The Role Of Certification Authorities In Consumer Transactions

3. BACKGROUND.

(a) Glossary.

{3.1} Discussions about PKI are notoriously burdened with acronyms and technical terms. The following is a non-comprehensive glossary of some of the key terms used in this Report.

{3.2} Certificate or Digital Certificate. A digital certificate contains information about the consumer (including the consumer's public key) and is signed using the CA's public key. See Appendix 1 for a more complete description.

{3.3} Certificate Revocation List ("CRL"). A list of all digital certificates from a specific certificate authority that have been revoked.

{3.4} Certification Authority ("CA"). A certification authority provides to consumers a digital certificate that links a public key with some assertion about the consumer (e.g., the consumer's identity, the consumer's account at a financial institution, the credit payment card number, etc.). CAs may offer other services such as time-stamping, key management services and CRL services.

{3.5} Certification Practices Statement ("CPS"). A statement of the CA's practices with respect to a wide range of technical, business and legal issues that may be used as a basis for the CA's contract with the entity to whom the certificate was issued (in this Report, normally the consumer). In an open system, the degree to which the CPS of the consumer's CA may provide a contractual basis governing the merchant's rights and obligations is unsettled. In a closed system, CAs will likely have the opportunity to enter into contracts with all parties to a transaction, and the CA's CPS will presumably be incorporated into such contracts.

{3.6} Consumer. An individual procuring goods or services online. In an open system, the consumer is often referred to as a "subscriber" upon the consumer obtaining a certificate from its CA. This distinction might be confusing in situations where both the merchant and the consumer have digital certificates that are used to conclude a transaction. In such circumstances, both parties are "subscribers."

{3.7} Merchant. An entity offering goods or services online that will receive a certificate as part of the process of completing the transaction with the consumer. In an open system, the merchant is often referred to as the "relying third party."

{3.8} Private Key and Public Key. The use of digital signatures requires the creation of a pair of mathematically-related, large composite prime numbers. One of these numbers is arbitrarily called the public key and the other is called the private key. The private key is kept secure, while the public key is made publicly available. By definition, every public-private key pair is completely unique, so there is only one public key for every private key.

(b) Model Internet Commerce Transaction Utilizing Digital Signatures.

{3.9} Describing digital signatures and CAs proves to be a rather complex task. We have prepared the following diagram as a simplified way of illustrating the situation where the consumer delivers a certificate to the merchant as part of an online transaction. Readers should note that many complexities have been abstracted away from this diagram. This diagram also does not reflect the possible delivery of merchant's certificates to consumers to authenticate the merchant's identity.

{3.10} In summary, the process generally may work as follows:

Step 1: Consumer generates a public and private key using a key generation system (either software or software combined with hardware) resident on the consumer's system.

Step 2: Consumer provides a CA with identifying information and the consumer's public key. The CA provides the consumer with a certificate.

Step 3: The consumer and the merchant enter into a relationship; the consumer delivers order information and possibly payment information (e.g., "allow me to read your online magazine and bill me at my home address" or "send me the following goods and debit account number 123456789" or "allow me to download your report in exchange for this contractual promise to pay you") digitally signed by the consumer using the consumer's private key, and the consumer's certificate signed by the CA's public key.

Step 4: The merchant verifies the certificate (and any certificates of the CA or its CAs) and checks the certificate revocation list (if one exists) to confirm that the certificate has not been revoked.

Step 5: The consumer and merchant complete the transaction.

(c) Why Use Certificates?

{3.11} There are three primary goals that can be facilitated by a PKI: authentication, non-repudiation and message integrity. To varying degrees, certificates can play a role in fostering these objectives. A fourth goal of a PKI, confidentiality, raises issues outside the scope of this Report.

{3.12} This Report focuses on the use of certificates to promote authentication. In this context, authentication means confirming the identity of a party. Merchants would desire authentication of consumers as a way to enhance the likelihood that they are dealing with the person who is in fact the true owner of the public key. This promotes merchant comfort that the transaction is legitimately placed and provides potential recourse in the event there is a problem.

{3.13} Conversely, although not dealt with specifically in this Report, consumers will want certificates from merchants to authenticate merchant identity. Consumers would desire authentication of merchants as a way to enhance the likelihood that they are dealing with the merchant who is in fact the true owner of the public key. This promotes consumer comfort that the ordering information (including terms about payment mechanisms) is not being collected by a party who intends to abuse the ordering information.

{3.14} Non-repudiation means that a person making a statement (such as a consumer placing an order) is not able to deny making the statement. If the mechanisms to authenticate identity work properly, the goal of non-repudiation would be facilitated; if identity is confirmed, there would be few grounds on which the consumer could say that the statement attributable to them was not actually made by them. While digital signatures may prove to be an excellent way to obtain non-repudiation, currently private keys are maintained in environments -- such as on hard drives or networks which are password protected -- where they could theoretically be expropriated with less effort than would be required to determine them through a brute force attack on the keys themselves. Hardware tokens, such as storing private keys on smart cards, would confirm that the user of a private key is the party authorized to do so; hardware tokens tied to biometric devices would provide even more assurance.

{3.15} Merely providing authentication helps reduce fraud, at least by permitting recourse in the event there is a problem. Non-repudiation would further reduce fraud by preventing parties from fraudulently denying making a statement that was made. However, few existing systems currently completely eliminate fraud; at most the systems reduce fraud, and uneliminated fraud becomes part of the cost of doing business.

{3.16} Finally, the public key listed in the certificates can be used to validate the message digest, which is a numerical representation of the document's contents to which the digital signature is attached. This tells the recipient of the message (and the certificate) that the contents have not been altered; it also could permit the sender to prove the contents of its message as sent. In both cases, message integrity gives comfort to consumers and merchants that the message contents can be relied upon.