Daren Klum’s Post

Transcript

Hello everyone, this is Darren Klum from Secured 2 and today we're going to do a quick demo and we're going to explore an exciting new development in the world of authentication and security. Most of you probably don't even know what J W2 is. And for those of you that do know what JWT is, JWT is what we call a JSON Web Token. It's a compact URL safe means of representing claims between two parties and secure twos developed a new JWT token technology. The best way you can we can describe it is it's MFA for JWT and it enhances today's existing standards, making it the most secure way to do server to server authentication that exists. And so right now we're gonna dive into how it works, why what we've developed is such a game changer. So today we know the quantum and AI risks to our encrypted systems. Well, JWT becomes and presents a massive challenge for server to server. Communications because if our enemies can commandeer this system, they gain access to everything at any time. So what is a JWT? Why is it so important? A JWT is really broken into three different components, a header, a payload and a signature. So a header. This contains the metadata about the token itself, such as the type of token, the GWT, and the signing algorithm that's being used, and the payload contains the claims or the. Data that you want to transmit, such as the user information or access rights and the signature itself. This creates is created by encoding the header and the payload using a secret key or a public private key pair, ensuring that the tokens integrity and authenticity remains. So that is in a nutshell what JWT is. So how it works in just layman's terms really is broken into four segments, which is the user login. Token transmission, um, subsequent requests and then the server validation. And so when a user login is is whenever you log in, a server verifies the credentials and upon a successful authentication, the server then generates a JWT containing user information and permissions. Then the next step it goes into is that token transmission and that's where the JWT is sent to the client, typically stored in local storage or a cookie. Then the next thing is a subsequent. Quest that happened and for each subsequent request to the server, the client includes the JWT in the Http://header. And then there's a server validation and the server then verifies the token signature and then extracts the user information from the payload to process the request. I know it sounds like a lot, but we're gonna break it down for you so you can actually see it here in real time behind the scenes. So you know what all of this means. So in this dashboard, which is Postman, Postman is a very commonly used dashboard to help people test APIs. So we've actually, we're going to show you. How a JWT token actually gets created by Secured 2? What makes it so different? What makes it so much more secure? So the first element that we do that is highly unique is something that we call a server key token. Think of this as a proprietary stuff that we've developed that is a highly, highly unique way of creating a. Server key that I think of this as like MFA for JWT, and that is this section right here. So what happens is every time that we create a token using secure two, we automatically notice. I'll do one right here. Let's say there's a request, we just did a request and you'll notice that this key just changed. So every server request gets a unique. Um, token that we generate that is constantly random. This token is made-up of letters and numbers. But what's interesting is what generates this is a quantum secure function for us. So this is a highly, highly, highly secure server key token that can't be replicated is constantly changing. So our enemy is trying to attack, attack any secured to a server secure server Exchange is going to not be able to do it. So what I'm gonna do here is I'm going to actually generate. A a a JWT token. And so I just did that and I'm gonna grab it and I'm gonna copy it. And go down here and hit copy. And then what I'm gonna do is go into JWT and actually show you how our JWT token is vastly different than a standard JWT token. So this right here is a standard JWT token. You can see there's not much there. There's a header, there's a payload, and then there's the verify signature. And so that's about it. Nothing too sexy, but this today is vulnerable. So what we're going to do is I'm going to get rid of that. And I'm now going to add in our token. So you're going to notice a distinct difference between our token and the token that was previously there that you're used to seeing. You're also going to notice a significant amount of additional things that I'm going to walk you through here in a minute. So #1 the header, you're going to notice the header is vastly different. We have secured a header information and protected that. You'll notice in the payload we have a customer ID which is unique to our token. That is right here. Again, this ID constantly changes for every server transaction and is identified to the person initiating that transaction. Then you'll have a server key. The server key again constantly changing, never the same. This is our MFA for JWT tokens and again adds a massive layer. Of security to JWT, then you have the host key. So you can see a vast difference between just a standard JWT token that everybody uses today and the robust security measures that we put into our JWT tokens that make it basically the most secure way to do server to server communication of any product that is available today. This has been in market now for well over a year. It's being used broadly across all of secured. Use products and capabilities. We're now offering this to the broad public. We do believe that every single person should have secure server to server communication. They should take advantage of this quantum secure and AI safe technology. It's very, very important that we do so quickly. And that's just a little look at what makes us so unique. And so just to kind of close, what's really the latest in this JWT technology #1. You know it's our advanced security algorithm. So we've incorporated that cutting edge cryptographic capability using our proprietary security that is physics based versus math based. We have dynamic token capability which we've shown you here. So our tokens again constantly changing and highly, highly secure. We have fine grained permissions which makes it easier to manage the complex access requirements that are happening. Umm, which is a really big deal. And then there's the immutability that we have as well. So anyway, just wanted to share this just give you a little better understanding of what's happening behind the scenes of service server authentication. And that's it for this very quick video tutorial of our capability. I'm also excited to share. We have another video that we're going to be putting together here shortly to show quantum secure and AI safe AI. And as you know, AI security is a humongous. Challenge and one that we have solved with our physics based security capability and we can't wait to show you that demo. I think it's gonna open a lot of eyes and I think is a very, very important step to securing and locking down our AI systems to make them more secure. So that's it. Thank you so much for your time today. Appreciate you learning more about our quantum secure JWT tokens. Thank you.