sayI: Trusted User Authentication at Internet Scale

With Internet-scale user authentication, an organization authenticates users with which it has no prior association. Of necessity, the organization must rely on third parties, which make up the authentication infrastructure and can vouch for these users. These third parties are trusted. And since different organizations have different adversaries and different security needs, it is up to the organization to determine which third parties to trust. Unfortunately authentication infrastructures which meet the above trust requirements have been inefficient, suffering from high latency, excessive bandwidth, and high CPU load. These inefficiencies significantly impede wide-scale deployment. We introduce sayI, a Public-Key based authentication Infrastructure (PKI). It is the first PKI which is efficient at Internet scale and enables organizations to determine their risk from third parties. It protects privacy and provides security. It is designed to minimize bandwidth and latency through a careful and novel integration of authorization and authentication. In sayI, irrelevant certificates do not negatively impact performance. An Internet user authentication is guaranteed to complete in a single Internet round trip, significantly faster than alternative authentication infrastructures.