throbber
Public Key Infrastructure Study
`
`Final Report
`
`April, 1994
`
`National Institute of Standards and Technology
`Gaithersburg, MD
`
`i
`
`Compass Bank, et al.
`Exhibit 1005
`Page 1
`
`

`
`Form SF298 Citation Data
`
`Report Date
`("DD MON YYYY")
`01041994
`
`Title and Subtitle
`Public Key Infrastructure Study
`
`Authors
`
`Report Type
`N/A
`
`Dates Covered (from... to)
`("DD MON YYYY")
`
`Contract or Grant Number
`
`Program Element Number
`
`Project Number
`
`Task Number
`
`Work Unit Number
`
`Performing Organization Name(s) and Address(es)
`National Institute of Standards and Technology Gaithersburg,
`MD
`
`Performing Organization
`Number(s)
`
`Sponsoring/Monitoring Agency Name(s) and Address(es)
`
`Monitoring Agency Acronym
`
`Monitoring Agency Report
`Number(s)
`
`Distribution/Availability Statement
`Approved for public release, distribution unlimited
`
`Supplementary Notes
`
`Abstract
`
`Subject Terms
`"IATAC COLLECTION"
`
`Document Classification
`unclassified
`
`Classification of Abstract
`unclassified
`
`Number of Pages
`192
`
`Classification of SF298
`unclassified
`
`Limitation of Abstract
`unlimited
`
`Compass Bank, et al.
`Exhibit 1005
`Page 2
`
`

`
`REPORT DOCUMENTATION PAGE
`
`Form Approved
`OMB No. 074-0188
`Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and
`maintaining the data needed, and completing and reviewing this collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information,
`including suggestions for reducing this burden to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA
`22202-4302, and to the Office of Management and Budget, Paperwork Reduction Project (0704-0188), Washington, DC 20503
`1. AGENCY USE ONLY (Leave blank)
`2. REPORT DATE
`3. REPORT TYPE AND DATES COVERED
`4/1/94
`Report
`
`4. TITLE AND SUBTITLE
`Public Key Infrastructure (Final Report)
`
`5. FUNDING NUMBERS
`
`6. AUTHOR(S)
`Shimshon Berkovits, Santosh Chokhani, Judith Furlong, Jisoo
`Geiter, Jonathan Guild
`
`7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES)
`
`IATAC
`Information Assurance Technology Analysis
`Center
`3190 Fairview Park Drive
`Falls Church VA 22042
`9. SPONSORING / MONITORING AGENCY NAME(S) AND ADDRESS(ES)
`
`8. PERFORMING ORGANIZATION
` REPORT NUMBER
`
`10. SPONSORING / MONITORING
` AGENCY REPORT NUMBER
`
`Defense Technical Information Center
`DTIC-IA
`8725 John J. Kingman Rd, Suite 944
`Ft. Belvoir, VA 22060
`11. SUPPLEMENTARY NOTES
`
`12a. DISTRIBUTION / AVAILABILITY STATEMENT
`
`12b. DISTRIBUTION CODE
`
` A
`
`13. ABSTRACT (Maximum 200 Words)
`The National Institute of Standards and Technology (NIST) has tasked The MITRECorporation
`to study the alternatives for automated management of public keys and of theassociated
`public key certificates for the Federal Government. The public keys areenvisioned to be
`used for secure electronic commerce. This Public Key Infrastructure (PKI)study focuses on
`the United States Federal Government operations, but also addresses national and global
`issues in order to facilitate the interoperation of protected electronic commerce among
`the various levels of government in the U.S., private citizens, commercial organizations,
`and international organizations. Under the PKI study, policy and legal issues related to
`the operation and the management of the PKI are identified. Architectural and
`implementation alternatives for the PKI are developed. In addition, a methodology to
`determine the cost of the PKI is presented. The results of the PKI study are documented in
`this report. With the information and techniques presented in this report, federal
`agencies will be able to determine which infrastructure alternative is appropriate to
`their needs. In addition, agencies may use the costing methodology presented in the paper
`for planning and budgeting purposes
`14. SUBJECT TERMS
`PKI
`
`15. NUMBER OF PAGES
`
`16. PRICE CODE
`
`17. SECURITY CLASSIFICATION
` OF REPORT
`Unclassified
`
`18. SECURITY CLASSIFICATION
` OF THIS PAGE
`UNCLASSIFIED
`
`19. SECURITY CLASSIFICATION
` OF ABSTRACT
`UNCLASSIFIED
`
`20. LIMITATION OF ABSTRACT
`
`None
`
`Compass Bank, et al.
`Exhibit 1005
`Page 3
`
`

`
` __________________________
`Public Key Infrastructure Study
`Final Report
`
`MTR xxxxx
`
`Dr. Shimshon Berkovits
`Dr. Santosh Chokhani
`Judith A. Furlong
`Jisoo A. Geiter
`Jonathan C. Guild
`
`CONTRACT SPONSOR:
`CONTRACT NO.:
`PROJECT NO.:
`DEPT.:
`
`National Institute of Standards and Technology
`50SBNB1C6732
`3357B/Y
`G021,J024
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`MITRE
`McLean, Virginia
`
`ii
`
`Compass Bank, et al.
`Exhibit 1005
`Page 4
`
`

`
`ABSTRACT
`
`The National Institute of Standards and Technology (NIST) has tasked The MITRE
`Corporation to study the alternatives for automated management of public keys and of the
`associated public key certificates for the Federal Government. The public keys are
`envisioned to be used for secure electronic commerce. This Public Key Infrastructure (PKI)
`study focuses on the United States Federal Government operations, but also addresses
`national and global issues in order to facilitate the interoperation of protected electronic
`commerce among the various levels of government in the U.S., private citizens, commercial
`organizations, and international organizations.
`
`Under the PKI study, policy and legal issues related to the operation and the management
`of the PKI are identified. Architectural and implementation alternatives for the PKI are
`developed. In addition, a methodology to determine the cost of the PKI is presented. The
`results of the PKI study are documented in this report. With the information and techniques
`presented in this report, federal agencies will be able to determine which infrastructure
`alternative is appropriate to their needs. In addition, agencies may use the costing
`methodology presented in the paper for planning and budgeting purposes.
`
`iii
`
`Compass Bank, et al.
`Exhibit 1005
`Page 5
`
`

`
`Compass Bank, et al.
`Exhibit 1005
`Page 6
`
`Compass Bank, et al.
`Exhibit 1005
`Page 6
`
`

`
`EXECUTIVE SUMMARY
`
`Use of electronic messaging and electronic commerce is becoming more widespread as
`information technology becomes cheaper and telecommunications become more advanced.
`However, increased user interconnectivity and reliance upon electronic communications
`means that more information is being carried electronically so that more information is
`becoming vulnerable to attacks such as eavesdropping, modification, and masquerade.
`Public key cryptography, which includes digital signature technology, can play an integral
`role in countering these attacks by providing end-to-end security of information in terms of
`confidentiality, integrity and proof of origin. The strength of these security services are
`dependent upon the security of the underlying cryptographic keys. Specifically, this requires
`protection of the confidentiality of the private keys and the integrity of the public keys in
`delivery and storage.
`
`In a small community, the integrity of the public keys can be insured by manual delivery
`of the keys. However, manual delivery of keys is infeasible in a national or an international
`electronic messaging and commerce environment where thousands or millions of keys are
`involved. Therefore, in order to facilitate the use of public key cryptography in such an
`environment, automatic key management is necessary. This study addresses the issues
`related to a Public Key Infrastructure (PKI), which will automatically manage public keys
`through the use of public key certificates. Each certificate certifies the association between a
`user's identity and his public key.
`
`The National Institute of Standards and Technology (NIST) has tasked The MITRE
`Corporation to study the alternatives for automated management of public keys and of the
`associated public key certificates in both a national and an international environment. This
`study focuses on the United States Federal Government operations. It also addresses
`national and global issues in order to facilitate the interoperation of protected electronic
`commerce among the various levels of government in the U.S., the states, private citizens,
`commercial organizations, and international organizations.
`
`Under the PKI study, user and technical requirements for the PKI have been developed
`using information obtained through the examination of relevant standards, through
`discussions held among project members, and through interviews with personnel at various
`federal agencies, standards committees, and commercial organizations. The identified
`requirements apply to the infrastructure as a whole as well as to specific components of the
`infrastructure. They include requirements that relate to the generation and distribution of
`keys, to the obtaining of public key certificates and to the distribution of "hot lists" of
`canceled certificates, commonly known as Certificate Revocation Lists (CRLs).
`
`The user and technical requirements form the basis for the architecture and the
`implementation recommendations for the PKI. A number of entities are integral to the
`
`Compass Bank, et al.
`Exhibit 1005
`Page 7
`
`

`
`functioning of the PKI. Some have policy responsibilities; others provide certification
`services; and a few do both. These entities are defined below.
`
`PAA: The PAA is the policy approving authority, which creates the overall
`guidelines for the entire PKI. It may also certify public keys belonging to PCAs.
`
`PCA: The PCA is the policy certification authority. Each PCA establishes policy
`for all certification authorities and users within its domain. It certifies CA public
`keys.
`
`CA: The CA is the certification authority with minimal policy making
`responsibilities. The CAs are expected to certify the public keys of users in a manner
`consistent with the cognizant PCA's and the PAA's policies.
`
`ORA: The ORA is the organizational registration authority. The ORA is an entity
`which acts as an intermediary between a CA and a user. Its sole purpose is to vouch
`for the identity and affiliation of the user and register that user with its CA.
`
`These entities can be organized in either a hierarchical (tree) structure or a non-
`hierarchical (network) structure. In the former, the PAA issues certificates for the PCAs
`while in the latter it approves the PCA policies. Each PCA issues certificates for the CAs
`within its domain. In the non-hierarchical structure, roots of smaller trees must issue
`certificates for each other (cross certification) as circumstances require. As cross
`certifications create uncertainties about and ambiguities between the applicable certification
`policies, the PKI does not follow this alternative.
`
`There are several approaches to how users are associated with PCAs and CAs within the
`PKI. At least three alternatives are possible. The Communities of Interest (COI) approach
`organizes users according to the tasks they perform most frequently. The organizational
`alternative parallels existing organizational hierarchy. The assurance level approach divides
`users according to the level of certification assurance they require. A small number of
`assurance levels, perhaps as few as three or four, may be sufficient.
`
`Any determination of which implementation approach is most appropriate for the
`national PKI must consider the following qualitative attributes: robustness, scalability,
`flexibility and ease of use, trust, interoperation, implementation timeframe, management
`structure, and exposure to liability. These considerations lead to the following
`recommendation for the PKI:
`
`•
`
`PAA, a national body, be created to establish overall PKI policy, to approve
`individual PCA policies, and to act as a root for the national certification
`infrastructure to be created.
`
`Compass Bank, et al.
`Exhibit 1005
`Page 8
`
`

`
`(cid:127) Each federal department implement its own PCA to establish its own policy.
`PCAs be established for sets of independent commissions and independent
`agencies.
`
`(cid:127) Each PCA be certified by the PAA.
`
`(cid:127) CAs be established by offices and bureaus within large federal departments and
`independent agencies, as determined by the PCA. ORAs be placed near
`individual facility security offices, as needed.
`
`Several assurance levels, with associated PCAs and CAs, be established for use
`by private corporations and citizens. ORAs be placed near corporate personnel
`offices, as needed.
`
`(cid:127) Each user caches (stores) all certificates he or she uses most frequently.
`
`The following organizations are recommended for the various levels of the PKI:
`
`PAA. Policy setting be done by a committee consisting of representatives from some
`or all of the following: Defense Information Systems Agency (DISA), Federal
`Reserve Board (FRB), General Accounting Office (GAO), General Services
`Administration (GSA), NIST, National Security Agency (NSA), Office of
`Management and Budget (OMB), United States Postal Service (USPS), and industry
`and trade organizations. The daily operation of the PAA's certification functions can
`be managed by GSA, the FRB or USPS.
`
`PCA. Executive departments or major independent agencies are recommended for
`the management of the PCAs for the Federal Government. USPS, banks, and
`telecommunications service providers are among the qualified organizations for
`facilitating interoperation of the federal infrastructure with the rest of the national
`infrastructure.
`
`CAs. Agencies below the executive department level are recommended for the CA
`management. USPS, banks, and telecommunications service providers are among the
`qualified organizations for facilitating interoperation of the federal infrastructure with
`the rest of the national infrastructure.
`
`ORAs. For the federal agencies, local authorities such as badge-issuing offices or
`security offices are recommended to run ORAs. For the non-federal segment, ORAs
`may be established by private corporations for their own convenience.
`
`Global interoperability is also of interest. There are two principle ways for achieving
`interoperability: (1) the creation of a single global root for certifying various national and
`transitional roots (PAAs); or (2) the cross certification by such roots (PAAs). While the
`
`Compass Bank, et al.
`Exhibit 1005
`Page 9
`
`(cid:127)
`

`
`former alternative may create a neater infrastructure, the politics of international agreement
`and the natural flow of events may make the latter alternative the de facto choice.
`
`The recommended PKI organization follows the lines of the existing Federal
`Government organization. The cost of the various PKI components will probably be divided
`along the same lines. Nonetheless, it is useful to estimate a PKI-wide price tag for
`deployment and for the annual operations budget. This effort requires the development of a
`cost model for the PKI. Such a model should also aid implementors with their planning and
`budgeting activities for their segments of the PKI. The model should include only
`quantitative impacts which can be specifically ascribed to the PKI as well as the cost of the
`additional demands that the PKI will place on the directory service and its supporting
`communications. Costs associated with developing and running an electronic transaction
`environment are specifically excluded. They are deemed prerequisites for the use of digital
`signatures.
`
`It is not possible to estimate the cost of a large computer and communications system
`without some detailed concept of how that system will operate. A concept of operations for
`the PKI consists of thirteen distinct activities. Each of these PKI activities can be divided
`into multiple steps. The resources necessary to accomplish each step must be enumerated.
`These resources fall into four categories: storage, communications, processor and staff. The
`model consists of four modules, one for each of the four PKI entities: PCA, CA, ORA and
`key generator. There are additional modules for the user and for the directory. Within each
`module, costs and frequencies for all needed resources are computed and a total cost is
`derived. From these totals and the numbers of each type of PKI entities included in the
`costing, it is possible to estimate PKI costs. Start-up and the yearly running costs are
`estimated to be about $9.5M and $16.2M, respectively.
`
`Policy makers must consider their legal obligations in establishing a PAA, PCAs and
`CAs. Although there are questions that must be answered, there appears to be no legal
`impediment to delay continued development and ultimate implementation of the PKI. There
`seems to be a consensus that properly supported digital signatures on electronic documents
`can and do meet "signed" and "in writing" laws and regulations. What exceptions exist to
`this principle can be remedied by new legislation or further regulations. Electronically
`executed contracts, especially those that are covered by written trading partner agreements,
`are becoming legally accepted. The electronic filing of certifications, reports and briefs, if
`supported by digital signatures, will be widely used and accepted. These considerations
`point to the recommendation that PKI prototype development and examination of PKI legal
`needs and implications should proceed in parallel.
`
`One important legal consideration is the development of a structure for PKI liability. As
`an agency of the Federal Government, the PKI may be considered to have sovereign
`immunity. That would imply that the PKI and its managers cannot be sued for any losses
`resulting from their actions or from their inaction. While such status may be attractive, it
`undermines the usefulness of the PKI. Without reasonable assurances that potential losses
`due to malfeasance will be recoverable, a typical non-government user will shy away from
`
`Compass Bank, et al.
`Exhibit 1005
`Page 10
`
`

`
`relying on the PKI. (Even many government users will balk at mandated PKI use unless
`some system is in place for fixing blame when the PKI fails in its mission.) Any set of laws
`and regulations must strike a balance between protection of the government from excessive
`claims and blocking users from any chance of reimbursement. The entities of the PKI
`should not be liable if they operate according to their established policies. Furthermore,
`their liability should be limited for losses caused by the entities not following the agreed
`policies and procedures. In addition, legal issues relating to personal privacy concerns must
`also be resolved.
`
`This summary has highlighted some of the issues that must be considered in defining the
`PKI. Based on the recommended infrastructure, work must begin on its implementation.
`The infrastructure should be implemented incrementally to gain practical experience with
`PKI policies, user acceptability, usage statistics, resource requirements, costs and liability
`issues. The practical experience obtained through implementation will help to refine and
`alter the infrastructure design and operation as well as the full scale implementation.
`
`The designers of the PKI should be aware that there are still issues that need resolution.
`They include some concerns that pertain to the PKI itself and others that are external to the
`PKI, in parallel systems with which PKI may have to interface in the future. Examples of
`the latter include user authorizations, user attributes, time and date stamps, interoperation
`with other infrastructures and algorithms, and directory services. PKI issues involve
`archiving, a unique naming system, and confidentiality. This last issue is of utmost
`importance and demands immediate attention. The overall trust that users place on the PKI
`derives, to a considerable extent, from the ready availability of CRLs. Questions of liability
`depend on the way in which the CRLs are handled. Yet, the frequent and extended
`distribution of CRLs creates a great financial drain on the system. CRLs are to be obtained
`from the appropriate directory elements as needed. The problem of liabilities associated
`with the use or non-use of the CRLs should be studied immediately and resolutions found
`quickly.
`
`Compass Bank, et al.
`Exhibit 1005
`Page 11
`
`

`
`Compass Bank, et al.
`Exhibit 1005
`Page 12
`
`Compass Bank, et al.
`Exhibit 1005
`Page 12
`
`

`
`ACKNOWLEDGMENTS
`
`The authors would like to express their gratitude to Carolyn Barnes, Dennis Branstad,
`Shirley Kawamoto, Lynn McNulty, Judith Messing, Cyril Murphy, and Miles Smid for
`participating in discussions regarding the Public Key Infrastructure and/or for reviewing and
`commenting on this paper. We are especially grateful to David Gill and Shari Galitzer for
`their contributions to this project. For his advice and guidance on the legal issues, we are
`indebted to Michael Baum and we acknowledge Peter Weiss's comments and corrections on
`the draft of that section. We are also indebted to the following experts for their peer-review
`comments: Richard Ankney, Fisher International Systems Corp.; James Bidzos, RSA Data
`Security Inc.; Stephen Crocker, Trusted Information Systems; Dorothy Denning,
`Georgetown University; M. Blake Greenlee, M. Blake Greenlee Associates, Ltd.; Stephen
`Kent, BBN Laboratories; Stuart Stubblebine, University of Southern California; and Frank
`Sudia, Bankers Trust. Finally, we must thank all who participated in the interview phase of
`this study and all who challenged and encouraged us at the periodic participating agency
`meetings.
`
`xi
`
`Compass Bank, et al.
`Exhibit 1005
`Page 13
`
`

`
`Compass Bank, et al.
`Exhibit 1005
`Page 14
`
`Compass Bank, et al.
`Exhibit 1005
`Page 14
`
`

`
`TABLE OF CONTENTS
`
`SECTION
`
`1 Introduction
`
`1.1
`1.2
`1.3
`1.4
`1.5
`
`Background
`Purpose
`Scope
`Audience
`Overview of Report
`
`2 Overview
`
`2.1
`
`2.2
`
`Project Methodology
`2.1.1
`Developing Requirements
`2.1.2
`Analyzing Requirements
`2.1.3
`Developing Alternatives
`2.1.4
`Developing operational Concepts
`2.1.5
`Cost Model and Analysis
`Highlights of Key PKI Requirements
`
`3 Architectural Alternatives for the Infrastructure
`
`3.1
`
`3.2
`3.3
`
`Policy Management and Certificate Management
`3.1.1
`The Policy Approval Authority
`3.1.2
`Policy Certification Authority
`3.1.3
`Certification Authorities
`Trees and Cross Certification
`Architecture Alternatives
`3.3.1 Cross Certified CAs
`3.3.2
`Cross Certified PCAs
`3.3.3
`A Root PAA
`
`4 Implementation Alternatives for the Infrastructure
`
`4.1
`
`4.2
`
`Functions Performed by CA Entities
`4.1.1
`PAA Functions
`4.1.2
`PCA Functions
`4.1.3
`CA Functions
`4.1.4
`ORA Functions
`The Implementation Alternatives
`4.2.1
`COI Alternative
`4.2.2
`Organizational Alternative
`
`xiii
`
`PAGE
`
`1-1
`
`1-1
`1-2
`1-3
`1-3
`1-4
`
`2-1
`
`2-3
`2-3
`2-3
`2-3
`2-4
`2-4
`2-4
`
`3-1
`
`3-1
`3-1
`3-1
`3-2
`3-2
`3-6
`3-6
`3-6
`3-7
`
`4-1
`
`4-1
`4-1
`4-2
`4-3
`4-4
`4-5
`4-6
`4-7
`
`Compass Bank, et al.
`Exhibit 1005
`Page 15
`
`

`
`SECTION
`
`PAGE
`
`4.3
`
`Assurance Level Alternative
`4.2.3
`Hybrid Alternative
`4.2.4
`Recommendation
`4.3.1
`Comparison of Implementation Alternatives
`4.3.2
`The Recommended Federal Government Alternative
`4.3.3
`Beyond the Federal Government
`4.4 Management of the Recommended Infrastructure
`4.4.1 Management of the PAA
`4.4.2 Management of the PCAs
`4.4.3 Management of the CAs
`4.4.4 Management of the ORAs
`4.4.5
`Summary of Recommended Organizations for the Infrastructure
`Management
`Towards Global Interoperability
`4.5.1
`Cross Certification with All Roots
`4.5.2
`One Global Root
`
`4.5
`
`5 Operational Concepts
`
`5.1
`5.2
`
`Introduction
`PKI Activities
`5.2.1
`Key Generation, Certifying, and Distributing Keys
`5.2.2
`Signature and Verification
`5.2.3
`Obtaining Certificates
`5.2.4
`Verifying Certificates
`5.2.5
`Caching Certificates
`5.2.6
`Obtaining Certificates from a Cache
`5.2.7
`Reporting Key Compromise or Severed Relations
`5.2.8
`Recovering from a Key Compromise
`5.2.9
`Obtaining CRLs
`5.2.10 Rekeying and Recertifying
`5.2.11 Auditing
`5.2.12 Archiving
`
`6 Infrastructure Cost Analysis Results
`
`6.1
`
`6.2
`6.3
`
`Operational Concept Used in Cost Model
`6.1.1 User Activities
`6.1.2 PKI Activities
`6.1.3 Directory Activities
`Scenarios
`Results
`
`xiv
`
`4-8
`4-9
`4-10
`4-10
`4-17
`4-18
`4-19
`4-19
`4-20
`4-20
`4-20
`
`4-20
`4-21
`4-21
`4-22
`
`5-1
`
`5-1
`5-1
`5-1
`5-2
`5-3
`5-3
`5-4
`5-4
`5-4
`5-5
`5-6
`5-6
`5-7
`5-7
`
`6-1
`
`6-1
`6-1
`6-2
`6-3
`6-3
`6-3
`
`Compass Bank, et al.
`Exhibit 1005
`Page 16
`
`

`
`SECTION
`
`6.4
`
`Analysis
`6.4.1
`6.4.2
`6.4.3
`
`Analysis of Start-up Costs
`Analysis of Yearly Running Costs
`Analysis of Cost per Message and Cost per User
`
`7 Related Issues 7-1
`
`7.1
`7.2
`7.3
`7.4
`7.5
`
`Authorizations and Attributes
`Time and Date Stamps
`Archiving
`Confidentiality
`The Next Steps
`7.5.1
`General Planning
`7.5.2
`Cryptography Awareness
`7.5.3
`Beyond the Executive Branch
`7.5.4
`Forge Ahead
`7.5.5
`Develop Multidisciplinary Development Group
`7.5.6
`Liability
`
`Appendix A:
`
`Terms and Definitions
`
`Appendix B:
`
`Digital Signature Standard
`
`Appendix C:
`
`Applications of Digital Signatures
`
`Appendix D:
`
`Summary of PKI Requirements
`
`Appendix E:
`
`Applicable Standards and Analysis
`
`Appendix F:
`
`Certificate Formats
`
`Appendix G:
`
`Certificate Revocation List Format
`
`Appendix H:
`
`Sample Elements of PCA Security Policy
`
`Appendix I:
`
`PKI Cost Analysis
`
`Appendix J:
`
`Legal Issues
`
`xv
`
`PAGE
`
`6-5
`6-5
`6-7
`6-10
`
`7-1
`7-2
`7-2
`7-3
`7-3
`7-4
`7-8
`7-8
`7-8
`7-9
`7-10
`
`A-1
`
`B-1
`
`C-1
`
`D-1
`
`E-1
`
`F-1
`
`G-1
`
`H-1
`
`I-1
`
`J-1
`
`Compass Bank, et al.
`Exhibit 1005
`Page 17
`
`

`
`Compass Bank, et al.
`Exhibit 1005
`Page 18
`
`Compass Bank, et al.
`Exhibit 1005
`Page 18
`
`

`
`LIST OF FIGURES
`
`FIGURE
`
`2-1 Typical Digital Signature Scheme
`
`3-1 Users with a Common CA
`
`3-2 Users with Different Cross Certified CAs
`
`3-3 Users with Different CAs under a Single PCA
`
`3-4 Users with Different Cross Certified PCAs
`
`3-5 Users with Different PCAs under a PAA
`
`4-1 Communities of Interest Alternative
`
`4-2 Organizational Alternative
`
`4-3 Assurance Level Alternative
`
`4-4 Sample Hybrid of Certificate Management Infrastructure
`
`4-5 Example of COI Alternative
`
`4-6 Example of Organizational Alternative
`
`4-7 Recommended National Certificate Management Organization
`
`4-8 Interoperability through One Global Root
`
`7-1 First Phase of Public Key Infrastructure
`
`B-1 The DSS Signature Process
`
`B-2 The DSS Signature Verification Process
`
`E-1 PEM Key Management Infrastructure
`
`F-1 Proposed 1992 CCITT X.509 Certificate Format
`
`F-2 1988 CCITT X.509 and PEM Certificate Format
`
`G-1 PEM CRL Format
`
`xvii
`
`PAGE
`
`2-2
`
`3-2
`
`3-3
`
`3-4
`
`3-5
`
`3-5
`
`4-7
`
`4-8
`
`4-9
`
`4-10
`
`4-11
`
`4-12
`
`4-18
`
`4-23
`
`7-5
`
`B-2
`
`B-3
`
`E-3
`
`F-2
`
`F-4
`
`G-2
`
`Compass Bank, et al.
`Exhibit 1005
`Page 19
`
`

`
`FIGURE
`
`G-2 CCITT X.509 CRL Format
`
`G-3 ANSI X9.30 CRL Format
`
`G-4 Recommended PKI CRL Format
`
`I-1 Entity Spreadsheet Layout
`
`PAGE
`
`G-3
`
`G-4
`
`G-5
`
`I-26
`
`xviii
`
`Compass Bank, et al.
`Exhibit 1005
`Page 20
`
`

`
`LIST OF TABLES
`
`TABLE
`
`4-1 Summary of Policy-Setting Body and Users for Each Alternative
`
`4-2 Infrastructure Management
`
`6-1 Total Start-Up Cost Estimates
`
`6-2 Total Yearly Cost Estimates
`
`6-3 Start-up Costs
`
`6-4 Yearly Costs
`
`6-4 PKI Yearly Costs (Concluded)
`
`6-5 Cost per Message and Yearly Cost per User
`
`I-1 Combined Translation Table
`
`PAGE
`
`4-5
`
`4-20
`
`6-4
`
`6-5
`
`6-6
`
`6-8
`
`6-9
`
`6-12
`
`I-30
`
`xix
`
`Compass Bank, et al.
`Exhibit 1005
`Page 21
`
`

`
`SECTION 1
`
`INTRODUCTION
`
`1.1 BACKGROUND
`
`As information technology becomes cheaper and proliferates further in both office and
`home environments, use of electronic messaging and electronic commerce is becoming
`widespread. The transaction of business electronically is further spurred by the National
`Information Infrastructure (NII) and by the Defense Information Infrastructure (DII)
`initiatives. Advances by telecommunications service providers and by the cable industry in
`establishing a national information highway also play a major role in the growth of
`electronic commerce. Together, the information technology revolution and the
`communications infrastructure initiatives are changing the way we do business. They are
`bringing about a new interconnection of individuals and organizations both nationwide and
`worldwide. But this interconnectivity and reliance on electronic communications makes the
`information being carried more vulnerable to attacks – attacks to information confidentiality
`in the form of eavesdropping, to data integrity through message modification or substitution,
`to origin integrity by an impostor's submission of messages in another user's name, and to
`message dependability destroyed by the possible future repudiation of the message by its
`sender.
`
`Public key cryptography can play an integral role in providing end-to-end security of
`information in terms of confidentiality, integrity, and proof-of-origin. This cryptography is
`based on asymmetric keys. Each user has two keys: one is called the public key and may be
`available to everyone, the other is called the private key and is known only to its owner.
`When two typical users, call them Alice and Bob, communicate, they can use their public
`key capability to keep their messages confidential. If Bob wishes to hide the contents of a
`message to Alice, he encrypts it using Alice's public key. Encryption, however, is not
`germane to this study. If Bob wishes to sign a document, he must use a key available only to
`him that is, his private key. When Alice receives a digitally signed message from Bob, she
`must verify his signature. She needs his public key for this verification. She should have
`high confidence in the integrity of that key. If she can be tricked into accepting an
`impostor's public key as Bob's, then she will accept the impostor's signature on documents as
`Bob's also. Digital signature technology offers some of the desired information security
`services, namely sender authentication, message integrity and sender non-repudiation,
`provided that private keys are kept secret and the integrity of public keys is preserved.
`
`In a small community, the integrity of keys can be guaranteed by the manual delivery of
`public keys. This is impossible in national or international electronic messaging and
`commerce environments. Anyone, anywhere, may send a message to anyone, anywhere.
`There is no way to exchange thousands or millions of keys manually and their storage is also
`difficult. This study addresses the management of public keys which will facilitate digital
`signatures for the worldwide electronic transactions of the Federal Government. It is
`
`1-1
`
`Compass Bank, et al.
`Exhibit 1005
`Page 22
`
`

`
`assumed that readers of this report are familiar with public key cryptography in general and
`with the Digital Signature Standard (DSS) in particular. For those who are not, appendix B
`contains a brief description of the standard.
`
`1.2 PURPOSE
`
`The following agencies in the United States Federal Government wish to explore the role
`of digital signatures in electronic commerce within in the Federal Government: Advanced
`Research Project Agency (ARPA), Department of State, Federal Bureau of Investigation
`(FBI), General Services Administration (GSA), Internal Revenue Service (IRS), National
`Aeronautics and Space Administration (NASA), National Security Agency (NSA), and
`United States Postal Service (USPS). These agencies have asked the (NIST) to study the
`technical, policy, and legal issues associated with establishing an automated system to
`manage keys electronically and distribute public keys and associated public key certificates.
`
`NIST has tasked The MITRE Corporation to study the alternatives for automated
`management of public keys in a national and international environment. The focus of the
`study is the Federal Government operations. However, the study also needs to address the
`issues on a global basis, since the Federal Government conducts business with both national
`and international entities (governments at various levels, private citizens and business, and
`other organizations).
`
`The automated management of public keys is henceforth termed the Public Key
`Infrastructure (PKI). The purpose of PKI is fourfold:
`
`1.
`
`2.
`
`3.
`
`4.
`
`Generate public key certificates that bind the identity of users and their public keys
`in a secure manner
`
`Provide users, directly or indirectly, with easy access to the certificates of other
`users
`
`Provide users with easy access to circumstances (security policy) under which the
`certificates were issued.
`
`Provide users, directly or indirectly, timely announcements of certificate
`revocations.
`
`The purpose of this study is fourfold:
`
`1.
`
`2.
`
`Identify policy and legal issues in the use of digital signatures in the Federal
`Government operations
`
`Identify policy, technical, and legal issues related to the operation and the
`management of the PKI
`
`1-1
`
`Compass Bank, et al.
`Exhibit 1005
`Page 23
`
`

`
`3.
`
`4.
`
`Develop PKI alternatives for federal agencies and techniques for selecting

This document is available on Docket Alarm but you must sign up to view it.


Or .

Accessing this document will incur an additional charge of $.

After purchase, you can access this document again without charge.

Accept $ Charge
throbber

Still Working On It

This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.

Give it another minute or two to complete, and then try the refresh button.

throbber

A few More Minutes ... Still Working

It can take up to 5 minutes for us to download a document if the court servers are running slowly.

Thank you for your continued patience.

This document could not be displayed.

We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

Set your membership status to view this document.

With a Docket Alarm membership, you'll get a whole lot more, including:

  • Up-to-date information for this case.
  • Email alerts whenever there is an update.
  • Full text search for other cases.
  • Get email alerts whenever a new case matches your search.

Become a Member

One Moment Please

The filing “” is large (MB) and is being downloaded.

Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.

Your document is on its way!

If you do not receive the document in five minutes, contact support at support@docketalarm.com.

Sealed Document

We are unable to display this document, it may be under a court ordered seal.

If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.


Access Government Site

We are redirecting you
to a mobile optimized page.





Document Unreadable or Corrupt

Refresh this Document
Go to the Docket

We are unable to display this document.

Refresh this Document
Go to the Docket