INFORMATION TO USERS
`
`This manuscript has been reproduced from the microfilm master. UMI
`films the text directly from the original or copy submitted. Urns, some
`thesis and dissertation copies are in typewriter face, while others may
`be from any type of computer printer.
`
`The quality of this reproduction Is dependent upon the quality of the
`copy submitted. Broken or indistinct print, colored or poor quality
`illustrations and photographs, print bleedthrough, substandard margins,
`and improper alignment can adversely affect reproduction.
`
`In the unlikely event that the author did not send UMI a complete
`manuscript and there are missing pages, these will be noted. Also, if
`unauthorized copyright material had to be removed, a note will indicate
`the deletion.
`
`Oversize materials (e.g^ maps, drawings, charts) are reproduced by
`sectioning the original, beginning at the upper left-hand comer and
`continuing from left to right in equal sections with small overlaps. Each
`original is also photographed in one exposure and is included in
`reduced form at the back of the book.
`
`Photographs included in the original manuscript have been reproduced
`xerographically in this copy. Higher quality 6" x 9" black and white
`photographic prints are available for any photographs or illustrations
`appearing in this copy for an additional charge. Contact UMI directly
`to order.
`
`A Bell & Howell information Company
`300 North Zeeb Road. Ann Arbor. Ml 48106-1346 USA
`313/761-4700 800/521-0600
`
`Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
`
`IBM-1008
`Page 1 of 191
`
`

`
`Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
`
`IBM-1008
`Page 2 of 191
`
`

`
`A COMMON APPROACH TO EXTENDING COMPUTER SECURITY
`
`CONCEPTS TO THE UNIVERSAL DISTRIBUTED
`
`NON-TRUSTED ENVIRONMENT
`
`A Praxis Presented to the Graduate Faculty of the
`
`School of Engineering and Applied Science
`
`Southern Methodist University
`
`in
`
`Partial Fulfillment of the Requirements
`
`for the degree of
`
`Doctor of Engineering
`
`with a
`
`Major in Electrical Engineering
`
`by
`
`Richard Dan Herschaft
`
`(B.S.E.E., The University of Texas at Arlington, 1984)
`(M .S.E.E., Southern Methodist University, 1986)
`
`December 17, 1994
`
`Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
`
`IBM-1008
`Page 3 of 191
`
`

`
`OMI Number: 9527269
`
`Copyright 1994 by
`Herschaft, Richard Dan
`All rights reserved.
`
`UMI Microform 9527269
`Copyright 1995, by OMI Company. All rights reserved.
`This microform edition is protected against unauthorized
`copying under Title 17, United States Code.
`
`UMI
`300 North Zeeb Road
`Ann Arbor, MI 48103
`
`Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
`
`IBM-1008
`Page 4 of 191
`
`

`
`A COMMON APPROACH TO EXTENDING COMPUTER SECURITY
`
`CONCEPTS TO THE UNIVERSAL DISTRIBUTED
`
`NON-TRUSTED ENVIRONMENT
`
`Approved by
`
`Dr I James Geo reef Dunham
`
`Dr. Eric Hall
`
`JL
`
`Dr. Alireza Khotanzad
`
`'^ .c A /y a r^ Lgxr~U/-\0
`Dr. Richard Levine
`
`Dr. David'Matula
`
`Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
`
`IBM-1008
`Page 5 of 191
`
`

`
`COPYRIGHT 1994
`
`Richard Dan Herschaft
`
`All Rights Reserved
`
`Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
`
`IBM-1008
`Page 6 of 191
`
`

`
`Herschaft, Richard Dan
`
`B.S.E.E., The University of Texas at Arlington, 1984
`M.S.E.E., Southern Methodist University, 1986
`
`A Common Approach to Extending Computer Security
`Concepts to the Universal Distributed
`Non-Trusted Environment
`
`Advisor: Associate Professor James G. Dunham
`
`Doctor of Engineering degree conferred December 17, 1994
`
`Praxis completed December 15, 1994
`
`Computer security involves internal controls and external controls. As a computer
`
`system grows distributively, the environment in which it exists can become less
`
`trustworthy. Less reliance can thus be placed on external controls, such as locked
`
`rooms. In the extreme, a highly distributed computer system operates on a worldwide
`
`scale. Information transfer exists between users, autonomous to varying degrees, where
`
`the only certain link is some form of communications channel from one user to another.
`
`The term distributed is appropriate since by each computer carrying out its own
`
`information processing needs, society as a whole is able to function.
`
`Although parties involved with information have a self-centered aspect, their
`
`actions result in a communal effort of information generation, where a unit of
`
`information is generated by one party and passed to another for regeneration. This
`
`process can trace out simple to complex paths. Along the way each party has rights in
`
`the information stemming from its role as "author" and user. Concern for these rights
`
`arises from the private or proprietary nature of information. In order for information
`
`transfer to be made efficient, the rights to information should be made a part of the
`
`informational unit, both technically and legally. As information traces its path, each
`
`author can add to the restrictions placed on the use of the information, and each user is
`
`constrained by the system to abide by these restrictions.
`
`iv
`
`Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
`
`IBM-1008
`Page 7 of 191
`
`

`
`This paper describes this universal computer system and devises a secure
`
`framework for it by expanding upon computer security concepts which were previously
`
`devised for a more limited environment. This architecture relies on the internalization
`
`and further systematization of external controls. The computer security concepts that are
`
`extended to work in this environment are the security watchdog, the access control list,
`
`and public key cryptography with its certification authority. Also developed are the
`
`concepts of a tamper proof device, a device validation authority, and the policy concerns
`
`regarding the mutual agreement over the formulation of an access control list. The result
`
`is a design which can effectively accomplish information security in the environment of
`
`the everyday world.
`
`Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
`
`IBM-1008
`Page 8 of 191
`
`

`
`TABLE OF CONTENTS
`
`LIST OF FIG U R E S........................................................................................................
`
`LIST OF ACRONYM S...............................................................................................
`
`CHAPTER
`
`1. INTRODUCTION.....................................................................................................
`
`1.1
`
`Introduction
`
`..................................................................................................
`
`1.2 Private and Proprietary Information Property
`
`........................................
`
`1.2.1 The Effect of the Computer on Information
`M isappropriation......................................................................
`
`1.2.2 Private Transactional Information..............................................
`
`1.2.3 Proprietary Information...............................................................
`
`1.3 Basic Objective of Proposed Technical Solution......................................
`
`1.3.1 Extensions to Computer Security C o n cep ts.............................
`
`1.3.2 Basic D e s ig n ................................................................................
`
`1.4 Background
`
`................................................................................................
`
`1.5 Overview of Threats and Countermeasures............................................
`
`2. THE INFORMATION PROTECTION T A G ....................................................
`
`2.1
`
`Introduction
`
`..............................................................................................
`
`2.1.1
`
`Information Usage States and Influences...............................
`
`2.1.2 The Information Access Control L is t.....................................
`
`2.2 A Selection of Groupings of Usage Influences.....................................
`
`2.3 The Data Base of Usage Influences
`
`......................................................
`
`2.4 Attribute Categories of the Information Distribution Directory . . . .
`
`2.4.1 Syntactical Attribute C ategory................................................
`
`xi
`
`xiii
`
`1
`
`1
`
`2
`
`3
`
`4
`
`6
`
`6
`
`7
`
`9
`
`16
`
`19
`
`26
`
`26
`
`26
`
`29
`
`32
`
`35
`
`37
`
`37
`
`vi
`
`Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
`
`IBM-1008
`Page 9 of 191
`
`

`
`2.4.2 Naming Attribute Category
`
`.....................................................
`
`2.4.3 Informational Attribute C a te g o ry ............................................
`
`2.4.4 Controlling Attribute Category
`
`...............................................
`
`2.5 Sections of the Information Protection T a g ............................................
`
`2.5.1 Identifying Information S e c tio n ...............................................
`
`2.5.2 Originators Link S e c tio n ...........................................................
`
`2.6 The Protected Information Unit
`
`..............................................................
`
`2.7 Abstract Syntax Notation One to Define the I P T ................................
`
`2.7.1 Brief Background on ASN.l and its E n co d in g .....................
`
`3. COMMUNICATIONS BETWEEN D EV IC ES................................................
`
`3.1
`
`Introduction
`
`...............................................................................................
`
`3.2 Public Key Cryptography for Secure Com m unications......................
`
`3.3 Aspects of Secure Communication.........................................................
`
`3.3.1 Data Confidentiality...................................................................
`
`3.3.2 Data Integrity...............................................................................
`
`3.3.3 N on-repudiation.........................................................................
`
`3.3.4 Access C o n tro l............................................................................
`
`3.3.5 Peer Entity A uthentication........................................................
`
`3.4 Authentication of the Receiving D ev ice ..................................................
`
`3.4.1 The Importance of Valid Device C redentials........................
`
`3.4.2 The Certificated T o k e n ..............................................................
`
`3.4.3 Access Rights are Device C entered.........................................
`
`3.4.4 Validated Usage Influences Belong to the D e v ic e ...............
`
`3.4.5 Validation of Usage Influences at a D e v ic e ..........................
`
`38
`
`48
`
`48
`
`53
`
`54
`
`55
`
`59
`
`60
`
`61
`
`64
`
`64
`
`64
`
`65
`
`66
`
`66
`
`68
`
`69
`
`69
`
`70
`
`70
`
`71
`
`73
`
`74
`
`74
`
`Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
`
`IBM-1008
`Page 10 of 191
`
`

`
`3.4.6 Considerations for Selecting the Time Period of Validity
`of a Usage In flu e n c e ...........................................................
`
`3.4.7 Examples of Usage Influence Validation Techniques
`
`. . . .
`
`3.4.8 Transfer of Device Credentials from Receiving to
`...................................................................
`Sending Device
`
`3.5 The PIU’s Place in the Open Systems Interconnection Reference
`...................................................................................................
`Model
`
`3.5.1 OSI Basic A rchitecture.............................................................
`
`3.5.2 The IACL at the Application Layer
`
`......................................
`
`3.5.3 The IACL at Other Relay L a y e rs............................................
`
`3.5.4 Encryption in the OSI Model
`
`..................................................
`
`3.6 Attaching a Protection Tag to Protected Inform ation...........................
`
`3.6.1 Attachment Using the Processor C h a n n e l.............................
`
`3.6.2 Devices Require Information W atchdog................................
`
`3.6.3 Input Control Needs are Similar to those of Output
`C ontrol.....................................................................................
`
`3.6.4 Connectionless and Connection-oriented Transactions . . . .
`
`4. THE INFORMATION W A TC H D O G ............................................................
`
`4.1 Information Protection at a D evice........................................................
`
`4.1.1 Internal C ontrols......................................................................
`
`4.1.2 External Controls
`
`...................................................................
`
`4.1.3 Current Systems at Risk
`
`.......................................................
`
`4.2 External Controls for Watchdog Resident Devices
`
`...........................
`
`4.2.1 A Design for Built-in Physical S e c u rity .............................
`
`4.2.2 Compliant Devices and M odularity......................................
`
`4.2.3 System Survival in a Compromised Device Environment .
`
`76
`
`78
`
`85
`
`86
`
`87
`
`88
`
`90
`
`92
`
`93
`
`94
`
`97
`
`98
`
`98
`
`101
`
`101
`
`102
`
`104
`
`104
`
`106
`
`106
`
`108
`
`109
`
`viii
`
`Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
`
`IBM-1008
`Page 11 of 191
`
`

`
`4.3 Internal Controls for Watchdog Resident Devices -- The General
`Purpose Computer
`............................................................................
`
`4.3.1
`
`Information M anagem ent......................................................
`
`4.3.2 Device M anagement...............................................................
`
`4.3.3 Memory M anagement............................................................
`
`4.3.4 Processor M anagem ent.........................................................
`
`4.3.5 Recap of Changes Needed to Systems Software
`
`..............
`
`4.4 Internal Controls for Watchdog Resident Devices — Other
`Processing A rchitectures...................................................................
`
`4.4.1 Multiple Information Watchdogs in a Single Device . . . .
`
`4.4.2
`
`Information Watchdogs in Multiple Devices
`
`...................
`
`4.4.3 Simple D evices.......................................................................
`
`4.5
`
`Examples of System Use
`
`..............................................................
`
`4.5.1 Control of Flow and Access of Information......................
`
`4.5.2 Compensation for Use of Software Product by End User .
`
`4.5.3 Transfer of Music to a Compromised D evice...................
`
`4.6 Adding Functionality to the Information W atchdog.............................
`
`5. CONCLUSION - PATHWAYS TOWARD GENERAL ACCEPTANCE
`AND TASK PLANNING FOR SYSTEM D EV ELO PM EN T......................
`
`5.1 Pathways
`
`Toward General Acceptance
`
`...................................
`
`5.2 Task Planning for System Development.............................................
`
`5.2.1 The Information Distribution D irectory..............................
`
`5.2.2 Biometric T echn o lo g y ...........................................................
`
`5.2.3 Encryption Techniques...........................................................
`
`5.2.4 Outer Casing of an IW Protected D evice...........................
`
`5.2.5
`
`Inner Casing of an IW Protected D e v ic e ...........................
`
`113
`
`115
`
`117
`
`120
`
`127
`
`129
`
`131
`
`131
`
`132
`
`134
`
`134
`
`134
`
`137
`
`139
`
`140
`
`142
`
`142
`
`145
`
`147
`
`147
`
`147
`
`148
`
`148
`
`ix
`
`Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
`
`IBM-1008
`Page 12 of 191
`
`

`
`5.2.6 Controlled M anufacturing..............................................
`
`149
`
`5.2.7 Compliance with Environmental and Quality Standards
`
`.
`
`149
`
`5.2.8 Operating System of an IW Protected D e v ic e ...........
`
`149
`
`5.2.9 Electronic Hardware Design
`
`...............................................
`
`5.2.10 Information Usage Influence Verification: Location . . .
`
`5.2.11 The Model of Information F lo w ..................................
`
`151
`
`APPENDIX
`
`A. HIGHLY TRUSTED INFORMATION SYSTEM S...............................
`
`155
`
`B. THE
`
`INFORMATION PROTECTION TAG STRUCTURE
`
`...............
`
`REFERENCES...............................................................................................................
`
`150
`
`150
`
`169
`
`173
`
`x
`
`Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
`
`IBM-1008
`Page 13 of 191
`
`

`
`LIST OF FIGURES
`
`Figure
`
`1.1. Sequential steps to establish system and transfer
`inform ation......................................................................................................
`
`2.1. The Organizational Unit hierarchical usage grouping......................................
`
`2.2. The Organizational Position grouping of usage influences.............................
`
`2.3. The Work Related Role grouping of usage influences
`
`...................................
`
`2.4. The Device Type grouping of usage characteristics........................................
`
`3.1. OSI Seven Layer Architecture
`
`...........................................................................
`
`3.2. Dual channels aid with the conduction of transactions including the
`attachment of the protection tag to the generated in fo rm ation ...............
`
`4.1. The Hierarchical Domain Architecture is based on the trustworthiness of
`groups of softw are.......................................................................................
`
`4.2. The Information Watchdog is implemented within the four
`resource managers of an operating sy stem ...............................................
`
`4.3. Protected Information Memory A c c e ss..........................................................
`
`4.4. Memory Management: 1st Phase of Context S w itc h ..................................
`
`4.5. Memory Management: 2nd Phase of Context Sw itch..................................
`
`4.6. Example of Memory M anagem ent..................................................................
`
`4.7. Example of steps to control flow and a cc e ss.................................................
`
`5.1. Time line of critical path for system development
`
`.......................................
`
`A .I. Hierarchical Information Processing T o p o lo g y .........................................
`
`A.2. An information service should be factored into separate
`processing activ ities....................................................................................
`
`A. 3. A model of how a PIU is generated and how it may be transferred . . . .
`
`Page
`
`15
`
`38
`
`41
`
`43
`
`50
`
`88
`
`97
`
`102
`
`114
`
`120
`
`122
`
`123
`
`124
`
`135
`
`153
`
`159
`
`164
`
`165
`
`xi
`
`Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
`
`IBM-1008
`Page 14 of 191
`
`

`
`A .4. Alteration to applicable branches of the previous model to allow
`for an H T IS ...................................................................................................
`
`A.5. Alignment of sectors of representational disk packs for two
`clients within the same or different HTISs
`............................................
`
`166
`
`167
`
`Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
`
`IBM-1008
`Page 15 of 191
`
`

`
`LIST OF ACRONYMS
`
`AAC Activity Anonymous Code. Part of an HTIS, it is a code which relates AIUs
`within the same topologic ring. It integrates activities which are part o f the same
`client service.
`
`AIU Activity Information Unit. A unit of information formulated by an HTIS in
`accordance with the principles of topology, aggregation, and stationarity. The
`aim is to better control information availability by creating units of information
`to which tighter fitting access control lists can apply.
`
`ASN. 1 Abstract Syntax Notation One. From CCITT Recommendation X.209 [3], ASN. 1
`(X.208 [2]) "specifies a notation for the definition of abstract syntaxes, enabling
`application layer specifications to define the types of information they need to
`transfer using the presentation service."
`
`CA
`
`Central (Certificating) Authority. The authority which oversees the content of the
`IDD and its corresponding information usage influence validation techniques.
`The structure within the CA can be decentralized.
`
`DAT Device Authentication Token. Contains a device’s credentials in the form of
`certificated usage influence tokens, as well as the public key o f a device. A
`receiving device must (directly or indirectly) submit a DAT to a sending device
`before it can receive a PIU.
`
`HTIS Highly Trusted Information System. A system of services offered by an
`organization where the information protection approach for each service revolves
`around each client.
`
`IACL Information Access Control List. It is a list of recipients (usage states) that have
`permission to receive logically associated protected information.
`It is a section
`of the IPT.
`
`IDD
`
`Information Distribution Directory. A universally accessible data base which
`contains the commonly identified information usage influences along with various
`associated attributes.
`
`IMAT Information Memory Assignment Table. A table used to determine the PIMA
`that a memory address is located within.
`
`IPT
`
`Information Protection Tag. It contains instructions to direct the actions of an IW
`in handling logically associated protected information. It is a section of the PIU.
`
`xiii
`
`Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
`
`IBM-1008
`Page 16 of 191
`
`

`
`IW
`
`Information Watchdog. A class of standard components which carry out the
`instructions in an IPT. A device compliant with the protected information
`environment, depending on its architecture, is required to have one of the IWs as
`part of its operating system.
`
`IWD
`
`Information Watchdog (protected) Device. A device which contains an IW and
`which is designed and manufactured according to rules specified to make the
`device tamper proof.
`
`LC
`
`IACL which has been formulated, by an information
`Least Common. An
`management function, from IACLs which are to be opened for reading at the
`same time. The LC IACL contains the common recipients across all the opened
`IACLs.
`
`PAAT PIMA Access Allowed Table. A list of PIMAs that are allowed to be accessed
`at a given time.
`
`PIE Protected Information Environment. A system which secures the transfer of
`private and proprietary information in a distributed non-trusted environment. It
`primarily involves the transfer of PIUs between information watchdog resident
`devices.
`
`PIMA Protected Information Memory Area. An area of memory, contiguous or
`dispersed, physical or virtual, to which an LC IACL has been assigned. The
`assigned LC IACL is used to determine to which PIUs the contents of the
`memory may be written.
`
`PIU Protected Information Unit. A generic term for a protected instance of a data
`structure.
`It can apply to frames, packets, records, files, etc.. for which an
`originator has decided to have protected information controls apply.
`It mainly
`consists of an IPT and protected information.
`
`SI
`
`System Information. Information existing within an HTIS which is not directly
`indicative of a client. The format is non-specific.
`
`TAC Transaction Anonymous Code. Part of an HTIS, it is a code associated with an
`AIU which relates it to a more complete parent AIU within an inner ring. It can
`be used to hide items of information including the identity of a client engaged in
`a specific transaction.
`
`Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
`
`IBM-1008
`Page 17 of 191
`
`

`
`CHAPTER 1
`INTRODUCTION
`
`1.1 Introduction
`
`The title of this paper is A Common Approach to Extending Computer Security
`
`Concepts to the Universal Distributed Non-trusted Environment. The qualifying terms
`
`in the title are intended to show the scope of the subject but ambiguity may still remain.
`
`Therefore each term is now discussed:
`
`•
`
`•
`
`"Common Approach" means that the technical solution should be applicable
`
`without significant modifications to a broad class of related problems.
`
`"Extending Computer Security Concepts" means that various computer security
`
`concepts that may be considered to already exist in some form are further
`
`developed to apply to the environment of interest. Only those concepts that will
`
`be altered or specifically applied to the new environment will be discussed; other
`
`concepts may be relevant as part of a complete design but will not be discussed.
`
`•
`
`"Universal Distributed Non-trusted Environment" refers to information usage on
`
`a worldwide scale where each information user may be autonomous both in
`
`technical configuration and administratively from other users with the only certain
`
`link being some form of communications channel to another user. The term
`
`distributed refers to the big picture of the worldwide computer network, where
`
`by each computer carrying out its own information processing needs, society as
`
`a whole is able to function. This environment may more simply be described as
`
`the everyday world. This environment is considered to be a superset of the
`
`limited trusted environment, to which the techniques developed should also be applicable.
`
`Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
`
`IBM-1008
`Page 18 of 191
`
`

`
`To these qualifying terms can be added -- with the aim of protecting private and
`
`proprietary information — to show the desired outcome of the technical solution. This
`
`category of information can be interpreted quite broadly but is meant to imply something
`
`less than information pivotal to the outcome of national crises. This influences the level
`
`of achieved security as well as the security features offered. The distinction between
`
`private and proprietary information and the increasing need to be concerned with their
`
`protection is discussed in the next section.
`
`1.2
`
`Private and Proprietary Information Property
`
`The concern that an owner of private information has is that its use not adversely
`
`affect him. The concern that an owner of proprietary information has is that he be
`
`rewarded for each use of the information. Both require that information distribution be
`
`restricted. The difference in compromise associated with each of these types o f
`
`information may be one of quality versus quantity. A single usurpation of private
`
`information into the wrong hands may destroy its value to its owner; each usurpation o f
`
`proprietary information may simply deprive its owner of another unit of value. Value
`
`in terms of proprietary information usually means monetary value; value in terms o f
`
`private information can mean monetary value or an intangible quality such as reputation.
`
`This is not so different from other classes of property which can have monetary as well
`
`as intangible value, i.e., a family heirloom. In terms of the business world, trade secrets
`
`would be considered private information while a data base for sale would be proprietary
`
`information.
`
`Individuals usually are concerned with the intangible value of private
`
`information which may or may not have financial implications. A large fear is that the
`
`available body of recorded information on a person may substitute for a person’s
`
`characteristics as expressed in a more personal or current manner. Additionally the
`
`recorded information may be incorrect. A connection exists between private information
`
`2
`
`Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
`
`IBM-1008
`Page 19 of 191
`
`

`
`and proprietary information — individual instances of private information may have
`
`insignificant value but when gathered and arranged may increase in financial value, thus
`
`encouraging a transformation of private information into proprietary information.
`
`1.2.1 The Effect of the Computer on
`Information Misappropriation
`
`Information is a form of property. As with any item of property, the degree to
`
`which it may be misappropriated is based on the value of the information and the ease
`
`with which it can be misappropriated. As a property group, more information can be
`
`misappropriated if there is more of it in existence. Computer technology has facilitated
`
`all of these factors.
`
`•
`
`Information has been made more valuable due to the ease with which it can be
`
`processed.
`
`Processing can reveal insights in
`
`information or can handle
`
`information in a production line manner by producing such outputs as addressed
`
`envelopes. The computer acts as a front end to human abilities where otherwise
`
`the type and amount of information would cause an overload condition. The
`
`technical concepts discussed in this paper will lose their effectiveness as the
`
`content of the involved information becomes simpler in terms of human
`
`manipulation and comprehension. At the extreme end of simple human
`
`comprehension, gossip will hardly be affected at all.
`
`•
`
`Information can be more easily misappropriated due to the ease with which
`
`telecommunication networks can transport it and due to the various available
`
`media for the output of data. Telecommunications networks are offering greater
`
`bandwidth and greater connectivity of diverse systems. Information has also been
`
`easy to misappropriate because owners of the information have not been
`
`safeguarding their claims to it. Just as the title to land that is not protected can
`
`pass into the hands of squatters, the same can and does happen to private
`
`Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
`
`IBM-1008
`Page 20 of 191
`
`

`
`information. Some mechanism is needed for information originators to lay claim
`
`to, as well as to secure, private and proprietary information.
`
`•
`
`Information in digital form is also becoming more available as a result of the
`
`positive trend in performance to price of software and electronics and the
`
`increasing portability of information related equipment. Due to the functional
`
`advantages of the telephone, word processor, point of sale terminal, etc., human
`
`interaction increasingly is either accompanied with or transpired using digital
`
`communications. The increasing degree to which human interactions are being
`
`reduced to a bit stream, posses an increasing privacy threat.
`
`1.2.2
`
`Private Transactional Information
`
`Some information is already protected by law or by contract under law such as
`
`through copyrights or nondisclosure statements. Usually in these cases, the information
`
`(or its physical manifestation) is generated with the direct intention of being offered for
`
`sale. The information may very well have not been generated in the first place if a
`
`means to claim ownership was not available. Much private information is generated as
`
`a by-product of the need to complete transactions. Businesses as well as individuals are
`
`at jeopardy of having their private information usurped in this manner.
`
`1.2.2.1 Characteristics of Transactional Information
`The characteristics of information which determine how it can be used for
`
`purposes consistent with the owner’s desires, also determine how the information can be
`
`used when misappropriated. Transactions can be classified as generating computer
`
`intelligible information or computer non-intelligible information. Computer intelligible
`
`information consists of symbols or numbers from which the computer can discern
`
`meaning. Computer non-intelligible information can as well be numerically manipulated
`
`but doing so does not lead to its being related in a significant way to an external idea.
`
`4
`
`Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
`
`IBM-1008
`Page 21 of 191
`
`

`
`Over time, as computers are becoming more "intelligent", non-intelligible information
`
`is becoming intelligible information. The line between computer intelligible and
`
`computer non-intelligible information presently occurs
`
`in
`
`the area of ffee-form
`
`information, such as natural human speech in a conversation. Telephone conversations
`
`have traditionally been an area for the invasion of private information through the use
`
`of the wiretap. The information derived from a wire