Banking on interoperability

Secure, interoperable credential management

Glenn Benson, Shiu Kai Chin, Sean Croston, Karthick Jayaraman, Susan B Older

Research output: Contribution to journalArticle

4 Citations (Scopus)

Abstract

An interoperable credential system allows users to reference a single asymmetric key pair to logon to multiple web sites and digitally sign transactions. Models that govern how keys are created, authorized, validated, and revoked are a crucial part of such a system. These models have security, scalability, and liability implications for businesses, so the requirements vary depending on the parties involved. However, the prevailing the public key infrastructure (PKI) system does not meet these diverse needs. PKI requires a certificate authority (CA) to act as a trusted third party for the parties in a transaction. For example, PKI features a receiver key validation model that requires the receiver of the transaction to communicate with a CA to validate the sender's key used to sign a transaction. These aspects conflict with liability concerns and interoperability goals of businesses doing high-value transactions such as wholesale banking. This paper presents Partner Key Management (PKM) as a mechanism which sufficiently addresses security and liability concerns of businesses performing high-value online transactions, and uses wholesale banking as the motivating example. PKM does not rely on a trusted third party, and features several flexible revocation models to accommodate diverse regulations. PKM is not merely a proposal. Rather, the financial industry has implemented the technology in some of its wholesale banking sites thereby securing millions of dollars of transactions every day. Finally, this paper justifies the security of PKM and its flexible revocation models; and illustrates the justification with proofs through formal logic.

Original languageEnglish (US)
Pages (from-to)235-251
Number of pages17
JournalComputer Networks
Volume67
DOIs
StatePublished - Jul 4 2014

Fingerprint

Interoperability
Industry
Formal logic
Scalability
Websites

Keywords

  • Authentication
  • Authorization
  • Certificate
  • Protocols
  • Trust
  • Wholesale banking

ASJC Scopus subject areas

  • Computer Networks and Communications

Cite this

Banking on interoperability : Secure, interoperable credential management. / Benson, Glenn; Chin, Shiu Kai; Croston, Sean; Jayaraman, Karthick; Older, Susan B.

In: Computer Networks, Vol. 67, 04.07.2014, p. 235-251.

Research output: Contribution to journalArticle

Benson, Glenn ; Chin, Shiu Kai ; Croston, Sean ; Jayaraman, Karthick ; Older, Susan B. / Banking on interoperability : Secure, interoperable credential management. In: Computer Networks. 2014 ; Vol. 67. pp. 235-251.
@article{a7e45c7786be496f9d1ba8276dc935fb,
title = "Banking on interoperability: Secure, interoperable credential management",
abstract = "An interoperable credential system allows users to reference a single asymmetric key pair to logon to multiple web sites and digitally sign transactions. Models that govern how keys are created, authorized, validated, and revoked are a crucial part of such a system. These models have security, scalability, and liability implications for businesses, so the requirements vary depending on the parties involved. However, the prevailing the public key infrastructure (PKI) system does not meet these diverse needs. PKI requires a certificate authority (CA) to act as a trusted third party for the parties in a transaction. For example, PKI features a receiver key validation model that requires the receiver of the transaction to communicate with a CA to validate the sender's key used to sign a transaction. These aspects conflict with liability concerns and interoperability goals of businesses doing high-value transactions such as wholesale banking. This paper presents Partner Key Management (PKM) as a mechanism which sufficiently addresses security and liability concerns of businesses performing high-value online transactions, and uses wholesale banking as the motivating example. PKM does not rely on a trusted third party, and features several flexible revocation models to accommodate diverse regulations. PKM is not merely a proposal. Rather, the financial industry has implemented the technology in some of its wholesale banking sites thereby securing millions of dollars of transactions every day. Finally, this paper justifies the security of PKM and its flexible revocation models; and illustrates the justification with proofs through formal logic.",
keywords = "Authentication, Authorization, Certificate, Protocols, Trust, Wholesale banking",
author = "Glenn Benson and Chin, {Shiu Kai} and Sean Croston and Karthick Jayaraman and Older, {Susan B}",
year = "2014",
month = "7",
day = "4",
doi = "10.1016/j.comnet.2014.03.024",
language = "English (US)",
volume = "67",
pages = "235--251",
journal = "Computer Networks",
issn = "1389-1286",
publisher = "Elsevier",

}

TY - JOUR

T1 - Banking on interoperability

T2 - Secure, interoperable credential management

AU - Benson, Glenn

AU - Chin, Shiu Kai

AU - Croston, Sean

AU - Jayaraman, Karthick

AU - Older, Susan B

PY - 2014/7/4

Y1 - 2014/7/4

N2 - An interoperable credential system allows users to reference a single asymmetric key pair to logon to multiple web sites and digitally sign transactions. Models that govern how keys are created, authorized, validated, and revoked are a crucial part of such a system. These models have security, scalability, and liability implications for businesses, so the requirements vary depending on the parties involved. However, the prevailing the public key infrastructure (PKI) system does not meet these diverse needs. PKI requires a certificate authority (CA) to act as a trusted third party for the parties in a transaction. For example, PKI features a receiver key validation model that requires the receiver of the transaction to communicate with a CA to validate the sender's key used to sign a transaction. These aspects conflict with liability concerns and interoperability goals of businesses doing high-value transactions such as wholesale banking. This paper presents Partner Key Management (PKM) as a mechanism which sufficiently addresses security and liability concerns of businesses performing high-value online transactions, and uses wholesale banking as the motivating example. PKM does not rely on a trusted third party, and features several flexible revocation models to accommodate diverse regulations. PKM is not merely a proposal. Rather, the financial industry has implemented the technology in some of its wholesale banking sites thereby securing millions of dollars of transactions every day. Finally, this paper justifies the security of PKM and its flexible revocation models; and illustrates the justification with proofs through formal logic.

AB - An interoperable credential system allows users to reference a single asymmetric key pair to logon to multiple web sites and digitally sign transactions. Models that govern how keys are created, authorized, validated, and revoked are a crucial part of such a system. These models have security, scalability, and liability implications for businesses, so the requirements vary depending on the parties involved. However, the prevailing the public key infrastructure (PKI) system does not meet these diverse needs. PKI requires a certificate authority (CA) to act as a trusted third party for the parties in a transaction. For example, PKI features a receiver key validation model that requires the receiver of the transaction to communicate with a CA to validate the sender's key used to sign a transaction. These aspects conflict with liability concerns and interoperability goals of businesses doing high-value transactions such as wholesale banking. This paper presents Partner Key Management (PKM) as a mechanism which sufficiently addresses security and liability concerns of businesses performing high-value online transactions, and uses wholesale banking as the motivating example. PKM does not rely on a trusted third party, and features several flexible revocation models to accommodate diverse regulations. PKM is not merely a proposal. Rather, the financial industry has implemented the technology in some of its wholesale banking sites thereby securing millions of dollars of transactions every day. Finally, this paper justifies the security of PKM and its flexible revocation models; and illustrates the justification with proofs through formal logic.

KW - Authentication

KW - Authorization

KW - Certificate

KW - Protocols

KW - Trust

KW - Wholesale banking

UR - http://www.scopus.com/inward/record.url?scp=84900431578&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84900431578&partnerID=8YFLogxK

U2 - 10.1016/j.comnet.2014.03.024

DO - 10.1016/j.comnet.2014.03.024

M3 - Article

VL - 67

SP - 235

EP - 251

JO - Computer Networks

JF - Computer Networks

SN - 1389-1286

ER -