|
The OTPK Technology utilizes a revolutionary concept that the
Private Key (typically residing in a smartcard) is to be used only once, and
immediately discarded.
In a typical PKI system, each user has to initially register
securely (e.g. 2-factor authentication) to the Certification Authority in
order to be issued the digital certificate. Subsequently, with the
possession of the certificate, the user can use the Private Key, for the
duration of the certificate validity, to compute a valid and recognized
digital signature for a transaction.
In contrast, the Private Key in the OTPK system is for one-time or
per-session use only. In the OTPK PKI system, each user will always
generate a new Private Key and register securely with the Certification
Authority in order to be issued with a digital certificate, for every
transaction or for every session. Once the Private Key is used or when it
is expired with the session, the Private Key is erased and discarded. There
is no need to permanently store the Private Key in any media. While such a
process sounds cumbersome, the overheads are actually not much more than any
mobile credential solution, but the benefits are tremendous.
- No need for smartcards for users
- Much smaller window of compromise
- No need for large LDAP systems
- No need to maintain CRL
- Low learning curve for users
- Easy interface into 2-factor / biometric or other authentication
solutions
- Private Key always in the possession of the user (Compliant to
digital signature laws)
- Protocol is interchangeable for all asymmetric algorithms
- Solution is very scalable
- Efficient and effective business and pricing model for CA
|
]
Back to Top
