Account Authority Digital Signature AADS

Lynn Wheeler

First Data Corporationlynn@garlic.com

http://www.garlic.com/~lynn

AADS Infrastructure

Adaptable, long life (tens of years) infrastructure Adaptable payment infrastructure Adaptable authentication infrastructure Adaptable authorization infrastructure Adaptable risk management

AADS Infrastructure

Small granularity of pieces that are parameterized

Support wide range of cost/value applications Allow coexistence of different cost/value

implementations Allow, incremental upgrades of individual

pieces of infrastructure

AADS Infrastructure

Parameterized assurance levels– cryptography– hardware

Incrementally reflect assurance level changes Incrementally upgrade individual components

AADS Infrastructure

Parameterized Risk Management– certified audit trail establishing component assurance

levels adaptable, parameterized

– assurance levels– authentication levels– authorization levels– cost– value

AADS Infrastructure

Establish best-of-breed components Establish optimal implementations at multiple

cost points Establish business process for component

assurance level certified audit trail

AADS Infrastructure

Adapt card personalization process On chip public/private key generation Certified audit trail binding public key to

hardware and cryptography assurance levels Certified assurance level binding made available

to parameterized risk management business processes

Assurance levels change over time

AADS Infrastructure

CFI

consumer

account

public key registration

consumerPersonalizationcertified audittrail hardware

token

AADS Infrastructure

Card personalization infrastructure optimal business process for enabling consumer AADS

Certified Audit Trail Binding– public key– hardware token assurance– cryptography assurance– consumer delivery– activation process

Trusted Infrastructure for delivery of certified information

Account Authority Digital Signature AADS

Business-centric strong authentication Integrated into existing business processes Leverages existing investment in high-integrity,

account based operations Basic building block for all electronic business

operations Fast, efficient, compact ECC

Compared to Certificate Authority model

leverages existing infrastructure investment maintains existing business and customer

relationships does not disintermediate with additional

business operations introduces no new liability problems introduces no new privacy problems introduces no systemic risks

X9.59 Payment

CFI MFI

MerchantConsumer

account

X9.59

X9.15

ISO8583

public key registration

AADSStrong Authentication

– single ECC digital signature card– single function, secure card– multiple online applications supported

AADSchip

financialapplications

ISPs

Web servers

Certificate Authority Model

Creates new expensive infrastructure Requires new trust and risk models Changes existing business relationships Creates privacy concerns Disintermediates existing account holders Designed for electronic but offline operation No real time information

AADS

Businesses have long used accounts for identity and attribute binding.

Current financial infrastructure use information binding in accounts to authenticate non-face-to-face transactions– mother's maiden name– PIN - Personal Identification Number– SSN - social security number

ECC short key lengths represent low impact on account records

AADS

Current financial infrastructure can extend existing business processes to support higher integrity electronic commerce by adding public key binding and digital signature verification to existing account infrastructures

AADS Based Authentication

compute secure hash of document or transaction use private key to encrypt the hash (forming

digital signature) push document/transaction and digital signature

to recipient

AADS Based Authentication

recipient (account authority)– uses public key in account to authenticate digital

signature– used identity/attribute information in the account to

validate/authorize document or transaction

AADSCost Sharing

– majority of Certificate Authority operation is account management

– digital signature capability can be added to financial accounts for 1%-5%

– existing non-digital signature applications cover 95%-99% of account costs

– financial digital signature applications cover 90%-95% of digital signature costs

– non-financial digital signature applications need to cover 1/200th to 1/2000th of account infrastructure

AADSCost Sharing

Existing 0.95financial 0.045other 0.005

Existing Financial applications continueto fund majority of infrastructure

Account Infrastructure Costs

AADS fraction

AADS

leverages existing account infrastructures operates within existing business processes adds public key registration to existing process doesn't spray identity certificates all over the world

raising privacy concerns doesn't rely on third parties and/or create additional

liability problems– no new identity databases– privacy neutral

AADS

digital signature (only) appended on transactions– easily fits into existing legacy financial networks– doesn't create new business dependencies – doesn't create systemic risks– no new failure modes

» especially critical to triple redundant, high integrity financial infrastructure

AADS - Account Operation

debit-card account:| accnt# | balance | name | addr | MM name | pin | ssn |

– Mother's maiden name, PIN, and SSN have drawback that they can be used to both originate a non-face-to-face transaction as well as verify a transaction (can generate fraudulent transaction by knowing value)

AADS

| account# | balance | limit | name | address | public key|

– existing business process can be used for public key registration

– in existing PKI terms, the account record represents the binding of attributes to the public key; however the actual orientation is core business operation (not an external operation)

– can’t originate fraudulent transaction by knowing the public key

X9.59

Finance Industry standard for all account-based payment methods

based on AADS public key is registered in account record all transactions are digital signed privacy neutral

– no identity information needed, even at POS

X9.59

consumer's financial institution both authenticates and authorizes the transactions – doesn't separate authentication & authorization ...

security 101 merchant not involved in authentication or

identification no certificates spewing identity information all

over the world

X9.59 Payment

CFI MFI

MerchantConsumer

account

X9.59

X9.15

ISO8583

public key registration

AADS Chip-card

Business Centric– no “cryptography is the answer, now what is the

question”– no “smartcard is the answer, now what is the

question” Strong Authentication is the business

requirement– create fundamental business building block– optimal cost/benefit

AADS Strawman

Tempested Immune to all known smartcard attacks Simple function in support of AADS

– generate public/private key– export public key– private key never known– EC-DSS signing

Less than $1.50

AADS Strawman

Additional Chip Functions– support for on-card biometrics sensor– contactless

Compelling business case for strong authentication only– EC-DSS digital signature only– additional functions as business requirements are

justified– strong authentication is fundamental business building

block