@boistordu, welcome back , havenāt heard from you for a while. Are we becoming old-friends now ?!
Iām not exactly sure what you referred to when you asked ādid you use a design patternā, but I guess your intention behind the question was for GATE to be easily adaptable, like a black-box approach, so it is encapsulated and has an API for any other software to call it and use it in a packaged way, am I right ?
If that was the case, then my answer is ānoā. There are a few reasons for that :
[1] In the past 3 years, what was on my mind was to develop a demo app, to showcase the usability, flexibility and use the demo as a proof-of-concept app. So a person who has never heard of GATE can see how it works, inside out, be able to play with it and GET THE IDEA, so I spent most of my time on the GUI and the concept of the information flow of the core GATE logic. And to that end I have developed 3 versions : [a] desktop Java Swing version [ old and new apps ], [b] Web servlet version to run in the live demo, [c] Android mobile device version, now on Google Play for free download.
[2] Since I donāt have a cybersecurity background, I donāt know how the process works [ like you described ] in this part of the industry, so I had no idea as to which would be the proper way going forward.
[3] But most importantly, again most importantly [ this is the main reason ], I DON"T EVEN WANT to package GATE up so other software can just call it and use its functionality to authenticate user, because this is not something trivial, this is as big as CYBERSECURITY to the world, I donāt want to do something that I think is correct, and later find there is a flaw that hackers can take advantage of. Therefore what I had in mind was : if an organization likes to adopt GATE, it can buy my demo software [ Iāve spent 3 years full-time without a job developing on my own expense ], and license GATE, then let its internal developers take my demo apart, look at it closely and adapt to their system. So each organization will have a unique version of their own GATE, that way that organization can be sure to have a SOLID GATE application guarding their front door, not some package I encapsulated and give them for use. That way it can also take the legal responsibility away from my shoulder, because I just introduced them a new concept, a new angle of looking at the password problem and offered them a patented solution to this stubborn problem, GATE solves the problem from the root cause. Yet they need to implement it in their own way, I can offer them suggestions, advises and insights as the inventor of GATE, but I donāt want to give them a packaged solution, and I donāt even want to know the details of their customized implementation if they choose not to let me know.
[4] With that said, there is another approach, which I think would be close to what you are thinking. It might go like this : someone who is an expert in this field [ like you ] see the true value GATE can bring to the developer community and also from cybersecurity perspective, to the whole world to secure digital information, this person or groups of experts like this person bring the subject [ GATE for more security ] to a consortium like FIDO, W3C or NIST ā¦ or even a large company like Google, Microsoft, IBM ā¦ Then experts in this organization take a close look at GATE, and find it is truly much better than whatās in the current system on the market, and it sees an opportunity to profit from this innovative approach [ or even the bragging rights of sponsoring GATE ], and it decides to make a move on the GATE system, it can purchase my demo source code, therefore recognize my 3 years of work, put it in open source, so developers can both benefit and enhance the GATE system, then come up with a package like what you have in mind and adapt it to different vendorsā software, so through this way that version of GATE will become a new standard in this industry for user authentication. I think your suggestion is toward this direction, yes, I agree, this makes sense, but it needs to be looked at and worked at by experts in the field and packaged so that developers can easily call a standard version of GATE [ still customizable according to each organizationās needs with different parameters ], and through an API call each organizationās developers will be able to easily integrate the GATE functionality into their application logic without the need to re-invent the wheel so to speak.
In small scale, #[3] is doable for any organization that wants to use GATE, it will grow gradually as more and more people see the benefits of the GATE system. #[4] will be good for worldwide adoption of this new standard for a more secure interception-resistant user authentication. I prefer #[4], itās good for everyone, I donāt have to deal with organizations one by one, and I can use the funds to pay for my patents and move on to solve other interesting problems [ like how to build an air plane that will never crash, a ship that will never sink, or how to use sound to levitate a plane ā¦ ], GATE will have a life on its own, and the entity that bought the source code and put it into opensource will have itās reputation of supporting/promoting cutting edge cybersecurity innovation/revolution written in history for future developers to remember. Imagine 20,30 years from now people will read it like this : Passwords had been used for thousands of years, but since we stepped into the digital age, the weakness of traditional password became more and more obvious, which exposes user pins during the login process, many [ 81% ] data breaches were caused by the password problem, hackers were getting more and more sophisticated at intercepting user pins during the authentication process, then because of that users were forced to remember longer and longer passwords combined with rigid requirements of uppercase, lowercase, numbers and special characters, to the point that it became so hard to remember with dozens of accounts for an average user, they have to use password managers to keep track of all the passwords, then when the master password gets stolen, all accounts were compromised. Then came bio-metrics trying to replace passwords, but it had itās own problems, eroding of privacy, unable to recover after bio-metrics data got stolen, and high costs ā¦ eventually the pendulum swung back to knowledge based user authentication with the advent of Graphic Access Tabular Entry ( GATE ) invented in 2015 and supported by Google/IBM/Microsoft, which bought the source code and put it into open source, so developers can now quickly use and improve the GATE authentication system. With billions of device using the GATE system on a daily basis not only for user to machine authenticate, but also for machine to machine authentication, the supporting company ( Google/IBM/Microsoft ) is making $Billions in profit and that doesnāt even count the GATE encryption system, which is another innovation by itself, itās an revolutionary encryption system that doesnāt use prime numbers to encrypt data, but use GATE authentication to encrypt each piece of info element mixed with filler elements, therefore made the progress of resolving dangers of super-fast quantum computers threatening to break current encryption base on prime numbers. With profits from the GATE encryption, the supporting company ( Google/IBM/Microsoft ) got its return on investment back more than a million times, besides, it ( Google/IBM/Microsoft ) will always be remember by future generations as a leading advocator of cutting edge technology to solve our problems in the digital age. With the elimination of the majority of security weaknesses caused by password problems, cyber security professionals can now concentrate their time and resources on other previously less important issues. Howās that !
So itās a win-win-win [ and lose for the hackers ] situation for every body. What is needed right now is to decide which direction to go ?
Iām an outsider to cybersecurity, and I still prefer to be an outsider, GATE happened like an accident, if I wasnāt watching TV during that evening in 2015, I would have never invented it, but the good thing is [ like a lot of times in history ] outsiders donāt have a fixed mindset the insiders have, so outsiders can bring fresh perspective to a seemingly old problem to the insiders, and therefore solve it in an unexpected way. I hope now I can move on to other things, and #[4] is the best way forward if I can find a supporting organization [ any help is welcome ].
I still donāt know your name, but thanks for your support ! If it all works out, some day there will be a Wiki page for GATE, and in it, I hope to see you mentioned as an initial promoter of the GATE system, I think anyone who can see the potential in GATE deserves to be recognized, especially in early stage.
Frank