NEWS

Commlinks and Personas

  • 64 Replies
  • 12535 Views

Xenon

  • *
  • Prime Runner
  • *****
  • Posts: 6467
« Reply #60 on: <06-05-22/0627:10> »
This is how I imagine corporate security to work in Shadowrun.


Most smaller corps that are not empowered to issue limited corporate SINs themselves probably have a policy to only employ real citizens, so one of the first things they will verify (even on the first interview) would probably be that you have a SIN and that your SIN checks out. That it isn't fake. Depending on the position you are applying for, in addition to a regular SIN validation check they might perhaps also run an extended background check (including manually checking your social media feeds, political activity, crime record etc). Actually getting hired on a fake SIN to a higher security area is probably quite tricky unless your fake alter ego is really well made.

Later, as part of the on-boarding processes, they will probably take your photo (which they will print on your corporate close proximity RFID badge together with your name, employee number, corporate logo and department number) and supposed you are hired to work in a high security area they might perhaps also record a spoken pass-phrase, take your finger prints, scan your retinal signature or collect some other biometrics that they will later use for voice recognition, fingerprint scanner, retinal scanner etc to validate that you are actually you at the check-point to enter said area.

Each morning when you arrive at your work you will typically first pass through the public lobby where the SIN of all visitors and employees alike will be automatically scanned through a rating 3 SIN verification unit. This is to make sure SINless individuals don't enter the public lobby area of the corp. Individuals that are not broadcasting a SIN at all are denied entry to the lobby by hired corporate security. The SIN validation unit operator expect everyone to pass. If a SIN validation fails then that fake SIN will be automatically burned and KE will be automatically called to the scene to arrest the individual for "attempt to use an illegal fake SIN". Hired corporate security will detain the individual until they arrive. The lobby is probably also warded to make sure visitors and employees are not sustaining spells and the frame of the front door itself probably also contain a rating 3 Magnetic Anomaly Detection scanner to make sure visitors and employees are not bring firearms into the public lobby.

As an employee you are expected to wear your corporate badge visible at all times. To get through the lobby, to the elevator that will take you to your actual work environment, you are required to scan your card at the rating 3 card reader of the manned security check point in order for the rating 3 maglock to open and let you in.

21st floor where you work is a high security floor and one of the first things you have to do there before getting in is to walk into an air lock. Inside the air lock you are expected to say the sentence "Hi, My name Odsh. My voice is my passport. Verify me." using your own unique natural voice pattern in order for the rating 3 voice recognition system to open the rating 3 maglock. If you fail the air lock will likely remain locked while hired security guards will be called to the scene in order to resolve the situation.

On the inside you will also likely meet people you work with on a daily basis. They might ask you how you feel. If the weekend was good. etc.



As a social infiltrator of a shadowrun team I decided to impersonate Odsh, a random research engineer of same metatype and sex and roughly the same height and weight as me that have access to the same floor in the high security research area where the expected macguffin is located.

To not trip the MAD scanner I decided to leave my silenced light pistol at home but I still brought my monowhip hidden in one of my fingertip compartments, just in case. Before I enter the lobby I will also make sure I am broadcasting one of my higher rated fake SINs. In addition to validate the checksum of my fake SIN the SIN verification unit in the lobby also validate the consistency of several random pieces of on-line data attached to the fake SIN, but (due to the higher threshold of my higher rated fake SIN) still fail to find any apparent gaps and decides to inform to the SIN verification unit operator that I am indeed a legit citizen.

Next stop is the close proximity RFID scanner. I could have used an illegal skeleton key here (a so called maglock passkey) or hire a decker, but since we probably needed an authentic looking badge in order to fool hired corporate security and Odsh's co-workers anyway we instead decided already two weeks ago to swipe the real badge from Odsh while he was using public transportation on his way to work as normal, ran it through a key card copier and then palmed it back to him before he noticed. We then used forgery to make it look like an authentic corporate badge. As we suspect that some sort of alert might be triggered if it appear as if Odsh arrive to work twice in the same day the rest of the team is tasked at delaying Odsh long enough for the operation to be completed.

Through various legwork activities (matrix search, contact networking, using micro drones to infiltrate, interviewing, etc) my team found out about the voice recognition unit and also the exact pass phrase that is being used. My team had several options here. If I had been an adept with Vocal Control Power or if I had been augmented with Voice Modulator ware then I could perhaps try to mimic the unique voice pattern of Odsh. Or we could have hired a decker to override the security device remotely by hacking the host. Instead we went with the following solution.

In order to look like Odsh I decided to use a combination of Prosthetic makeup and bio-sculpting (but had I been an adept then I could have used Cosmetic Control or as a magician I could have used Physical Mask etc) and then rely on my impersonation specialization in order to walk the walk and talk the talk in case I would run into any of Odsh's coworkers.

(edit to fix the url)
« Last Edit: <06-05-22/0636:28> by Xenon »

FastJack

  • *
  • Administrator
  • Prime Runner
  • *****
  • Posts: 6367
  • Kids these days...
« Reply #61 on: <06-05-22/0812:27> »
This is how I imagine corporate security to work in Shadowrun...
That's a great example, but what has it to do with Commlinks recognizing a stranger and using their persona?

Smogg

  • *
  • Newb
  • *
  • Posts: 35
« Reply #62 on: <06-22-22/0609:56> »
My take on the Persona issue.

You have a Persona in the matrix that only you can use, but how to prevent someone from just snatching your Hermes Icon while you are accessing the matrix. Now they can continue where you left off right?

So mecanically this is not possible. This problem has somehow been solved in the future. It is really something we would want to solve already today, but we don't have a solution to how it's done because it's not invented yet!

That aside, lets think out of the box. What factors could play a role to ensuring no one else can hijack your persona:
- Commlink can likely detect if it's dropped, picked up or handed off to another person from the motion sensor.
- Personal Code. Maybe you need to "log in" using codes or patterns at regular intivals to ensure it's you.
- Biometrics.
- Behavior patterns. How long do you pause. How fast do you input data. What typos do you always make.
- Nearby equipment. Does your persona expect you wear that favorite jacket or necklace that is wireless on.
- Location/Timing. Are you physically in the GPS locations you usually frequent or did you go off route?
- Matrix activity. Are you accessing the matrix in ways you usually do, or are you doing something completely new?
- Maybe wirelss cameras in the environment contribute to ensuring it's not someone else holding the commlink
- Are you using your persona from somewhere else at the same time?
- Are you physically handling your commlink like you use to? holding it in the usual angle?

Imagine any of those parameters start to move into "unusual" mode. Then the matrix may prompt additional biometric test and passwords and what not.

I am not saying all this or any of this is really the solution. It's not invented yet, but it's an idea of what could be involved in making sure a persona is not hijacked.
« Last Edit: <06-22-22/0611:48> by Smogg »

Odsh

  • *
  • Chummer
  • **
  • Posts: 151
« Reply #63 on: <06-22-22/1400:58> »
In the end, it all boils down to authentication. And probably being myself a software engineer and having real life knowledge of this interferes (heavily) with what was imagined for Shadowrun.

What everyone seems to agree on is that the persona is tied to an individual's biometrics - specifically his unique "brainwaves". Because of that, you can't change your persona (in appearance, yes, but not to the point where it is considered to be a different persona) and you can't use someone else's persona. Or at least, nobody has managed to do it yet.

What also seems to be a consensus (is it?) is that you can track and keep a history of a specific persona's activity in the matrix. Or at least, people are able to extract that kind of information from the matrix.

"That persona, on the 28th November last year, breached and hacked an Ares security host."

The matrix itself, however, behaves in a peculiar way when reacting to hacking attempts, since it "forgets" everything about the hacker's persona upon reboot. The explanation here is that "nobody fully understands the matrix". At least, apparently not enough to improve this behaviour.

All that is fine, I can live with that.

However, what is apparently also not possible is to make a link between someone's persona and his real-life identity.

"Sir, we spotted an unauthorized persona that hacked its way into our secured host."
"And?"
"We tracked down his physical location while our intrusion countermeasures rendered him unconscious."
"Very good."
"Our physical response team quickly went to the scene and apprehended him."
"Excellent, good job."
"We have thus identified the perpetrator. He was not carrying any identification, but we found a SIN matching his biometrics."
"Perfect."
"Sir, may I ask you a question."
"Of course, go on."
"We have a full dossier of all known and recorded illegal activities perpetrated by this persona."
"That is correct recruit, that we do."
"And we will continue to record any future such activities."
"I don't see why we wouldn't."
"And we have the SIN and all the biometrics we could want from this hacker."
"Also correct, yes."
"So we can now easily put a name on all these crimes perpetrated by this persona in the past, but also all potential ones in the future. He's forever burned, right?"
"Ho ho ho, don't be silly, nobody has ever been able to do that. You have much to learn, recruit."

Nope, doesn't work for me.

Odsh

  • *
  • Chummer
  • **
  • Posts: 151
« Reply #64 on: <06-22-22/1424:39> »
I am not saying all this or any of this is really the solution. It's not invented yet, but it's an idea of what could be involved in making sure a persona is not hijacked.

Not directly related, but many of the things you mention are very similar to the kind of verifications made through the captcha where you prove that you're not a robot just by clicking on a checkbox. It's not just the mouseclick itself, but many other things and behavioural patterns that are analysed.
https://medium.com/a-dose-of-curiosity/how-does-the-i-am-not-a-robot-checkbox-work-c24d426a82a1

"Google will analyse your behaviour before, during and after clicking the checkbox to determine whether you appear human"