Firewall Personnel Authentication
The question of gaining the attention of a local agent or authenticating a supposed agent’s credentials is a difficult one. Multiple methods exist, with varying degrees of security.
The most secure method for making contact with another Firewall agent is to pre-arrange contact via the Eye. Most profiles, be they sentinel, proxy, or server, are tagged socially, culturally, and geographically. The destination target can be searched via any of these factors, and with initial contact taking place electronically via the Eye (security: FES Authentication Protocol). Physical contact can take place later, with authentication mediated by standard Firewall methodologies (see FASAP) or other agent-specific methods.
As part of the standard authentication program run by your muse, you should have a weekly updated list of code words. These words are individually innocuous, chosen by an Eye-based algorithm to be both common parlance but unlikely to occur naturally within close proximity. The standard protocol is 5 words, to be used within 30 seconds or 5 lines of text. By default, your muse is authorized to monitor all incoming communications and audio input, and will alert you to the attempted communications. It is up to the individual agent’s discretion to respond to the codewords or not. Query “Marsiupial_soup.txt” to your muse to open the current list of codewords.
Firewall Agent Security Authentication Protocol (FASAP)
The most secure methodology available for generic peer-to-peer authentication. There are 2 levels to this authentication: active and legacy.
Active authentication takes the form of mediating authentication via the Eye. The interrogating agent is to log on first, and follow the provided instructions to initiate an authentication session. The interrogated agent is then to log on and enter the provided pattern code. The interrogating agent should then receive a real-time update on the validity of the interrogated agent’s credentials. This method should only be used if access to the Eye is deemed secure.
Once every 1000 hours, your muse should receive an updated list of public keys for agents deemed “local” by the Eye (see EAA_Cluster) and any specified Eye contacts. Given a potential agent’s identity, this will allow you to encrypt a message according to the public key in your library associated with that identity. Successful decryption using the agent’s private key is an indicator that the user’s private key matches the public key provided on the Eye. The success of this method is based on the validity of the keys provided to the Eye. You are asked to keep your posted public key current. It is advised that you keep any key you have used in the last 3000 hours just in case you are requested to visit an area without secure Eye access.