AuthentiKey Configuration Service

Simple Technology Demonstration
This simple demonstration illustrates the kinds of information AuthentiKey delivers and roughly how it works. Before we get into the details we should make clear what this demonstration is NOT.

This is not (yet) a real working system. It just looks (a little) like it is.

None of the encryption is enabled (if it were, you couldn't read any of the XML) and the keys are just jibberish with no meaning.

This is not perfect or complete. In creating this demonstration we tried to illustrate the features by showing more elaborate examples than you might find in the wild, so it is a little more complex than is entirely realistic. Our expectation is also that as we learn and grow so will the data we store, so the definition of our formats will change over time.

All of the passwords etc. in this demo are made up, so don't bother trying any of them...they don't work.

Basic Concepts: Basic Data Types

Person
What a "person" is should be pretty obvious. The idea is that there is a constellation of information about each "person" which may be made available to a given device (like a cell phone, computer, PDA, PVR, or what have you) in order to allow it to configure itself. This includes information about services that the person has subscribed to (like email boxes, payment clearance services, instant messaging services, etc.) and each of the devices that the person owns/uses. Here's an example person file.

Device
For every device there is a unique file containing information about what kind of services it gives access to, who owns it, where it is, what it can do, etc. This would allow the constellation of devices that a person owns to know about and know how to communicate with one another. This way when you buy a new cell phone it could offer to import certain data from other devices (like your old cell phone) or could offer to register itself for services that relate to multiple devices (for example, enabling remote door unlocking for your car if you have a telematics package installed). Here are some kinds of devices that would be represented in the system

Desktop computer

Notebook computer

Personal Digital Assistant

Cell phone

Pager

MP3 player

Personal Video Recorder

Telematics Device

Digital Still Camera

Digital Video Camera

Digital audio recorder

Printer

Digital picture frame

Scanner

GPS Mapping Device

Routers, Firewalls, and Wireless Access Points

Of course, anyone can have more than one of any number of these kinds of devices. Here's an example device file. In this case, it is a desktop computer. In the real system there would be a similar kind of file for each registered device.

Service
A "service" is a little more abstract thing. It would include just about any kind of thing a person can do with a device. Here are a few examples of "services":

An email box

A subscription to the online New York Times

A credit card account

An instant messaging account

A website hosting account

A file storage account (such as provided by xDrive)

A PVR program guide and program exchange service

A frequent flier account

A PDA synchronization service (for calendar, contacts, etc.)

A stock trading service

A telematics (vehicle tracking and control) system

A travel booking service

A Usenet News (NNTP) service

A file backup service

A Blog service

A mailing list subscription

While subscriptions to services are part of the data stored in a "person" file, there is also some information recorded about each service that someone could subscribe to in a service file. One example is a service file describing a PVR (in this case TiVo) service. Another example is a service file describing a an EarthLink mailbox.

Keys
In order to have secure storage and transmission (and verification of authenticity) of these basic objects there will be a public key registry where public keys will be distributed. (If this doesn't make any sense to you don't worry...this is all just plumbing that's needed to keep the data secure. Users will never see any of this. Anyone can download any public key they want. Here is an example key file for a person, and another one for a service file of the information if the private key is known.

Data Distribution Scheme
There's a little information about each object which won't be encrypted with user keys because we need it in order to know where to cache the data across the Net and in order to do a few housekeeping chores. For this purpose, there's a "control file" associated with each object which describes where it ought to go. The reason for this might not be immediately obvious, so it deserves a little discussion. When a person grants permission for his information to be released to a given service, he can specify which of his information should be released and this means that we need to pre-sort this information and encrypt it so that it can only be read by the intended recipient, and we can forward it to the appropriate servers. Imagine that you are eBay and you want to use AuthentiKey information which is released by people to make it easier to buy things. For performance reasons you'll want a copy of all of that information sitting on a server in your data center which you can maintain and which will perform as well as the rest of your very high volume servers. In order to understand where this data is supposed to go, we need to do some housekeeping on our end and that's what control files are for. (The same goes for people living outside the United States...you don't want to have to access a server in Pasadena every time you want to buy a coke in Thailand.) Here's an example of a control file for a person, for a device, and for a service.

That's a quick overview. If you look at the sample XML files you will see a whole lot more depth implied by what is in there. Please do dig into them and we welcome any comments or questions we would love to hear back from you at