Document Type

Article

Date

Spring 2-2011

Keywords

Certificate, Authentication, Authorization, Protocol, Trust, Wholesale Banking

Language

English

Disciplines

Computer and Systems Architecture

Description/Abstract

A gap exists between wholesale-banking business practices and security best practices: wholesale banks operate within the boundaries of contract law, while security best practices often relies upon a benevolent trusted party outside the scope of straightforward contracts. While some business domains may be able to bridge this gap, the ultra-high-value transactions used in business-to-business banking substantially increase the size of the gap. The gap becomes most apparent when regarded from the perspective of interoperability. If a single user applies the same credential to sign high-value transactions at multiple banks, then the trusted-party model becomes overly cumbersome and conflicts with an acceptable concept of liability. This paper outlines the business complexities of wholesale banking and proposes a solution called Partner Key Management (PKM). PKM technology manages the credentials required to authenticate users and sign transactions. This paper presents PKM technology by describing an interoperable protocol, requisite data structures, and an interoperable XML definition. The paper uses formal methods to demonstrate a security equivalence between revocation options within PKM against the security offered by the traditional Public Key Infrastructure (PKI), a technology that features the benevolent trusted party.

Share

COinS