By using AMASE an organization can create a full stack user identity. When an identity is provisioned it is assigned an AMASE MAC address. The AMASE MAC address is assigned a static IP address. When the user logs into a workstation the higher-layers are bound to the active session. Essentially:
- A user logs into a workstation to establish an identity authorized session.
- The AMASE MAC address tied to the identity is assigned to the NICs. (A log being created that maps device name and original MAC to AMASE MAC and identity).
- The static IP address is bound to the NICs.
- Network devices limit the flow of traffic from the identity based on MAC address, IP address, and user identity.
- Any non-AMASE, dynamic IP addresses, unauthorized identities, or non-organization host names (computer/device names) are quarantined.
This architecture permits the total full-stack control of identities without complex protocol, port filtering, port security, identity, or other rules while increasing non-repudiation and incident response activities. If a device becomes compromised, performs a malicious action, or begins leaking data a quick check of the MAC address or IP address will reveal the identity whom was present for the compromise and the host name should indicate device location, purpose, and sensitivity level.