`
`Final Report
`
`April, 1994
`
`National Institute of Standards and Technology
`Gaithersburg, MD
`
`i
`
`Compass Bank, et al.
`Exhibit 1005
`Page 1
`
`
`
`Form SF298 Citation Data
`
`Report Date
`("DD MON YYYY")
`01041994
`
`Title and Subtitle
`Public Key Infrastructure Study
`
`Authors
`
`Report Type
`N/A
`
`Dates Covered (from... to)
`("DD MON YYYY")
`
`Contract or Grant Number
`
`Program Element Number
`
`Project Number
`
`Task Number
`
`Work Unit Number
`
`Performing Organization Name(s) and Address(es)
`National Institute of Standards and Technology Gaithersburg,
`MD
`
`Performing Organization
`Number(s)
`
`Sponsoring/Monitoring Agency Name(s) and Address(es)
`
`Monitoring Agency Acronym
`
`Monitoring Agency Report
`Number(s)
`
`Distribution/Availability Statement
`Approved for public release, distribution unlimited
`
`Supplementary Notes
`
`Abstract
`
`Subject Terms
`"IATAC COLLECTION"
`
`Document Classification
`unclassified
`
`Classification of Abstract
`unclassified
`
`Number of Pages
`192
`
`Classification of SF298
`unclassified
`
`Limitation of Abstract
`unlimited
`
`Compass Bank, et al.
`Exhibit 1005
`Page 2
`
`
`
`REPORT DOCUMENTATION PAGE
`
`Form Approved
`OMB No. 074-0188
`Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and
`maintaining the data needed, and completing and reviewing this collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information,
`including suggestions for reducing this burden to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA
`22202-4302, and to the Office of Management and Budget, Paperwork Reduction Project (0704-0188), Washington, DC 20503
`1. AGENCY USE ONLY (Leave blank)
`2. REPORT DATE
`3. REPORT TYPE AND DATES COVERED
`4/1/94
`Report
`
`4. TITLE AND SUBTITLE
`Public Key Infrastructure (Final Report)
`
`5. FUNDING NUMBERS
`
`6. AUTHOR(S)
`Shimshon Berkovits, Santosh Chokhani, Judith Furlong, Jisoo
`Geiter, Jonathan Guild
`
`7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES)
`
`IATAC
`Information Assurance Technology Analysis
`Center
`3190 Fairview Park Drive
`Falls Church VA 22042
`9. SPONSORING / MONITORING AGENCY NAME(S) AND ADDRESS(ES)
`
`8. PERFORMING ORGANIZATION
` REPORT NUMBER
`
`10. SPONSORING / MONITORING
` AGENCY REPORT NUMBER
`
`Defense Technical Information Center
`DTIC-IA
`8725 John J. Kingman Rd, Suite 944
`Ft. Belvoir, VA 22060
`11. SUPPLEMENTARY NOTES
`
`12a. DISTRIBUTION / AVAILABILITY STATEMENT
`
`12b. DISTRIBUTION CODE
`
` A
`
`13. ABSTRACT (Maximum 200 Words)
`The National Institute of Standards and Technology (NIST) has tasked The MITRECorporation
`to study the alternatives for automated management of public keys and of theassociated
`public key certificates for the Federal Government. The public keys areenvisioned to be
`used for secure electronic commerce. This Public Key Infrastructure (PKI)study focuses on
`the United States Federal Government operations, but also addresses national and global
`issues in order to facilitate the interoperation of protected electronic commerce among
`the various levels of government in the U.S., private citizens, commercial organizations,
`and international organizations. Under the PKI study, policy and legal issues related to
`the operation and the management of the PKI are identified. Architectural and
`implementation alternatives for the PKI are developed. In addition, a methodology to
`determine the cost of the PKI is presented. The results of the PKI study are documented in
`this report. With the information and techniques presented in this report, federal
`agencies will be able to determine which infrastructure alternative is appropriate to
`their needs. In addition, agencies may use the costing methodology presented in the paper
`for planning and budgeting purposes
`14. SUBJECT TERMS
`PKI
`
`15. NUMBER OF PAGES
`
`16. PRICE CODE
`
`17. SECURITY CLASSIFICATION
` OF REPORT
`Unclassified
`
`18. SECURITY CLASSIFICATION
` OF THIS PAGE
`UNCLASSIFIED
`
`19. SECURITY CLASSIFICATION
` OF ABSTRACT
`UNCLASSIFIED
`
`20. LIMITATION OF ABSTRACT
`
`None
`
`Compass Bank, et al.
`Exhibit 1005
`Page 3
`
`
`
` __________________________
`Public Key Infrastructure Study
`Final Report
`
`MTR xxxxx
`
`Dr. Shimshon Berkovits
`Dr. Santosh Chokhani
`Judith A. Furlong
`Jisoo A. Geiter
`Jonathan C. Guild
`
`CONTRACT SPONSOR:
`CONTRACT NO.:
`PROJECT NO.:
`DEPT.:
`
`National Institute of Standards and Technology
`50SBNB1C6732
`3357B/Y
`G021,J024
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`MITRE
`McLean, Virginia
`
`ii
`
`Compass Bank, et al.
`Exhibit 1005
`Page 4
`
`
`
`ABSTRACT
`
`The National Institute of Standards and Technology (NIST) has tasked The MITRE
`Corporation to study the alternatives for automated management of public keys and of the
`associated public key certificates for the Federal Government. The public keys are
`envisioned to be used for secure electronic commerce. This Public Key Infrastructure (PKI)
`study focuses on the United States Federal Government operations, but also addresses
`national and global issues in order to facilitate the interoperation of protected electronic
`commerce among the various levels of government in the U.S., private citizens, commercial
`organizations, and international organizations.
`
`Under the PKI study, policy and legal issues related to the operation and the management
`of the PKI are identified. Architectural and implementation alternatives for the PKI are
`developed. In addition, a methodology to determine the cost of the PKI is presented. The
`results of the PKI study are documented in this report. With the information and techniques
`presented in this report, federal agencies will be able to determine which infrastructure
`alternative is appropriate to their needs. In addition, agencies may use the costing
`methodology presented in the paper for planning and budgeting purposes.
`
`iii
`
`Compass Bank, et al.
`Exhibit 1005
`Page 5
`
`
`
`Compass Bank, et al.
`Exhibit 1005
`Page 6
`
`Compass Bank, et al.
`Exhibit 1005
`Page 6
`
`
`
`EXECUTIVE SUMMARY
`
`Use of electronic messaging and electronic commerce is becoming more widespread as
`information technology becomes cheaper and telecommunications become more advanced.
`However, increased user interconnectivity and reliance upon electronic communications
`means that more information is being carried electronically so that more information is
`becoming vulnerable to attacks such as eavesdropping, modification, and masquerade.
`Public key cryptography, which includes digital signature technology, can play an integral
`role in countering these attacks by providing end-to-end security of information in terms of
`confidentiality, integrity and proof of origin. The strength of these security services are
`dependent upon the security of the underlying cryptographic keys. Specifically, this requires
`protection of the confidentiality of the private keys and the integrity of the public keys in
`delivery and storage.
`
`In a small community, the integrity of the public keys can be insured by manual delivery
`of the keys. However, manual delivery of keys is infeasible in a national or an international
`electronic messaging and commerce environment where thousands or millions of keys are
`involved. Therefore, in order to facilitate the use of public key cryptography in such an
`environment, automatic key management is necessary. This study addresses the issues
`related to a Public Key Infrastructure (PKI), which will automatically manage public keys
`through the use of public key certificates. Each certificate certifies the association between a
`user's identity and his public key.
`
`The National Institute of Standards and Technology (NIST) has tasked The MITRE
`Corporation to study the alternatives for automated management of public keys and of the
`associated public key certificates in both a national and an international environment. This
`study focuses on the United States Federal Government operations. It also addresses
`national and global issues in order to facilitate the interoperation of protected electronic
`commerce among the various levels of government in the U.S., the states, private citizens,
`commercial organizations, and international organizations.
`
`Under the PKI study, user and technical requirements for the PKI have been developed
`using information obtained through the examination of relevant standards, through
`discussions held among project members, and through interviews with personnel at various
`federal agencies, standards committees, and commercial organizations. The identified
`requirements apply to the infrastructure as a whole as well as to specific components of the
`infrastructure. They include requirements that relate to the generation and distribution of
`keys, to the obtaining of public key certificates and to the distribution of "hot lists" of
`canceled certificates, commonly known as Certificate Revocation Lists (CRLs).
`
`The user and technical requirements form the basis for the architecture and the
`implementation recommendations for the PKI. A number of entities are integral to the
`
`Compass Bank, et al.
`Exhibit 1005
`Page 7
`
`
`
`functioning of the PKI. Some have policy responsibilities; others provide certification
`services; and a few do both. These entities are defined below.
`
`PAA: The PAA is the policy approving authority, which creates the overall
`guidelines for the entire PKI. It may also certify public keys belonging to PCAs.
`
`PCA: The PCA is the policy certification authority. Each PCA establishes policy
`for all certification authorities and users within its domain. It certifies CA public
`keys.
`
`CA: The CA is the certification authority with minimal policy making
`responsibilities. The CAs are expected to certify the public keys of users in a manner
`consistent with the cognizant PCA's and the PAA's policies.
`
`ORA: The ORA is the organizational registration authority. The ORA is an entity
`which acts as an intermediary between a CA and a user. Its sole purpose is to vouch
`for the identity and affiliation of the user and register that user with its CA.
`
`These entities can be organized in either a hierarchical (tree) structure or a non-
`hierarchical (network) structure. In the former, the PAA issues certificates for the PCAs
`while in the latter it approves the PCA policies. Each PCA issues certificates for the CAs
`within its domain. In the non-hierarchical structure, roots of smaller trees must issue
`certificates for each other (cross certification) as circumstances require. As cross
`certifications create uncertainties about and ambiguities between the applicable certification
`policies, the PKI does not follow this alternative.
`
`There are several approaches to how users are associated with PCAs and CAs within the
`PKI. At least three alternatives are possible. The Communities of Interest (COI) approach
`organizes users according to the tasks they perform most frequently. The organizational
`alternative parallels existing organizational hierarchy. The assurance level approach divides
`users according to the level of certification assurance they require. A small number of
`assurance levels, perhaps as few as three or four, may be sufficient.
`
`Any determination of which implementation approach is most appropriate for the
`national PKI must consider the following qualitative attributes: robustness, scalability,
`flexibility and ease of use, trust, interoperation, implementation timeframe, management
`structure, and exposure to liability. These considerations lead to the following
`recommendation for the PKI:
`
`•
`
`PAA, a national body, be created to establish overall PKI policy, to approve
`individual PCA policies, and to act as a root for the national certification
`infrastructure to be created.
`
`Compass Bank, et al.
`Exhibit 1005
`Page 8
`
`
`
`(cid:127) Each federal department implement its own PCA to establish its own policy.
`PCAs be established for sets of independent commissions and independent
`agencies.
`
`(cid:127) Each PCA be certified by the PAA.
`
`(cid:127) CAs be established by offices and bureaus within large federal departments and
`independent agencies, as determined by the PCA. ORAs be placed near
`individual facility security offices, as needed.
`
`Several assurance levels, with associated PCAs and CAs, be established for use
`by private corporations and citizens. ORAs be placed near corporate personnel
`offices, as needed.
`
`(cid:127) Each user caches (stores) all certificates he or she uses most frequently.
`
`The following organizations are recommended for the various levels of the PKI:
`
`PAA. Policy setting be done by a committee consisting of representatives from some
`or all of the following: Defense Information Systems Agency (DISA), Federal
`Reserve Board (FRB), General Accounting Office (GAO), General Services
`Administration (GSA), NIST, National Security Agency (NSA), Office of
`Management and Budget (OMB), United States Postal Service (USPS), and industry
`and trade organizations. The daily operation of the PAA's certification functions can
`be managed by GSA, the FRB or USPS.
`
`PCA. Executive departments or major independent agencies are recommended for
`the management of the PCAs for the Federal Government. USPS, banks, and
`telecommunications service providers are among the qualified organizations for
`facilitating interoperation of the federal infrastructure with the rest of the national
`infrastructure.
`
`CAs. Agencies below the executive department level are recommended for the CA
`management. USPS, banks, and telecommunications service providers are among the
`qualified organizations for facilitating interoperation of the federal infrastructure with
`the rest of the national infrastructure.
`
`ORAs. For the federal agencies, local authorities such as badge-issuing offices or
`security offices are recommended to run ORAs. For the non-federal segment, ORAs
`may be established by private corporations for their own convenience.
`
`Global interoperability is also of interest. There are two principle ways for achieving
`interoperability: (1) the creation of a single global root for certifying various national and
`transitional roots (PAAs); or (2) the cross certification by such roots (PAAs). While the
`
`Compass Bank, et al.
`Exhibit 1005
`Page 9
`
`(cid:127)
`
`
`former alternative may create a neater infrastructure, the politics of international agreement
`and the natural flow of events may make the latter alternative the de facto choice.
`
`The recommended PKI organization follows the lines of the existing Federal
`Government organization. The cost of the various PKI components will probably be divided
`along the same lines. Nonetheless, it is useful to estimate a PKI-wide price tag for
`deployment and for the annual operations budget. This effort requires the development of a
`cost model for the PKI. Such a model should also aid implementors with their planning and
`budgeting activities for their segments of the PKI. The model should include only
`quantitative impacts which can be specifically ascribed to the PKI as well as the cost of the
`additional demands that the PKI will place on the directory service and its supporting
`communications. Costs associated with developing and running an electronic transaction
`environment are specifically excluded. They are deemed prerequisites for the use of digital
`signatures.
`
`It is not possible to estimate the cost of a large computer and communications system
`without some detailed concept of how that system will operate. A concept of operations for
`the PKI consists of thirteen distinct activities. Each of these PKI activities can be divided
`into multiple steps. The resources necessary to accomplish each step must be enumerated.
`These resources fall into four categories: storage, communications, processor and staff. The
`model consists of four modules, one for each of the four PKI entities: PCA, CA, ORA and
`key generator. There are additional modules for the user and for the directory. Within each
`module, costs and frequencies for all needed resources are computed and a total cost is
`derived. From these totals and the numbers of each type of PKI entities included in the
`costing, it is possible to estimate PKI costs. Start-up and the yearly running costs are
`estimated to be about $9.5M and $16.2M, respectively.
`
`Policy makers must consider their legal obligations in establishing a PAA, PCAs and
`CAs. Although there are questions that must be answered, there appears to be no legal
`impediment to delay continued development and ultimate implementation of the PKI. There
`seems to be a consensus that properly supported digital signatures on electronic documents
`can and do meet "signed" and "in writing" laws and regulations. What exceptions exist to
`this principle can be remedied by new legislation or further regulations. Electronically
`executed contracts, especially those that are covered by written trading partner agreements,
`are becoming legally accepted. The electronic filing of certifications, reports and briefs, if
`supported by digital signatures, will be widely used and accepted. These considerations
`point to the recommendation that PKI prototype development and examination of PKI legal
`needs and implications should proceed in parallel.
`
`One important legal consideration is the development of a structure for PKI liability. As
`an agency of the Federal Government, the PKI may be considered to have sovereign
`immunity. That would imply that the PKI and its managers cannot be sued for any losses
`resulting from their actions or from their inaction. While such status may be attractive, it
`undermines the usefulness of the PKI. Without reasonable assurances that potential losses
`due to malfeasance will be recoverable, a typical non-government user will shy away from
`
`Compass Bank, et al.
`Exhibit 1005
`Page 10
`
`
`
`relying on the PKI. (Even many government users will balk at mandated PKI use unless
`some system is in place for fixing blame when the PKI fails in its mission.) Any set of laws
`and regulations must strike a balance between protection of the government from excessive
`claims and blocking users from any chance of reimbursement. The entities of the PKI
`should not be liable if they operate according to their established policies. Furthermore,
`their liability should be limited for losses caused by the entities not following the agreed
`policies and procedures. In addition, legal issues relating to personal privacy concerns must
`also be resolved.
`
`This summary has highlighted some of the issues that must be considered in defining the
`PKI. Based on the recommended infrastructure, work must begin on its implementation.
`The infrastructure should be implemented incrementally to gain practical experience with
`PKI policies, user acceptability, usage statistics, resource requirements, costs and liability
`issues. The practical experience obtained through implementation will help to refine and
`alter the infrastructure design and operation as well as the full scale implementation.
`
`The designers of the PKI should be aware that there are still issues that need resolution.
`They include some concerns that pertain to the PKI itself and others that are external to the
`PKI, in parallel systems with which PKI may have to interface in the future. Examples of
`the latter include user authorizations, user attributes, time and date stamps, interoperation
`with other infrastructures and algorithms, and directory services. PKI issues involve
`archiving, a unique naming system, and confidentiality. This last issue is of utmost
`importance and demands immediate attention. The overall trust that users place on the PKI
`derives, to a considerable extent, from the ready availability of CRLs. Questions of liability
`depend on the way in which the CRLs are handled. Yet, the frequent and extended
`distribution of CRLs creates a great financial drain on the system. CRLs are to be obtained
`from the appropriate directory elements as needed. The problem of liabilities associated
`with the use or non-use of the CRLs should be studied immediately and resolutions found
`quickly.
`
`Compass Bank, et al.
`Exhibit 1005
`Page 11
`
`
`
`Compass Bank, et al.
`Exhibit 1005
`Page 12
`
`Compass Bank, et al.
`Exhibit 1005
`Page 12
`
`
`
`ACKNOWLEDGMENTS
`
`The authors would like to express their gratitude to Carolyn Barnes, Dennis Branstad,
`Shirley Kawamoto, Lynn McNulty, Judith Messing, Cyril Murphy, and Miles Smid for
`participating in discussions regarding the Public Key Infrastructure and/or for reviewing and
`commenting on this paper. We are especially grateful to David Gill and Shari Galitzer for
`their contributions to this project. For his advice and guidance on the legal issues, we are
`indebted to Michael Baum and we acknowledge Peter Weiss's comments and corrections on
`the draft of that section. We are also indebted to the following experts for their peer-review
`comments: Richard Ankney, Fisher International Systems Corp.; James Bidzos, RSA Data
`Security Inc.; Stephen Crocker, Trusted Information Systems; Dorothy Denning,
`Georgetown University; M. Blake Greenlee, M. Blake Greenlee Associates, Ltd.; Stephen
`Kent, BBN Laboratories; Stuart Stubblebine, University of Southern California; and Frank
`Sudia, Bankers Trust. Finally, we must thank all who participated in the interview phase of
`this study and all who challenged and encouraged us at the periodic participating agency
`meetings.
`
`xi
`
`Compass Bank, et al.
`Exhibit 1005
`Page 13
`
`
`
`Compass Bank, et al.
`Exhibit 1005
`Page 14
`
`Compass Bank, et al.
`Exhibit 1005
`Page 14
`
`
`
`TABLE OF CONTENTS
`
`SECTION
`
`1 Introduction
`
`1.1
`1.2
`1.3
`1.4
`1.5
`
`Background
`Purpose
`Scope
`Audience
`Overview of Report
`
`2 Overview
`
`2.1
`
`2.2
`
`Project Methodology
`2.1.1
`Developing Requirements
`2.1.2
`Analyzing Requirements
`2.1.3
`Developing Alternatives
`2.1.4
`Developing operational Concepts
`2.1.5
`Cost Model and Analysis
`Highlights of Key PKI Requirements
`
`3 Architectural Alternatives for the Infrastructure
`
`3.1
`
`3.2
`3.3
`
`Policy Management and Certificate Management
`3.1.1
`The Policy Approval Authority
`3.1.2
`Policy Certification Authority
`3.1.3
`Certification Authorities
`Trees and Cross Certification
`Architecture Alternatives
`3.3.1 Cross Certified CAs
`3.3.2
`Cross Certified PCAs
`3.3.3
`A Root PAA
`
`4 Implementation Alternatives for the Infrastructure
`
`4.1
`
`4.2
`
`Functions Performed by CA Entities
`4.1.1
`PAA Functions
`4.1.2
`PCA Functions
`4.1.3
`CA Functions
`4.1.4
`ORA Functions
`The Implementation Alternatives
`4.2.1
`COI Alternative
`4.2.2
`Organizational Alternative
`
`xiii
`
`PAGE
`
`1-1
`
`1-1
`1-2
`1-3
`1-3
`1-4
`
`2-1
`
`2-3
`2-3
`2-3
`2-3
`2-4
`2-4
`2-4
`
`3-1
`
`3-1
`3-1
`3-1
`3-2
`3-2
`3-6
`3-6
`3-6
`3-7
`
`4-1
`
`4-1
`4-1
`4-2
`4-3
`4-4
`4-5
`4-6
`4-7
`
`Compass Bank, et al.
`Exhibit 1005
`Page 15
`
`
`
`SECTION
`
`PAGE
`
`4.3
`
`Assurance Level Alternative
`4.2.3
`Hybrid Alternative
`4.2.4
`Recommendation
`4.3.1
`Comparison of Implementation Alternatives
`4.3.2
`The Recommended Federal Government Alternative
`4.3.3
`Beyond the Federal Government
`4.4 Management of the Recommended Infrastructure
`4.4.1 Management of the PAA
`4.4.2 Management of the PCAs
`4.4.3 Management of the CAs
`4.4.4 Management of the ORAs
`4.4.5
`Summary of Recommended Organizations for the Infrastructure
`Management
`Towards Global Interoperability
`4.5.1
`Cross Certification with All Roots
`4.5.2
`One Global Root
`
`4.5
`
`5 Operational Concepts
`
`5.1
`5.2
`
`Introduction
`PKI Activities
`5.2.1
`Key Generation, Certifying, and Distributing Keys
`5.2.2
`Signature and Verification
`5.2.3
`Obtaining Certificates
`5.2.4
`Verifying Certificates
`5.2.5
`Caching Certificates
`5.2.6
`Obtaining Certificates from a Cache
`5.2.7
`Reporting Key Compromise or Severed Relations
`5.2.8
`Recovering from a Key Compromise
`5.2.9
`Obtaining CRLs
`5.2.10 Rekeying and Recertifying
`5.2.11 Auditing
`5.2.12 Archiving
`
`6 Infrastructure Cost Analysis Results
`
`6.1
`
`6.2
`6.3
`
`Operational Concept Used in Cost Model
`6.1.1 User Activities
`6.1.2 PKI Activities
`6.1.3 Directory Activities
`Scenarios
`Results
`
`xiv
`
`4-8
`4-9
`4-10
`4-10
`4-17
`4-18
`4-19
`4-19
`4-20
`4-20
`4-20
`
`4-20
`4-21
`4-21
`4-22
`
`5-1
`
`5-1
`5-1
`5-1
`5-2
`5-3
`5-3
`5-4
`5-4
`5-4
`5-5
`5-6
`5-6
`5-7
`5-7
`
`6-1
`
`6-1
`6-1
`6-2
`6-3
`6-3
`6-3
`
`Compass Bank, et al.
`Exhibit 1005
`Page 16
`
`
`
`SECTION
`
`6.4
`
`Analysis
`6.4.1
`6.4.2
`6.4.3
`
`Analysis of Start-up Costs
`Analysis of Yearly Running Costs
`Analysis of Cost per Message and Cost per User
`
`7 Related Issues 7-1
`
`7.1
`7.2
`7.3
`7.4
`7.5
`
`Authorizations and Attributes
`Time and Date Stamps
`Archiving
`Confidentiality
`The Next Steps
`7.5.1
`General Planning
`7.5.2
`Cryptography Awareness
`7.5.3
`Beyond the Executive Branch
`7.5.4
`Forge Ahead
`7.5.5
`Develop Multidisciplinary Development Group
`7.5.6
`Liability
`
`Appendix A:
`
`Terms and Definitions
`
`Appendix B:
`
`Digital Signature Standard
`
`Appendix C:
`
`Applications of Digital Signatures
`
`Appendix D:
`
`Summary of PKI Requirements
`
`Appendix E:
`
`Applicable Standards and Analysis
`
`Appendix F:
`
`Certificate Formats
`
`Appendix G:
`
`Certificate Revocation List Format
`
`Appendix H:
`
`Sample Elements of PCA Security Policy
`
`Appendix I:
`
`PKI Cost Analysis
`
`Appendix J:
`
`Legal Issues
`
`xv
`
`PAGE
`
`6-5
`6-5
`6-7
`6-10
`
`7-1
`7-2
`7-2
`7-3
`7-3
`7-4
`7-8
`7-8
`7-8
`7-9
`7-10
`
`A-1
`
`B-1
`
`C-1
`
`D-1
`
`E-1
`
`F-1
`
`G-1
`
`H-1
`
`I-1
`
`J-1
`
`Compass Bank, et al.
`Exhibit 1005
`Page 17
`
`
`
`Compass Bank, et al.
`Exhibit 1005
`Page 18
`
`Compass Bank, et al.
`Exhibit 1005
`Page 18
`
`
`
`LIST OF FIGURES
`
`FIGURE
`
`2-1 Typical Digital Signature Scheme
`
`3-1 Users with a Common CA
`
`3-2 Users with Different Cross Certified CAs
`
`3-3 Users with Different CAs under a Single PCA
`
`3-4 Users with Different Cross Certified PCAs
`
`3-5 Users with Different PCAs under a PAA
`
`4-1 Communities of Interest Alternative
`
`4-2 Organizational Alternative
`
`4-3 Assurance Level Alternative
`
`4-4 Sample Hybrid of Certificate Management Infrastructure
`
`4-5 Example of COI Alternative
`
`4-6 Example of Organizational Alternative
`
`4-7 Recommended National Certificate Management Organization
`
`4-8 Interoperability through One Global Root
`
`7-1 First Phase of Public Key Infrastructure
`
`B-1 The DSS Signature Process
`
`B-2 The DSS Signature Verification Process
`
`E-1 PEM Key Management Infrastructure
`
`F-1 Proposed 1992 CCITT X.509 Certificate Format
`
`F-2 1988 CCITT X.509 and PEM Certificate Format
`
`G-1 PEM CRL Format
`
`xvii
`
`PAGE
`
`2-2
`
`3-2
`
`3-3
`
`3-4
`
`3-5
`
`3-5
`
`4-7
`
`4-8
`
`4-9
`
`4-10
`
`4-11
`
`4-12
`
`4-18
`
`4-23
`
`7-5
`
`B-2
`
`B-3
`
`E-3
`
`F-2
`
`F-4
`
`G-2
`
`Compass Bank, et al.
`Exhibit 1005
`Page 19
`
`
`
`FIGURE
`
`G-2 CCITT X.509 CRL Format
`
`G-3 ANSI X9.30 CRL Format
`
`G-4 Recommended PKI CRL Format
`
`I-1 Entity Spreadsheet Layout
`
`PAGE
`
`G-3
`
`G-4
`
`G-5
`
`I-26
`
`xviii
`
`Compass Bank, et al.
`Exhibit 1005
`Page 20
`
`
`
`LIST OF TABLES
`
`TABLE
`
`4-1 Summary of Policy-Setting Body and Users for Each Alternative
`
`4-2 Infrastructure Management
`
`6-1 Total Start-Up Cost Estimates
`
`6-2 Total Yearly Cost Estimates
`
`6-3 Start-up Costs
`
`6-4 Yearly Costs
`
`6-4 PKI Yearly Costs (Concluded)
`
`6-5 Cost per Message and Yearly Cost per User
`
`I-1 Combined Translation Table
`
`PAGE
`
`4-5
`
`4-20
`
`6-4
`
`6-5
`
`6-6
`
`6-8
`
`6-9
`
`6-12
`
`I-30
`
`xix
`
`Compass Bank, et al.
`Exhibit 1005
`Page 21
`
`
`
`SECTION 1
`
`INTRODUCTION
`
`1.1 BACKGROUND
`
`As information technology becomes cheaper and proliferates further in both office and
`home environments, use of electronic messaging and electronic commerce is becoming
`widespread. The transaction of business electronically is further spurred by the National
`Information Infrastructure (NII) and by the Defense Information Infrastructure (DII)
`initiatives. Advances by telecommunications service providers and by the cable industry in
`establishing a national information highway also play a major role in the growth of
`electronic commerce. Together, the information technology revolution and the
`communications infrastructure initiatives are changing the way we do business. They are
`bringing about a new interconnection of individuals and organizations both nationwide and
`worldwide. But this interconnectivity and reliance on electronic communications makes the
`information being carried more vulnerable to attacks – attacks to information confidentiality
`in the form of eavesdropping, to data integrity through message modification or substitution,
`to origin integrity by an impostor's submission of messages in another user's name, and to
`message dependability destroyed by the possible future repudiation of the message by its
`sender.
`
`Public key cryptography can play an integral role in providing end-to-end security of
`information in terms of confidentiality, integrity, and proof-of-origin. This cryptography is
`based on asymmetric keys. Each user has two keys: one is called the public key and may be
`available to everyone, the other is called the private key and is known only to its owner.
`When two typical users, call them Alice and Bob, communicate, they can use their public
`key capability to keep their messages confidential. If Bob wishes to hide the contents of a
`message to Alice, he encrypts it using Alice's public key. Encryption, however, is not
`germane to this study. If Bob wishes to sign a document, he must use a key available only to
`him that is, his private key. When Alice receives a digitally signed message from Bob, she
`must verify his signature. She needs his public key for this verification. She should have
`high confidence in the integrity of that key. If she can be tricked into accepting an
`impostor's public key as Bob's, then she will accept the impostor's signature on documents as
`Bob's also. Digital signature technology offers some of the desired information security
`services, namely sender authentication, message integrity and sender non-repudiation,
`provided that private keys are kept secret and the integrity of public keys is preserved.
`
`In a small community, the integrity of keys can be guaranteed by the manual delivery of
`public keys. This is impossible in national or international electronic messaging and
`commerce environments. Anyone, anywhere, may send a message to anyone, anywhere.
`There is no way to exchange thousands or millions of keys manually and their storage is also
`difficult. This study addresses the management of public keys which will facilitate digital
`signatures for the worldwide electronic transactions of the Federal Government. It is
`
`1-1
`
`Compass Bank, et al.
`Exhibit 1005
`Page 22
`
`
`
`assumed that readers of this report are familiar with public key cryptography in general and
`with the Digital Signature Standard (DSS) in particular. For those who are not, appendix B
`contains a brief description of the standard.
`
`1.2 PURPOSE
`
`The following agencies in the United States Federal Government wish to explore the role
`of digital signatures in electronic commerce within in the Federal Government: Advanced
`Research Project Agency (ARPA), Department of State, Federal Bureau of Investigation
`(FBI), General Services Administration (GSA), Internal Revenue Service (IRS), National
`Aeronautics and Space Administration (NASA), National Security Agency (NSA), and
`United States Postal Service (USPS). These agencies have asked the (NIST) to study the
`technical, policy, and legal issues associated with establishing an automated system to
`manage keys electronically and distribute public keys and associated public key certificates.
`
`NIST has tasked The MITRE Corporation to study the alternatives for automated
`management of public keys in a national and international environment. The focus of the
`study is the Federal Government operations. However, the study also needs to address the
`issues on a global basis, since the Federal Government conducts business with both national
`and international entities (governments at various levels, private citizens and business, and
`other organizations).
`
`The automated management of public keys is henceforth termed the Public Key
`Infrastructure (PKI). The purpose of PKI is fourfold:
`
`1.
`
`2.
`
`3.
`
`4.
`
`Generate public key certificates that bind the identity of users and their public keys
`in a secure manner
`
`Provide users, directly or indirectly, with easy access to the certificates of other
`users
`
`Provide users with easy access to circumstances (security policy) under which the
`certificates were issued.
`
`Provide users, directly or indirectly, timely announcements of certificate
`revocations.
`
`The purpose of this study is fourfold:
`
`1.
`
`2.
`
`Identify policy and legal issues in the use of digital signatures in the Federal
`Government operations
`
`Identify policy, technical, and legal issues related to the operation and the
`management of the PKI
`
`1-1
`
`Compass Bank, et al.
`Exhibit 1005
`Page 23
`
`
`
`3.
`
`4.
`
`Develop PKI alternatives for federal agencies and techniques for selecting