Overview

The One-Time Private Key (OTPK) Technology utilizes a revolutionary concept that the Private Key (typically residing in a smartcard) is to be used only once, and immediately discarded.

In a typical Private Key Infrastructure (PKI) system, each user has to initially register securely (e.g. Two-Factor Authentication) to the Certification Authority in order to be issued the digital certificate. Subsequently, with the possession of the certificate, the user can use the Private Key, for the duration of the certificate validity, to compute a valid and recognized digital signature for a transaction.

In contrast, the Private Key in the OTPK system is for one-time or per-session use only. In the OTPK PKI system, each user will always generate a new Private Key and register securely with the Certification Authority in order to be issued with a digital certificate, for every transaction or for every session. Once the Private Key is used or when it is expired with the session, the Private Key is erased and discarded. There is no need to permanently store the Private Key in any media. While such a process sounds cumbersome, the overheads are actually not much more than any mobile credential solution, but the benefits are tremendous.

The advantages of the OTPK versus a conventional PKI are: No need for smartcard Much smaller window of compromise No need for large LDAP systems No need to maintain CRL Low learning curve for users Easy interface into Two-Factor / biometric or other authentication solutions Private Key always in the possession of the user (Compliant to digital signature laws) Protocol is interchangeable for all asymmetric algorithms Scalable Efficient and effective business and pricing model for CA