XKI Atomic Signatures™

John H. Messing, Esq.Law-on-Line, Inc.© JHM 2007

This presentation is informational only and not intended as a contribution to a MISMO standard or as legal advice

Conclusions (Morning Session)

•No technology legal prohibitions•Selection left to trading parties•Relying party has greatest stake•Several to choose from

–Appearance–Security–Core application consequences

RELYING PARTY

3.

2.APPRAISAL

1. DATA SOURCES

RELYING PARTY

3.

2.APPRAISAL

1. DATA SOURCES

RELYING PARTY

3.

2.APPRAISAL

RELYING PARTY

3.

2.APPRAISAL

2.APPRAISAL

1. DATA SOURCES1. DATA SOURCES

CORE APPLICATION (Morning Session)

ZILLOW.COM

Form co.

/S JOHN DOE /

A.

B.C.

RELYING PARTY

3.

2.APPRAISAL

1. DATA SOURCES

Technology Considerations (Morning Session)

•Ease of use •Risk elimination•Cost•Savings•Scalability•Complexity of proof•Obsolescence risks

LoL Cryptographic Electronic Signatures• Central server computer• Multiple user types

– Human– Entity– Automatic processes

• Authorized signer is authenticated• Server applies cryptographic signature• Cryptographic signature of the server is electronic

signature of the user

XKI™ ArchitectureAuthenticate Sign

Single or Multi-factoredID

Federated Identity(SAML 2) XKI™ Signature

Engine

Asymmetric EncryptionAtomic Signatures™

Digital Certificate(Smart Card optional)Biometric Voice Iris scan Face Finger

Supported signatures

• Acrobat digital signatures

• Server’s digital certificate

• Atomic signatures™ (symmetric keys)

Digital Signatures explained

– Message digests for data are like photos for people – a convenient reliable short-hand way of referring to them

– Encryption keys are like envelopes– Encrypting a message digest is like putting a photo into a sealed

envelope– Digital signatures are encrypted message digests, or alternatively

stated, like photos that are protected inside envelopes that must first be opened to access the photos

– Tamper evident seals operate by taking a brand new photo of data at the time of verification, opening the envelope, and seeing if the old and new photos match. If they do, nothing has changed.

– If the envelope opens successfully we also know the identity of the key that sealed the envelope originally.

– The sealed envelopes can be integrated with the data or detached from it.

Why message digests are encrypted• For security: encryption thwarts attacks by scrambling message

digests. Attackers cannot predict outcome of attack.• Proves ID through key possession

– Signer used a specific key to encrypt the message digest– Receiving party uses a mate to decrypt– Owner of key pair may be ID’d by a Certificate Authority– Keys actually work to encrypt and decrypt first message digest which

matches second one captured upon receipt• Reduces the processing drain from private-public key operations• Can be enveloping, enveloped or detached – workflow concerns• Atomic signatures™ (symmetric keys)

– Known only to the server(s)– Trusted authority– Signature artifacts as metadata

Recent security threats to message digests• Chinese researchers (2005-6)

– MD5 broken (pre-imaging attacks)– SHA-1 flaws documented

• official federal standard• in all browsers and operating systems• basis for all PKI, including SSL/TLS

• U.S. National Institute of Standards and Technology (NIST) - Quoted: “Walk do not run to nearest exit” -- announcing new effort

• Symmetrically encrypting message digests removes these threats –Atomic Signatures™

Anticipated security threat to digital signatures - QC

• Quantum computers • Computers use atoms instead of silicon chips

– Auto generate parallel processing power– Very powerful

• Break factored prime numbers with ease– Such numbers are basis of asymmetric key pairs just referenced– Crack any digital signature regardless of key length– Whenever created

• Atomic Signatures™ are not based on such numbers – symmetric keys unaffected

• Production models of QC exist today: commercially available ca. 2010+

• Virtual Hurricane Katrina for asymmetric cryptography

Advantages of XKI™ Signatures• Without PKI, no

– Foreseeable technology obsolescence • Easy to use

– Arizona Court of Appeals – since 2001• Lawyers e-filings submitted• Judicial decisions e-distributed• Not one reported complaint from a user

– Store and transport signature metadata as strings• Facilitate multi-signatures for core applications with

detached signatures• Improve scalability and performance

RELYING PARTY

3.

2.APPRAISAL

1. DATA SOURCES

Sig A

ZILLOW.COMA.

•Secure audit trail –Origin–Unchanged–Protected–ID’d

•Core application–Detached signature–Atomic Signature™

•Transportable string•Validate if needed

RELYING PARTY

3.

2.APPRAISAL

1. DATA SOURCES

Sig B

Form Co.B.

•Similar secure audit trail •Like Sig A•Debatable use•Impact of Sig A

RELYING PARTY

3.

2.APPRAISAL

1. DATA SOURCES

Sig C

/s john doe /C.

•Appraiser’s electronic signature•Manifests intent•Tamper evident•Wraps other sigs•Authenticated ID•Time stamp •Self validates•Server-signed

Patented technology

• US No. 6,745,327 – PKI digital certificate– Biometrics used for secure authentication– Secure server signature method

• US No. 7,039,805 – Asymmetric vs. symmetric server signing keys– Signature metadata

• More patents pending• Technology licenses or ASP model

– Volume related charges– Set up, subscription, transaction models– Equity participation in select cases as appropriate– Contact me as shown on next slide for details

End

• John Messing• Law-on-Line, Inc.• 5151 E. Broadway Blvd., Suite 1600• Tucson, AZ 85711• (520) 512-5432 (office)• (520) 512-5401 (fax)• (520) 270-1953 (mobile)• johnmessing@lawonline.biz