Casey LideDirector, Education Services

Digital Signature TrustWashington DC

EDUCAUSE PKI Summit Meeting

Snowmass Village, COAugust 9-10, 2001

Russel WeiserPrincipal ScientistDigital Signature TrustSalt Lake City, UT

Topical Agenda

• Why PKI, why outsource it … why DST?• E-signing, form-signing• TrustExchange• Education Perspectives• Three Big Issues• New DST Offering• Alice Goes to College...

About Digital Signature Trust

• First licensed Certification Authority (CA) in U.S.• Offices: Salt Lake City, UT; Washington, D.C.• First (and one of three) approved vendor for GSA ACES

program (providing CA services for federal government agencies). Awarded majority of ACES task orders serving various federal agencies

• Provider of comprehensive PKI services for first major state installations (States of Washington, Utah)

• Ownership interests: Zions Bancorp, American Bankers Association

About Digital Signature Trust

• Financial Services• Education• Healthcare• Federal Government• State & Local Government• Commercial Markets

DST Services

•Outsourced CA services •PKI Policy Development, Risk Absorption•Registration, Identification & Authentication Services

•Certificate Lifecycle Management •Electronic signatures & e-form signing/creation•Workflow/ BPR•Applications development/consulting•Secure Archival•Training

About Digital Signature Trust

Certification Authority for TrustID® Digital Certificates• Persistent, interoperable digital credential, usable by

anyone who wants to • TrustID® warranty for Authorized Relying Parties:

• $100,000/transaction, $250,000/certificate• Certificate Policy administered by American Bankers

Association• Modeled after credit card industry• Operations hosted at DST SecFac (Salt Lake City, UT)

Why PKI … why outsource it … why DST

Ideally, enables:

• Mutual authentication technology and legal construct for anyone who wants/needs to use it

• Confidentiality• Non-repudiation• Data integrity/staying power

But, scalability of the security mechanism is equally important...

Technical Scalability

PKI =• Established or evolving standards (X.509v3, OCSP,

LDAPv3)• Single infrastructure (vs multiple passwords)• Proven technology. • Certificate-enabled e-signing applications improving

dramatically

PKI = • No duplicative PIN/password administration (very

inefficient, non-interoperable)• One interoperable infrastructure, with cost spread among

users• Organizations either purchase/sponsor issuance of

certificates, or pay a validation fee for guaranteed reliance (DST model)

• Ideal issuers: entities that can/will use the certificate for a wide variety of applications & transactions. (And that can be RAs…)

Economic Scalability

DST Model: • Contractual framework, administered by the CA/PMA, that

allocates risk and establishes rules among any and all:•issuers•relying parties•subscribers

• Warranty encourages adoption and acceptance by Relying Parties, CA encouraged to find them (it scaled for Visa…)

• Liability shifts away from the Relying Party (which may previously have run a PIN infrastructure) and to the Certificate Authority

• DST model: TrustID = single Certificate Policy = simplest policy interoperability

Policy Scalability

Risk ManagementCertification

AuthorityRepository

Subscriber Relying Party

Risks Outsourced / Transferred to CA (or that should be)

1. PKI Technology

2. Identity & Authentication

3. Staffing & Operations

4. Repository Operations

Risk

5. Certificate Maintenance

6. Reliance Liability

7. Setup Cost & Time

8. Leverage PKI Expertise

TrustID®: A persistent, guaranteed digital credential that can serve an entire community of interest, and beyond:

• Standardized testing agencies/services• Colleges and universities• Government agencies• Anyone who touches the student financial aid

system• Anyone else who chooses to be a relying

party (which the CA has an incentive to go out and sign up, adding to the value of the certificate, increasing use…)

Technical + Economic + Policy Scalability =

So Why Outsource CA Services?

• Why do you want to be a CA???• High operational overhead for CAs• CA = audits, audits, audits• VERY high policy/legal overhead for CAs• CA worries about bridging, etc. • Running a CA requires uncommon expertise, or lots of time and

effort to learn about it• In-house takes a LOT longer (Your time isn’t free)• Having several thousand institutional CAs is not the quickest,

simplest, or best route to an effective, interoperable community-of-interest (and beyond) PKI

• Aggregation of demand = quantity discounts• The RP may require it (e.g., warranted certificate)

The Problem With the Enterprise CA Model

= Enterprise trading partner/subscriber

1 = Enterprise CA (each w/own CP)

Trading partners that will require multiple legal relationships, certificates, policy mappings...

3

21

TrustID® Model

Cust 1

Cust 2

Cust 3

Cust n

RP n

RP 2

RP 1

TrustID Holders

TrustID Relying Parties

Bank

DST

TrustID Issuers

School

DST TrustID® Cost Model•Either sponsor the issuance of certificates, or pay a validation fee for guaranteed reliance (modeled on credit card industry)

•Spread the cost among the users of the contractual and technical infrastructure

Startup Certificate Pricing

• Volume Pricing for Certificate Sponsors• RA Pricing (no transaction fees!)

Transaction Pricing (Relying Parties)• OCSP• Warranty Included• Flat Monthly Fee or Per Transaction

Digital Signatures and E-Signing

• Made for each other!• But, need another piece for interaction between

private key and form• Enterprise-focused form-signing applications• Zions E-Commerce group eSign consortium

• iLumin• E-Lock• icomXpress• thinkXML

• DST: eSign n.0• SimpleSign

TrustExchange®

TrustExchange Coordinator - Certificate access control server

• Simple Access Control• API or full Proxy Modes of operation• Audit logging of transactions• NT or Solaris PlatformHow it works!Present certificate (Optional second factor authentication via password)

OCSP validation Signed OCSP requests Signed OCSP responsesSupports Multiple CA hierarchies CRL or OCSP in proxy mode.

Education Perspectives & Other Stuff

• “Issuers” • RA = no validation fees for those certificates• Relying Parties• Student Financial Aid• Tokens & Mobility

• Smart cards, USB

• CyberMark

• Bridge CAs• dc= naming• Levels of Assurance

TrustID KickStart™

For a one-time setup fee:

• TrustID common policy infrastructure (TrustID CP) • TrustID ARP Warranty• TrustExchange® Validation and Access Control Software

• Installation by DST Professional Services (one day)• Training by DST Professional Services (one day)

• One additional day of DST Professional Services• DST first-level customer support• 500 TrustID certificate vouchers (any type, including SSL/server)• Available RA option (RAMP, TSRA)• Concept of Operations• Five-day implementation

3 Big Issues ...

1. Roaming, usability (private key management)

2. Certificate distribution & timing

3. Legacy/PIN migration

So, what we REALLY need is...

Security, nonrepudiation and scalability provided by digital signatures

combined with

usability and roaming of a PIN infrastructure

New DST Offering!

DST Roaming & PIN Migration Solution: Password-Based TrustID®

DST Roaming & PIN Migration Solution

Technology licensed to DST for use with TrustID®.

Regular 2-key RSA mandates that the user have and manage somehow a long private key (1024 bits). Hence, low usability or need for smart cards. Hence, poor adoption.

3-key RSA system instead of usual 2-key RSA. Long private key broken into two pieces; one derived from the user’s chosen password, the other stored on an appliance hosted by DST. User only needs a password!

It has been mathematically proven that the 3-key system is exactly as secure from an attacker as 2-key RSA

It can be informally thought of as a network-based “soft” smart card that is created at whichever desktop the user is present (and which has a 400kb plug-in, downloaded once).

Uses and interoperates with usual PKI standards

d1

Password

d2• The Practical PKI appliance has key d2 for Alice which ONLY it knows.

Process1. Alice authenticates to appliance, sets up secure

channel and sends message, M.2. Appliance performs partial signature on M with

its key for Alice d2.3. Alice completes signature with her key d1.

DST Roaming Solution

PKI Appliance

d2

• Alice has password P, which ONLY she knows. Password P expands to key d1 on computer.

d1

CC C

A

ID: Castle CorpFN: CastleLN: Corp..

• Alice has pre-existing public certificate, with public key signed by a CA (sent to Alice or to RP application via DST)

CA

1) Roaming and UsabilityPassword (+ plugin) = full PKI, anywhere, with

ease of use of a self-selected password

2) & 3) Certificate Distribution, Legacy PINs

Can use pre-existing shared-secret PIN as an identity- proofing element to issue a digital certificate

PIN acts as initial activation code, then changed by user to self-selected password (which then can act just like her original PIN, or, if the plug-in is present, her private key)

Secure issuance of a PIN is all we need to get new users started (any accredited RA procedure...)

The Big Issues, revisited:

Alice Goes to College...In her Junior year of high school, Alice registers to take a standardized test for college-bound students. She shows up at the testing facility and the test proctor, after checking her government-issued photo ID, hands her a small, sealed envelope. Inside are a PIN and some instructions.

A few weeks later, Alice gets on her laptop computer at home and visits the [testing service] website to check her score. She is prompted to enter her assigned PIN (logging onto the appliance), and to change her password. Behind the scenes (if she chooses to download the 400kb plugin at this time, which takes about 60 seconds because her Dad won’t get DSL), keys are generated and a digital certificate created. The testing service allows access to her score.

One day in September (while visiting her aunt in Paducah) Alice uses her relative’s computer and visits the Department of Education website to fill out a FAFSA. She gains access to the form application using her self-selected password, and partially completes the form. Unfortunately she doesn’t have all the required information with her, so she finishes it up the next week at home.

Shortly after, with her heart set on attending the University of Alabama at Birmingham, Florida State University, or Brigham Young, she electronically signs and submits applications for admission from a computer in her school library (which already has the plugin installed). The universities use and rely on her PKI digital credential to establish an initial account and provide other services for her.

Having received notice about her award and seeking a Direct Loan, Alice visits the Department of Education website using her laptop. She’s already downloaded the plug-in to her laptop (or if she hasn’t, she’s prompted to do so because the lender wants the increased security, data integrity, and warranty protection provided by a digital signature). She progresses through the promissory note e-signing application for Direct Loans, and executes a full-fledged digital signature on the signed note. The Department, as an ARP, is protected by the DST warranty. Alice prints out a PDF version of the electronically signed note that includes on it the 160-bit digital signature.

Alice Goes to College, cont’

Finally at school, Alice takes advantage of the fast Internet connection provided by the university and during her first week signs up for an MP3 subscription service. The service, requiring guaranteed mutual authentication for access to its MP3 servers, has been set up by DST as a Relying Party and is configured to use the same digital credential Alice has been using for awhile now.

Over the months, Alice uses her password and digital credential to register for classes and access her confidential account maintained by the university, to obtain class reference materials from major publishers who have a contract with the university, to e-sign and electronically submit a lot of paperwork required by the school, to submit classwork to & receive feedback from professors, to renew her automobile registration with the state DMV, and to access and transfer funds at the local bank. To do this, Alice uses her laptop, her PDA, the various computer labs around campus, and her friend Bob’s desktop machine.

After about a year from receiving the first digital certificate, Alice is prompted to renew and get another one. Fortunately, her school sponsors the issuance of TrustID to its students, faculty and staff, (and is even considering offering it as a service to alumni...). ...THE END

Alice Goes to College, cont’

Anyone can say . they’re

somebody. . We can prove it.

Casey LideDirector, Education Svcs

Digital Signature TrustWashington, D.C.

202.543.6688casey.lide@trustdst.com

www.trustdst.com

Russel WeiserPrincipal ScientistDigital Signature Trust CoSalt Lake City, UTruss.weiser@trustdst.com