Post on 27-Dec-2015
transcript
Account Authority Digital Signature AADS
Lynn Wheeler
First Data Corporationlynn@garlic.com
http://www.garlic.com/~lynn
AADS Infrastructure
Adaptable, long life (tens of years) infrastructure Adaptable payment infrastructure Adaptable authentication infrastructure Adaptable authorization infrastructure Adaptable risk management
AADS Infrastructure
Small granularity of pieces that are parameterized
Support wide range of cost/value applications Allow coexistence of different cost/value
implementations Allow, incremental upgrades of individual
pieces of infrastructure
AADS Infrastructure
Parameterized assurance levels– cryptography– hardware
Incrementally reflect assurance level changes Incrementally upgrade individual components
AADS Infrastructure
Parameterized Risk Management– certified audit trail establishing component assurance
levels adaptable, parameterized
– assurance levels– authentication levels– authorization levels– cost– value
AADS Infrastructure
Establish best-of-breed components Establish optimal implementations at multiple
cost points Establish business process for component
assurance level certified audit trail
AADS Infrastructure
Adapt card personalization process On chip public/private key generation Certified audit trail binding public key to
hardware and cryptography assurance levels Certified assurance level binding made available
to parameterized risk management business processes
Assurance levels change over time
AADS Infrastructure
CFI
consumer
account
public key registration
consumerPersonalizationcertified audittrail hardware
token
AADS Infrastructure
Card personalization infrastructure optimal business process for enabling consumer AADS
Certified Audit Trail Binding– public key– hardware token assurance– cryptography assurance– consumer delivery– activation process
Trusted Infrastructure for delivery of certified information
Account Authority Digital Signature AADS
Business-centric strong authentication Integrated into existing business processes Leverages existing investment in high-integrity,
account based operations Basic building block for all electronic business
operations Fast, efficient, compact ECC
Compared to Certificate Authority model
leverages existing infrastructure investment maintains existing business and customer
relationships does not disintermediate with additional
business operations introduces no new liability problems introduces no new privacy problems introduces no systemic risks
AADSStrong Authentication
– single ECC digital signature card– single function, secure card– multiple online applications supported
AADSchip
financialapplications
ISPs
Web servers
Certificate Authority Model
Creates new expensive infrastructure Requires new trust and risk models Changes existing business relationships Creates privacy concerns Disintermediates existing account holders Designed for electronic but offline operation No real time information
AADS
Businesses have long used accounts for identity and attribute binding.
Current financial infrastructure use information binding in accounts to authenticate non-face-to-face transactions– mother's maiden name– PIN - Personal Identification Number– SSN - social security number
ECC short key lengths represent low impact on account records
AADS
Current financial infrastructure can extend existing business processes to support higher integrity electronic commerce by adding public key binding and digital signature verification to existing account infrastructures
AADS Based Authentication
compute secure hash of document or transaction use private key to encrypt the hash (forming
digital signature) push document/transaction and digital signature
to recipient
AADS Based Authentication
recipient (account authority)– uses public key in account to authenticate digital
signature– used identity/attribute information in the account to
validate/authorize document or transaction
AADSCost Sharing
– majority of Certificate Authority operation is account management
– digital signature capability can be added to financial accounts for 1%-5%
– existing non-digital signature applications cover 95%-99% of account costs
– financial digital signature applications cover 90%-95% of digital signature costs
– non-financial digital signature applications need to cover 1/200th to 1/2000th of account infrastructure
AADSCost Sharing
Existing 0.95financial 0.045other 0.005
Existing Financial applications continueto fund majority of infrastructure
Account Infrastructure Costs
AADS fraction
AADS
leverages existing account infrastructures operates within existing business processes adds public key registration to existing process doesn't spray identity certificates all over the world
raising privacy concerns doesn't rely on third parties and/or create additional
liability problems– no new identity databases– privacy neutral
AADS
digital signature (only) appended on transactions– easily fits into existing legacy financial networks– doesn't create new business dependencies – doesn't create systemic risks– no new failure modes
» especially critical to triple redundant, high integrity financial infrastructure
AADS - Account Operation
debit-card account:| accnt# | balance | name | addr | MM name | pin | ssn |
– Mother's maiden name, PIN, and SSN have drawback that they can be used to both originate a non-face-to-face transaction as well as verify a transaction (can generate fraudulent transaction by knowing value)
AADS
| account# | balance | limit | name | address | public key|
– existing business process can be used for public key registration
– in existing PKI terms, the account record represents the binding of attributes to the public key; however the actual orientation is core business operation (not an external operation)
– can’t originate fraudulent transaction by knowing the public key
X9.59
Finance Industry standard for all account-based payment methods
based on AADS public key is registered in account record all transactions are digital signed privacy neutral
– no identity information needed, even at POS
X9.59
consumer's financial institution both authenticates and authorizes the transactions – doesn't separate authentication & authorization ...
security 101 merchant not involved in authentication or
identification no certificates spewing identity information all
over the world
AADS Chip-card
Business Centric– no “cryptography is the answer, now what is the
question”– no “smartcard is the answer, now what is the
question” Strong Authentication is the business
requirement– create fundamental business building block– optimal cost/benefit
AADS Strawman
Tempested Immune to all known smartcard attacks Simple function in support of AADS
– generate public/private key– export public key– private key never known– EC-DSS signing
Less than $1.50
AADS Strawman
Additional Chip Functions– support for on-card biometrics sensor– contactless
Compelling business case for strong authentication only– EC-DSS digital signature only– additional functions as business requirements are
justified– strong authentication is fundamental business building
block