DPKIps is a patented technology (application number: 2213147.8) that delivers security and verification, primarily aimed at payment systems and financial market infrastructures, though it can be used to secure any form of messaging system. But what exactly is it? Well to understand that we need to understand a little about how typical security models work today for such systems.
Public Key Infrastructure (PKI)
Let’s start with what PKI is. A Public Key Infrastructure (PKI) is commonplace on the internet, within financial institutions or anywhere that requires a level of security for verification. The premise of PKI is that anyone can verify a digital signature from anyone else, if you have access to the private keys corresponding public key. The two keys are cryptographically linked so that every private key has only one public key and vice versa.
PKI relies on a small number of trusted certificate authorities (CAs) to be the root of trust. Online, our web browsers rely on a small number (hundreds) so that they can easily manage the number of CAs. In a web browser implementation, the owner of a private key, relating to the identity of a website, gives their public key to a CA who signs it with their own private key. The CA then issues a public key certificate. Web browsers check this public key certificate each time you connect to a secured website that offers encryption (HTTPS connections).
Messages, especially those that are associated with things like payments, need to be secured and they need to show that the data within the message is valid and hasn’t been tampered with. Now to do this, messages are encrypted and often contain a cryptographic signature. The signature is generated typically by a private key that has been provided to the message originator. The key is provided by a CA or an entity acting as a private CA (typically this is the payment system itself). A public key can be used to decipher the signature, and in doing so, prove the message is authentic and hasn’t been modified.
Typical payment systems issue private keys to participant banks and hold on to the public key. They also send participants a public key that is associated with the payment systems own private key, so that participants can verify messages originating from the payment system.
The process of signing messages is relatively simple and with payment systems like that of Faster Payments in the UK, automated across the banks and the Faster Payment system itself. However, there are some significant issues and security risks associated with the entire PKI setup.
The problem with PKI
PKI is both cumbersome and costly to implement, with its centralised nature becoming a vulnerability, in terms of security but also as a singular point of failure. PKI effectively inserts a “middleman” into our digital trust infrastructure.
For regulated institutions or those seeking to implementing strong security models, a middleman is of great concern. Risks are associated with CA incidents, CA service availability, CA service prices or the CA going into administration. But additional, greater risks exist which institutions attempt to mitigate via complex and costly processes.
A typical area of concern is how private keys are generated, shared and then stored. Issuing private keys almost always relies on a human being involved, either being able to access part of a key or an entire key at some part of the process. If part of a key, its not that hard for some collaboration between individuals and they then have access to complete private keys, effectively compromising them.
For a payment system or FMI, these risks are greater if we think of the middleman being compromised, as in containing bad actors working within the company itself. If the payment system acts as a CA then it is responsible for issuing private keys. If it is able to issue them, then a bad actor potentially can issue keys they have already been compromised or take copies of keys that are being issued/have been issued. The danger here is, messages can now be inserted into the payment system that, when verified will state are authentic – though they are clearly fraudulent.
So, while PKI has been for a long time, the go to solution for security, it has always come with its own set of risks, challenges and security issues. Is there a better solution our there? What’s the solution fit for the 21st century and web 3.0? Well, we at ID Crypt Global believe the solution is decentralized, and its DPKIps.
The solution to a centralised PKI, is to move to a decentralised root of trust, that nobody owns, but everyone can use. The blockchain technology that ID Crypt Global utilises enables the re-imagination of the root of trust model. This is used to enable digital identities to be trusted and cryptographically verifiable, however it does this without a typical PKI solution. Opposed to relying on a CA for its cryptographic root of trust, with DPKIps a consensus algorithm is used, operating over many different machines, and replicated by many different entities in a decentralised network.
ID Crypt Global’s Patented DPKIps solution, delivers a highly robust, automated, and secure Decentralized Public Key Cryptography solution. The application of which enables entities to verify each other’s identity, and then execute processes such as key generation, rotation and the sharing of public keys – which is done securely and bi-laterally only with DPKIps. The technology does all this in an automated fashion and without a human ever being able to see or access any of the associated keys.
Payment messages that flow can then be signed with keys generated and exchanged via DPKIps, bringing the necessary cryptographic security and verification capabilities required to the message. Note though, these keys were issued and live outside of the scope of the payment system and have no CA. These keys therefore significantly improve security while reducing operational risk and all costs associated with a PKI.
Additional benefits can be enjoyed when we use DPKIps across multiple systems. DPKIps keys are linked to, “the relationship” between entities and not just to an entity. A relationship can be tied to a specific payment system, FMI or any other form of messaging network. In working this way, participants have a standardised way of securing messages without introducing risks of a shared PKI solution. By using DPKIps across multiple systems, the participants enjoy a multiplier effect on their simplification of processes, resiliency improvements and reduction in costs. The same can be said for the payment systems, FMIs and messaging networks that opt to work in this way too.
So, to answer, what is DPKIps? It is a decentralized cryptographic approach to security that brings new levels of security, trust and verification to our most critical infrastructure.