[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: three digital signature models ... for x9.59

an account-authority has some characteristics of a certificate
authority ... it basically has registered a public key for an
account (in much the same way a certificate authority registers
a public key).

rather than pushing a digital certificate around ... an account
number is pushed around.

in the x9.59 model ... a credit card issuer is an account-authority
and registers a public key for the account. the holder of the
account signs a transaction and sends it to a merchant ... the
merchant forwards the digital signature to the issuer where it
is validated ... no certificate is required.

there is also the case of something like a utility that might
register a public key for a person's account; signed transactions
come in directly (not forwarded from 3rd party like in the x9.59
credit-card case) and digital signature verified directly from
the account record information. again no certificate is required.

account-authorities can operate w/o issuing certificates for
offline verification ... just accounts numbers (value of which may in
fact be the public key). account-authorities can operate just
by registering public keys (analogous to the way that
certificate authorities certify public keys). biggest difference
is whether offline verification is supported by pushing
certificate around with the transaction.

at 50k foot level ... there are some pgp key processing
analogies to the account-authority key processing ... but
description uses totally different terminology.

in any case, it doesn't preclude certificates ... and/or
for account-authority to issue certificates ... it just that
account-based operations don't require the certificates.