Frank Sudia, PKI Impact

Frank Sudia: Impact on Information Security and PKI

May 2023

I could have received a Lifetime Achievement Award for my contributions to Information Security and Public Key Infrastructure (PKI), plus an honorary PhD in Computer Security, however most of what I did was never documented, and my major project collapsed under a cloud of bad management. So here is a summary.

Although I had used computers since the late 1970s, and worked as a business system programmer since 1985, I knew little about information security, apart from once using a password to scramble sensitive location data in an archaeology database.

I had moved to New York in 1989, initially working for a proxy voting service bureau, which gave me hands on exposure to the securities industry, where I served as lead developer on a system that handled most contested US proxy elections, which were often in the business news.

Upon moving to Bankers Trust Co. (BT) in 1991, I was no longer supporting a single system, but working in a central tech unit, providing bankwide systems level support to multiple business lines. One such internal client was the Lending System 2 (LS/2) project, which was being developed to automate the Bank's Syndicated Lending business. For example if some hotel developer wanted a $100 million loan, the system could easily assemble a syndicate of 20 banks to farm out the credit risk. (Prior to this I had been assisting on the rewrite of our Repo System, which tracked overnight repurchase agreements, handling up to $22 billion per day.)

We were rolling out OS/2 desktop PCs on a Novell token ring network, and the Federal Reserve auditors had ordered us to stop sending passwords in the clear, which could easily be sniffed, and switch to 2-factor ID using Enigma Logic tokens that generated one-time codes. Our group was tasked to develop an Authentication server for token interactions, with LS/2 as our first customer, and myself as lead developer. We had licensed RSA BSafe, which was still under patent, mainly to create an authenticated Diffie-Hellman session out to the client.

Mercifully, the BT Authentication System (BTAS) system was a success, thanks to my writing the server in C on OS/2, with 2 guys supporting me on Windows GUI [DY] and database [MM]. It was adopted Bankwide, eventually reaching 40,000 corporate users accessing 240 business applications at BT-successor Deutsche Bank (source KD), also used at State Street Bank and Goldman Sachs, and was spun out as the Indigo system. (Multiple staff on this project went on to senior info-sec positions at other banks.)

Before the Internet, your knowledge was limited to what you could read in magazines or books, or learn on the job. While researching this project, I subscribed to Communications of the ACM, which included early discussion (by Ron Rivest) of “key escrow” as a possible response to government demands to access the contents of encrypted communications.

I thought to myself, if keeping encryption keys in trusted storage could help Society, then possibly the banking system, which serves as a “trusted intermediary” in business, could step up and serve as a trusted repository of keys, in case of government demand. Hardly anyone had heard of this idea, so it wasn't yet controversial, and it seemed like an interesting new automated trust business.

By this point Silvio Micali had filed his 2 Fair Cryptosystem patents, which the system I had in mind would infringe, so some deal would be necessary. Undaunted I forged ahead filing one patent on an escrow based system, which contained enough subsystems to be granted 6 patent numbers. (Among other things the system enforces the scope of the warrant, and securely logs all access to the content.)

(My patents often cite Micali, but if you include his related entities (Corestreet, Phil Libin, Assa Abloy) they cite me around 10 times more than I cited him.)

Meanwhile, it was becoming widely (if erroneously) believed that some form of national PKI was needed to support Privacy Enhanced Mail (PEM) and paperless office solutions. And since PC operating systems were (and still are) non-secure, we needed real hardware security as well.

An Intel engineer [DD] was working on a secure processor unit, by adding encrypted communication and memory, plus other security features including a random number generator and processor serial number, to a tape-out of their last generation '486 chip. (The part would have its own key-pair and device certificate, so it could identify itself and its capabilities.) My goal was to partner with Intel to create real hardware secure PCs for use as banking terminals, with us providing the PKI certificates and possibly key recovery services into the deal, which the chip makers would need, and certainly didn't see as part of their business. (I was planning to write on my tombstone, “He Made the Internet Secure.”)

(I could have filed further secure-device patents that would have covered much of what later became Digital Rights Management (DRM), but by then I had already filed so many patents, none of which had been implemented, that I couldn't get approval to file any more.)

The term “digital signature” originally referred to Identification Friend or Foe (IFF) transponder systems for combat aircraft. However, despite the similar wording, there was no well defined effort to actually deploy them as “signatures” in paperless business systems. To fill this gap, I (along with Rich Ankney, still at Fischer Intl.) wrote an early paper entitled Commercialization of Digital Signatures (Feb 1994), which supported my getting BTEC funded a few months later.

After filing our escrowed encryption system patent, I turned to the problem of creating a bank-ready Certificate Authority (CA). Bolt Beranek & Newman (BBN), a military security consulting firm, was marketing their so-called BBN box, which included on-board public/private key generation with tamper resistant storage, the idea being that the private key would never leave the box.

At one moment, Jim Bidzos, then CEO of RSA Data Security, pointed at their BBN box, which was gathering dust in a work room, and offered me a job to create a PKI certificate business. I declined (one of my worst-ever career moves, since he went on to found Verisign) since I believed a serious trust service needed to be run out of a well capitalized and risk-managed firm, not some flimsy startup.

Having just written a major security system and gotten it through a bank audit, I seriously doubted the auditors would go for the “metal box” solution, since it had no backup, and thus lacked a disaster recovery or business continuity solution, including from its own internal failure. Meanwhile, Micali's Fair Cryptosystem had the idea of splitting encryption keys for security, which seemed a lot wiser than a single point of failure.

In a flash of insight, it occurred to me that since RSA and Diffie-Hellman keys are exponents in a math formula, we could likewise split them using High School Algebra, since adding the exponents is the same as multiplying the numbers together. Thus we could break up the private key (or generate the key shares independently, such that when added together they would yield the private key) and keep them in separate locations. Now they're safe to handle and back up, since alone they do nothing.

All the mathematicians at NSA, Sandia National Labs, and NIST had not thought of that one, or if they had, no one published anything, so we were granted a patent on Multi-Step Signing (MSS). Soon after we filed a more sophisticated Adaptive Multi-Step patent, designed by Sandia mathematicians we had hired. NIST is currently organizing a bake-off for a national Threshold Cryptosystem Standard, to formalize this concept and promote its security and key management benefits.

Meanwhile, I was attending encryption standards meetings at ANSI X9, the accredited standards body for financial services. The widely used Data Encryption Standard (64-bit DES) was becoming insecure, and options to replace it including Triple-DES were being discussed. I was an early advocate that, in view of possible future algorithm obsolescence, we should not hard code the standards, as had been done with DES, but rather define the algorithm ID and key length to be variables.

I was the first to suggest (to Miles Smid of NIST) that a certificate issuer needed a Certificate Practice Statement (which promptly became standard), so the user who seeks to rely on a certificate knows what policies were followed, such as whether no checking was done, versus commercial or military grade, etc. This simple legal fix got most low budget CAs off the hook, allowing them to issue low cost certificates in situations where more was not required.

PKI certificates were already defined in the ISO X.509 network directory standard, which was under joint development via an ANSI X9 committee (chaired and attended by the same people as the ISO committee). However, in early versions the format was restricted to pre-defined fields such as Name, Organization, Org Unit, Validity Period, etc. which lacked extensibility, and business information was being overloaded into the name fields. As a lawyer I figured this would never fly, and in my single biggest contribution to PKI, I suggested adding a variable extension field that businesses could use to customize authority restrictions and refer to policy statements, etc.

This was adopted in X.509 Version 3, which led to multiple PKI companies (other than ours) attaining multi-billion dollar valuations, based on the so-called “standard extensions,” of which around 37 are defined in RFC-5280 (2008), and users can create their own. As usual, I was the only lawyer in a room full of networking experts, and this was another of my clever legal fixes, which enabled the rapid takeoff off SSL for online credit card payments.

One of my driving visions was a universal electronic legal document system (which has never happened, since most certificates are only for SSL). Addison Fischer had received a few patents on Electronic Document Authorization (EDA) certificates. After reading them I filed 2 more, and then Rich Ankney and I authored a new standard ANSI X9.45 to define Authorization certs. Various such controls are common (in both finance and government) when signature authorities are high (such as $10 million, $100 million, etc.), so I designed something that could encode the authorities our Bank was using. X9.45 was never implemented, due to Fischer feeling underpaid, but it could be revived now that the patents have expired.

In a parallel effort, I played a leading role in the American Bar Association, Section of Science & Technology, Information Security Committee, serving on the Editorial Committee for their Digital Signature Guidelines, where I provided a banking perspective. Some of my suggestions, such as root key suspension and modular certificate practice statements were not adopted. And I wasn't the prime creator of Digital Signature Law, since Alan Asay of the Utah court system, who we later hired, had already developed his legal model of "Subscriber, Certificate Authority, and Relying Party," which became the worldwide standard.

As a side project, I attended an ASTM Medical Records standards meeting in Philadelphia. The group was debating who had access rights to medical records, given that under default Copyright Law, each physician would own the copyright in their patient notes. I piped up and suggested that (as a matter of practicality) the records should belong to the patient, to facilitate transfer between providers. I'm not sure of events after that, but that policy approach was adopted.

Something else the PKI field needed was credible security auditing. Each company needs to pass its own security audits, and it likewise needs proof that its service providers, such as any outside CAs, are adequately secure. The obvious place to get such auditing standards was from the American Institute of Certified Public Accountants (AICPA), who had never heard of PKI.

In one of our great moments, a group from the ABA Information Security Committee including Mike Baum, Joe Wackerman of the US Postal Service, Rich Field, Chuck Miller (who later became our general counsel) and myself attended a meeting of the AICPA Computer Audit Committee. At first we sat through a discussion on how auditors needed some way to audit “through the computer.” Then at the end we introduced ourselves as ABA representatives and inquired how could we get them interested in computer security auditing?

(This was an official ABA mission, since Mike was our committee chair, and I'm sure he ran it by his boss Tom Smedinghoff, Chair of the ABA Section of Science & Technology above him.)

Our Bank was using an accounting standard called SAS-70, wherein for example a bank providing pension services can obtain an audit of its own operations, a summary of which which can then be given to a corporate client to submit as part of their audit for SEC purposes, since pension liabilities are a material part of their financial statements, without their auditors needing to audit us as well.

In seeking this meeting, my idea was that the AICPA should beef up and reissue SAS-70 to make it support transferable audits of service provider security. Although I had minimal further involvement, this was done, leading to the modern SSAE-18 standards with their SOC 2 & 3 options. Since then WebTrust and SysTrust audits have become a standard offering for the major accounting firms.

Banks are regulated and can only engage in approved lines of business, including an exception for data processing services. Operating a Certificate Authority (CA) to issue PKI certificates might have passed muster under the Data Processing Exception, but we were successful in getting the Federal Reserve to issue a ruling that, as with the traditional notary business, certifying digital data would also be considered “the business of banking,” not requiring an exception.

(One standards committee was looking to standardize RSA for government use, but “RSA” was trademarked, so they asked me what should they call it? I said call it “RDSA” for reversible digital signature algorithm, which resonated with their preference for DSA based signatures. The resulting rDSA Standard is still going strong, and since they were mainly copying prior standards, coming up with a workable name may have been 10% the project.)

I designed or co-designed many other security systems, including reliance management (to determine the total signature risk outstanding), crypt-wrap contracting (to impose contract terms on a certificate end user), certified electronic mail (to provide read receipts with minimal third party involvement), numerous certificate revocation and signature authorization schemes, a wire-transfer inspired micro-cash system (which was briefly evaluated by the NY Federal Reserve), a honeypot system to lure and track hackers, and others. However, none of these were built or deployed, so my public impact has been limited mainly to the items discussed above.

Our in-house BT Electronic Commerce (BTEC) unit was founded in 1994, a year prior to Verisign, which helped them get funding. My original idea, based on my securities processing background, was to initially create a low-key banking industry utility, akin to the Depository Trust Company (a nearly invisible Wall Street stock and bond custody system), to provide certification and key management.

BTEC was spun out in November 1996 as CertCo, LLC with institutional [Tisch, Greenberg] and strategic [Intel, Fischer] investors, raising $30M at a valuation of $150M, in a transaction managed by Goldman Sachs. I had started research in 1993 (filing my first patent on 1-14-94), so by late 1996 I had 3 years into it, devising its concepts and managing the policy and standards spaces. (3 years x 50 weeks a year = 150 weeks, so $150M / 150 weeks = $1M/week = my apparent value-add.)

However, the Bank let the project be taken over* by an incompetent manager, prompting my departure in early 1997, and when basic solutions** could not be delivered, the focus shifted to an aspirational, high profile, industry-wide system that looked good on PowerPoint, but was also never delivered. (A remnant of that effort can still be seen in Identrust, which I inspired but declined to partner with us.)

[* The senior exec [BJK] who signed off on this ill-fated arrangement was later indicted for theft of $18 million of unclaimed funds payable to the State of New York. He was sentenced to community service, and the Bank paid $63.5 million in fines. While it was soon recognized that this was a mistake, no one had the moral strength to push back. The Bank had Vernon Jordan on its Board, who was later criticized for lack of interest in senior management ethics.]

[** For the record, coming off my recent success with BTAS, given available software and developer pay in the 1990s, I could have easily produced beta versions of all 6 systems I designed for CertCo (CA, AA, RM, CW, AQ, KE) for under $1.5 million total, net of overhead and legal. Yet due to warped management focus, we had already burned $14 million by the time of the spinout.]

In 2000 the music stopped due to the Dot-Com stock market crash, and the company closed in early 2002, after burning over $100 million, with peak staff over 120, and after inducing scores of global banks to collectively burn $400 million (source JH), still with no meaningful products or revenue. As I often say, "Few people have ever heard of CertCo, and those who have don't think very highly of it." This was a good-sized failed deal, but it was dwarfed by other Dot-Com Era failures such as Webvan and CommerceOne, and would have been rounding error during the 2008 mortgage bond market collapse.

Many aspects of my system were documented in the book “What Information Security Really Is” (Itakura, 2002) written by a Japanese bank participant, available only in Japanese. (I never wrote a book, preferring not to talk up the value of assets I didn't control.) Among the more tangible impacts of CertCo were that banks stopped partnering with info-sec companies, and declined to offer e-trust services, while many of our staff went on to thrive in the still-nascent info-sec industry.

After leaving the Bank, I happened to sit next to former Reuters exec Jim Rutt on a shuttle flight from NYC to DC. He had just been named CEO of Network Solutions (NetSol), so I pitched him to hire me to build PKI into his offering. He brought me in as a consultant, during which I explained what certificates were, and pointed out that there was no button on their website to give them $500 for a certificate, as Verisign was charging.

Rather than hire me to build an in-house CA business from scratch, Rutt started looking to buy Thawte, a leading CA based in South Africa. However, as he later explained, his Board (dominated by corporate parent SAIC) declined to proceed (due to jealousy by SAIC staff that their spinout was already way too successful). Disgusted by their refusal to grow the business, he decided to sell it.

In 2000, at the peak of the dot-com bubble, Netsol was acquired by VeriSign for $21 billion in stock, $7 billion above its market valuation the day before, valuing them at 1/3 of the combined company (without, so far as I know, ever issuing a certificate). I call this my “$7 Billion Idea.” He told me that, had he been allowed to buy Thawte, the ratio would have been 2/3 to 1/3 (minus the cost of Thawte). Thus, although I was never involved in Verisign, I had major “impact” on them. (1 getting it funded, 2 buying NetSol.)

(At one point Rutt asked me if I wanted to be his head of M&A, which would have given me a front row seat for his maneuvering, but I declined due to fear I didn't have enough deal experience – of ones that had been successful.)

Years later Verisign exited the certificate business (selling out to DigiCert) after Google accused them of issuing fishy certificates and the major browsers “distrusted” their root key. There is still a Verisign today, consisting mainly of NetSol's former domain service and Internet root servers. (So it's a good thing they bought NetSol, since that business is still doing okay.)

Leaving New York City in 2000 and relocating to Silicon Valley, I tried to get a few projects funded, but got nowhere due to the Dot-Com stock market crash and ensuing recession. And there was no going back to New York, since the NY banks had laid off 1/3 of their staff, BT had gone under in 1998 and been acquired by Deutsche Bank, and every senior contact had left.

Working for security startup IPLocks in 2002, I helped design and market their database security and integrity monitoring system, which is now FortiDB, a successful product of FortiNet.

Controversy -- After the attacks of September 11, 2001, I drafted an article on Restoration of National Sovereignty [WITHDRAWN], outlining how Congress could regulate encryption, and sent it out for comment. Alas it contained errors and was uniformly panned, leading me to withdraw it, but not before it led to an NSA denial (“It's not going to happen”), an NAS rebuke (“Nothing new”), inspired the Cypherpunk mailing list to go private, inspired right wing groups to go around overturning state laws regulating knife lengths, which I had suggested were analogous to key lengths, and turned me into a perceived enemy of crypto-freedom and privacy lovers.

(The reason the "key recovery debate" never gets anywhere is Nat-Sec's refusal to let itself be audited, despite persistent reports of intel-abuse, and refusal to deal with any technology system other than as a pass-thru or puppet, while loading it up with backdoors that would make anyone cringe. Hence the tech industry's low enthusiasm for such ideas. When I touted our system's support for user-selectable escrow agents, the NSA case officer scowled at me like I was a poisonous snake.)

Thus it was good news when ChatGPT (on 4/2/23) completely misstated my background, and said I developed a popular open-source network monitoring system!

Then in 2003 I took a job as general counsel of Avocet Sports Technology, Inc. (Palo Alto, CA), which I held for 10 years. This got me away from Internet Security, helped me develop my legal and business skills, and didn't create AI patent conflicts.

Some major impacts these events had on Me included that, (a) I redoubled my efforts to solve problems in my philosophical system, and (b) when I achieved my next major breakthrough in 2003, allowing its AI theory to get off the ground, I vowed to “take good care” of what I had discovered, not letting others make a circus of it, and keep quiet until it could be more fully developed and documented.

I expect to extend this into a much longer memoir, but the above covers many highlights of my career in Information Security.

Home / AI-Ethics