Account Authority Digital Signature AADS Lynn Wheeler First Data Corporation

AADS Infrastructure l Adaptable, long life (tens of years) infrastructure l Adaptable payment infrastructure l Adaptable authentication infrastructure l Adaptable authorization infrastructure l Adaptable risk management

AADS Infrastructure l Small granularity of pieces that are parameterized l Support wide range of cost/value applications l Allow coexistence of different cost/value implementations l Allow, incremental upgrades of individual pieces of infrastructure

AADS Infrastructure l Parameterized assurance levels –cryptography –hardware l Incrementally reflect assurance level changes l Incrementally upgrade individual components

AADS Infrastructure l Parameterized Risk Management –certified audit trail establishing component assurance levels l adaptable, parameterized –assurance levels –authentication levels –authorization levels –cost –value

AADS Infrastructure l Establish best-of-breed components l Establish optimal implementations at multiple cost points l Establish business process for component assurance level certified audit trail

AADS Infrastructure l Adapt card personalization process l On chip public/private key generation l Certified audit trail binding public key to hardware and cryptography assurance levels l Certified assurance level binding made available to parameterized risk management business processes l Assurance levels change over time

AADS Infrastructure CFI consumer account public key registration consumer Personalization certified audit trail hardware token

AADS Infrastructure l Card personalization infrastructure optimal business process for enabling consumer AADS l Certified Audit Trail Binding –public key –hardware token assurance –cryptography assurance –consumer delivery –activation process l Trusted Infrastructure for delivery of certified information

Account Authority Digital Signature AADS l Business-centric strong authentication l Integrated into existing business processes l Leverages existing investment in high-integrity, account based operations l Basic building block for all electronic business operations l Fast, efficient, compact ECC

Compared to Certificate Authority model l leverages existing infrastructure investment l maintains existing business and customer relationships l does not disintermediate with additional business operations l introduces no new liability problems l introduces no new privacy problems l introduces no systemic risks

X9.59 Payment CFIMFI Merchant Consumer account X9.59 X9.15 ISO8583 public key registration

AADS Strong Authentication –single ECC digital signature card –single function, secure card –multiple online applications supported AADS chip financial applications ISPs Web servers

Certificate Authority Model l Creates new expensive infrastructure l Requires new trust and risk models l Changes existing business relationships l Creates privacy concerns l Disintermediates existing account holders l Designed for electronic but offline operation l No real time information

AADS l Businesses have long used accounts for identity and attribute binding. l Current financial infrastructure use information binding in accounts to authenticate non-face-to- face transactions –mother's maiden name –PIN - Personal Identification Number –SSN - social security number l ECC short key lengths represent low impact on account records

AADS l Current financial infrastructure can extend existing business processes to support higher integrity electronic commerce by adding public key binding and digital signature verification to existing account infrastructures

AADS Based Authentication l compute secure hash of document or transaction l use private key to encrypt the hash (forming digital signature) l push document/transaction and digital signature to recipient

AADS Based Authentication l recipient (account authority) –uses public key in account to authenticate digital signature –used identity/attribute information in the account to validate/authorize document or transaction

AADS Cost Sharing –majority of Certificate Authority operation is account management –digital signature capability can be added to financial accounts for 1%-5% –existing non-digital signature applications cover 95%-99% of account costs –financial digital signature applications cover 90%- 95% of digital signature costs –non-financial digital signature applications need to cover 1/200th to 1/2000th of account infrastructure

AADS Cost Sharing Existing Financial applications continue to fund majority of infrastructure Account Infrastructure Costs AADS fraction

AADS l leverages existing account infrastructures l operates within existing business processes l adds public key registration to existing process l doesn't spray identity certificates all over the world raising privacy concerns l doesn't rely on third parties and/or create additional liability problems –no new identity databases –privacy neutral

AADS l digital signature (only) appended on transactions –easily fits into existing legacy financial networks –doesn't create new business dependencies –doesn't create systemic risks –no new failure modes »especially critical to triple redundant, high integrity financial infrastructure

AADS - Account Operation l debit-card account: | accnt# | balance | name | addr | MM name | pin | ssn | –Mother's maiden name, PIN, and SSN have drawback that they can be used to both originate a non-face-to-face transaction as well as verify a transaction (can generate fraudulent transaction by knowing value)

AADS | account# | balance | limit | name | address | public key| –existing business process can be used for public key registration –in existing PKI terms, the account record represents the binding of attributes to the public key; however the actual orientation is core business operation (not an external operation) –can’t originate fraudulent transaction by knowing the public key

X9.59 l Finance Industry standard for all account-based payment methods l based on AADS l public key is registered in account record l all transactions are digital signed l privacy neutral –no identity information needed, even at POS

X9.59 l consumer's financial institution both authenticates and authorizes the transactions –doesn't separate authentication & authorization... security 101 l merchant not involved in authentication or identification l no certificates spewing identity information all over the world

X9.59 Payment CFIMFI Merchant Consumer account X9.59 X9.15 ISO8583 public key registration

AADS Chip-card l Business Centric –no “cryptography is the answer, now what is the question” –no “smartcard is the answer, now what is the question” l Strong Authentication is the business requirement –create fundamental business building block –optimal cost/benefit

AADS Strawman l Tempested l Immune to all known smartcard attacks l Simple function in support of AADS –generate public/private key –export public key –private key never known –EC-DSS signing l Less than $1.50

AADS Strawman l Additional Chip Functions –support for on-card biometrics sensor –contactless l Compelling business case for strong authentication only –EC-DSS digital signature only –additional functions as business requirements are justified –strong authentication is fundamental business building block