by Dan Schutzer

An Email Trust Breakthrough:

Aligned Trust Service (ATS) for Web-Based Authentication of Information Exchange and Information Broadcasting Systems

  1. Definitions and General Ground rules
  • By email, we mean any form of information exchange/communication between multiple senders and recipients. This includes among others email, text, and social media posts. The information exchanged can include, among other media, text, videos, voice.
  • Devices can include personal smartphones, watches, and other IoT devices, as well as AI agents.
  • AI agents are intelligent software, employing AI technologies capable of learning and adapting, such as Large Language Models, that can operate under human supervision or autonomously.
  • Service Providers are incoming and outgoing mail servers, such as Gmail. Messaging providers include Apple Instant Messaging,
  • AI Agents can be employed by user services and/or by a user directly.

ATS is a universal global database which provides identity and authentication services for all people and all objects in the IoT, as described in the Aligned Trust patents.

Aligned Trust is guided by the following 4 principles:

1) Non-destructive, non-interfering architecture. Works over-the-shoulder, preserving legacy systems. If the ATS goes down, the service providers system stays up. ATS is never part of the service provider’s critical path flow.

2) Non-invasive. ATS tries to the greatest extent possible to avoid big brotherism with everything it does, to maintain the highest possible trust level. That means ignorance of the contents of a transaction. Ignorance of the contents of a message.

3) Universal and Global. ATS uses its central global database whenever possible to connect users across all possible systems to increase confidence about who is being approved while at the same time reducing friction.

Aligned Trust does not come into being with total knowledge — it’s something it is always working toward but will never achieve. It takes the best knowledge that it can gather in the least intrusive ways and use it to make the best possible contribution to the authentication moment.

4) No enrollment: No end user installation or mandatory enrollment. In most instances. In the event of email/information exchange, for senders, self-scoring is optional. For recipients, whitelisting, blacklisting and spam reporting is something desired but not required.

  1. Authentication, information exchange (e-mail in its general sense), and their relationship to the Aligned Trust Service
  • User services and devices, including AI agents, may authenticate their users/customers several ways, including with multiple layers (passwords, passkeys, biometrics such as facial recognition, out of band codes, and sender side authentication methods – such as SPF, DKIM, and DMARC), and with continuous monitoring in addition to one-time challenges to gain access to data and services.
  • AI agents may need to be authenticated to access their user’s services and devices on the user’s behalf.
  • Once granted user or service consent, AI Agents can operate under user control/supervision, or autonomously.
  • AI Agents and users can communicate, exchange information and coordinate actions amongst themselves to perform tasks.
  • User services, agents and devices can enroll in Aligned Trust Service (ATS).
  • Services, devices and agents report back to ATS information such as access attempts and information exchanges, both successes and failures, by date, time and location, sender/receivers, and types of tests/challenges, including confidence scores.
  • They also can send classifications and actions taken (verified, spam, rejected) regarding attempts to communicate and exchange data/messages
  • ATS maps users to their agents, devices and service usage and access by date, time and location of access.
  • ATS creates a global database of failed/passed authentication tests and types of tests; and information exchanges (successful, unsuccessful and denied), which it employs to provide confidence scores for all access, information exchange and usage attempts.
  • ATS can suggest additional actions (authentications, challenges) to be taken to the enrolled user and their service.
  • The steps taken by ATS and its interaction with enrolled users and services are shown in the attached diagrams.
  • Additional steps can occur if the ATS suggested actions are taken by the enrolled user and their service. Among other things, this information is captured and added to the ATS global database.

III. Why should an email or messaging service provider use the Aligned Trust Service?

Whereas a service or device or agent can authenticate a user without employing the Aligned Trust Service, they cannot in general see or relate data when it involves different user, device or service unless specific arrangements are made in advance with other service providers. Such arrangements have occurred in specific applications and groups (e.g. credit card associations share fraudulent card usage attempts amongst its members). For example, a service provider, such as a bank (e.g. Bank of America), does not in general know when John, or an impersonator of John, accesses another bank (e.g. Chase). Ditto for other services (e-mail, etc.). Even John doesn’t know when his agents, services and devices, are accessed by others, including an impersonator, not even when it is a service account, personal device, or agent used or owned by John.

The value of using Aligned Trust is that it can use this valuable additional information to surface suspicious overlaps in information successes and failures across these services, agents and devices. As identity-based fraud has become a trillion-dollar industry, the value of the Aligned Trust Service is worth billions, even if it results in only 10% of these successful fraud attempts being prevented.

And because Aligned Trust is universal and the information it is able to integrate into its system continually improves, its efficacy and value also continually improve.

  1. Use Case:

An imposter takes over John’s iPhone and bank account and gains knowledge about John, waiting for the ideal time to strike and maximize the wealth that can be stolen from John. The imposter continues to periodically open and access John’s services to gain more knowledge about John. The imposter, in addition, can continue to access services and devices without John’s being aware of these breaches, while allowing John to continue to access his devices and services. Only Aligned Trust can detect this subtle, but inevitably catastrophic, lurking breach.