacement and rapid recall of compromised certificates.
The system’s uniqueness is its complete decentralization. There is no group of servers running under a single authorization, as used in the systems of Kerberos, OpenID, TeddyID and others. As a result, it is not possible for EMCSSL to suffer system-wide service disruption due to technical failure or malicious attack upon authorization servers. In addition, it is not possible for a user to have their accounts globally suspended at the whim of a single authority.
The EMC name value storage (NVS) system also supports InfoCard, a decentralized, distributed “business card” system that complements EMCSSL’s passwordless logins by allowing website profiles to populate automatically. InfoCard can organize information in a hierarchical structure, which can support quick content updates to all cards within organizations.
Following is a summary of EMCSSL and InfoCard by Emercoin International Development Group. For a more more detailed summary, visit https://emercoin.com.
In today’s Internet, the main way for a server to authenticate a user is a password system. The user creates the password when first using a site, which confirms their identity on subsequent visits. Disadvantages include having a weak password, having an overly complex password, needing a unique password for each site, and the inconvenience of recovering forgotten passwords.
The most common mechanism for protection of a network connection is SSL. In addition to the server proving its authenticity, SSL establishes an encrypted connection between the client and the server.
However, secure connections can be broken if an attacker can add themselves to the list of trusted users for the user’s browser, through the use of a fake browser root certificate. In a corporate network, the administrator can add certificates to the list of trusted users and then organize a “man in the middle” attack in the https connection.
EMCSSL is based on client SSL certificates. In addition to user authentication, it also provides a secure, encrypted channel of communication with the server. Unlike other SSL systems, there is no central authority. The role of central authority is performed by the block chain of the decentralized EMC cryptocurrency. Thus, the client SSL certificates can be generated and updated completely on the client side without restrictions or need for interaction with another party.
In EMCSSL, the client SSL certificate can be reused for authentication on multiple servers without sacrificing security. For normal Internet use, the user would have a single certificate, which simplifies the support of a large group of accounts. It also eliminates the need for tens or hundreds of passwords.
In addition, EMCSSL does not permit “man in the middle” attacks as described above, since the server checks on the EMC block chain whether it is a real certificate from the client or fake. These differences combined produce a secure login authorization system that also has practical applicability for widespread use.
EMC currency payments can be sent to a name in the name value storage (NVS). A server using this method is guaranteed to send a payment to the owner of the certificate and no one else. Even in the event of an account hack, the withdrawal address cannot be substituted, and funds cannot be sent somewhere other than the intended wallet.
The introduction and use of this feature can improve the security of cryptocurrency exchanges and mining pools, among other uses.
InfoCard is a technology that uses the EMC NVS system. Generally speaking, it is a stand-alone system. However, InfoCard’s more significant value is in combination with EMCSSL, where a certificate’s user identification field contains a reference to an InfoCard record. When verifying a certificate, a server can extract InfoCard user information to fill in the user profile on the site or contact the user with information contained in the InfoCard, including for cryptocurrency payments to an address indicated in the InfoCard.
In addition, unlike the storage of details in systems such as OpenID, LDAP, vCard, where each record contains all information about the person, an InfoCard entry allows the user to import information from other entries already in the system.
The EMCSSL mechanism looks a lot like that used in authentication protocols such as Kerberos, where the client receives an authorization token, and can then present this token to servers during a login process.
But instead of using a centralized server, EMC’s decentralized NVS is used, which acts as a unique token to successfully detect certificate serial numbers. Instead of verification of a client via a central server, the client can be verified by checking the NVS in a local instance of the EMC wallet.
The InfoCard system has much in common with OpenID or LDAP, but it is decentralized and possesses an import mechanism those counterparts lack. This mechanism allows the user to maintain the consistency of large groups of cards.
When used together, EMCSSL and InfoCard deliver a safe and convenient system that allows users to login to sites and automatically fill their profile when creating new accounts.
All software is distributed free of charge, and the EMC wallet itself is open source.