全球電子商務PKI發展應用趨勢
何鈺威
michaelho@hitrust.com.tw
Agenda
Building a Trust Foundation for eCommerce
Securing your Applications
• Web Applications: B2B, B2C eCommerce
• Messaging: Secure business communications
• Virtual Private Networks: Remote access, site to site
• Smart Card Integration options
• Financial Applications: Indentrus
• Wireless Applications: Secure contents delivery & payment
Security is Front Page News
電子商務障礙調查─安全課題
國內大型企業所面臨之十大課題
Source:
1999年全球電子商務
阻礙與困境問卷調查
─ 台灣地區
CommerceNet Taiwan
Cnt@nii.org.tw
國內零售商所面臨之十大課題
Enabling Global E-Commerce
Consumers
Websites
Industry
Groups
Customers,
Suppliers Public
Internet
Employees
Extranet
Privacy & Security
Intranet Privilege & Integrity
Identity & Authority
Four Networks to Secure
Intranet - Remote Access
• Remote User Dial-in to Internal Network
• Remote Access Service Replacement
Intranet - Site to Site
• Corporate Branch to Corporate Branch
• Internal Network Communication – Extranet
• Router to Router, or Router to Switch, Switch to Switch
Extranet – Site to Site
• Supplier to Business Partner Communication
• Suppliers, Partners, Distributors, Affiliates, etc.
Internet – eCommerce
• Consumers to Supplier Commerce
Security Infrastructure
Policy & Authentication Secure
Practices Infrastructure
PKI Software Performance
Application & Hardware & Availability
Enabler
Risk and Liability Consulting User Support
Management
Software is only one component of the PKI solution!
End to End Trust Services
Design Security Practices
• Needs Analysis/Identification • PKI Security & Liability Policy
• Solution Design/Architecture Review, Development,
• Design Validation Documentation
• Implementation Planning • Certificate Policy Statements
Review, Development,
• Technical Configuration Documentation
• Communications Planning • Local Law/CA Compliance Analysis
Implementation Operations Support
• Full Suite of Trust Services • Service Level Agreements
• Installation • Multi-Level Customer Support
• Project Management Options
• Applications Deployment • On line Knowledge Data Base
• Legacy Applications Integration • IT CA Management Training
• RA Administrator Training
• Developer/Application Training
• 24x7 Infrastructure
The Global PKI Services
• Policy & Authentication
– Must define global policy for the public at
large
– Must define authentication process for
the public at large
– Trusted employees to authenticate
customers
• User Support & Availability
– 24x7 profession customer service staff
required
– 24x7 service availability
• Risk and Liability
– Consumer and business fraud
• Software and Hardware
– Disaster recovery, redundancy required
– Must support all popular applications.
– Embedded root keys necessary
PKI Components
DATAM O N ITO R
PKI Solutions Growth
PKI Products & Services,
PKI services Datamonitor
Maintenance
DATAM O N ITO R
11% 641 million US$, 1999
5%
PKI services
Products
16% Professional System 36%
Services Integration
Maintenance 22% 26%
6%
PKI Products
& Services,
Professional Datamonitor
Services System Products
Integration
2,595 million US$,
16% 38%
24% 2002
Symmetric “Secret Key” Encryption
• Same Secret Key & Algorithm to Encrypt & Decrypt
• Examples are DES (Data Encryption Standard) and IDEA
(International Data Encryption Algorithm)
Transaction Transaction
Email Message Email Message
Electronic Contract Electronic Contract
Web Banking Ciphertext Ciphertext Web Banking
The Web server certificate market The Web server certificate market
has been a successful launching fG%d&(*(&*(^)(*^^*&^&^%&^R fG%d&(*(&*(^)(*^^*&^&^%&^R has been a successful launching
point for VeriSign, which currently %&^$%^$&^$*%(*^)(*&)(*&_(^ %&^$%^$&^$*%(*^)(*&)(*&_(^ point for VeriSign, which currently
Destination
dominates the Web server E#$#@$@!!@$#^%$$%#@$# E#$#@$@!!@$#^%$$%#@$# dominates the Web server
certificate business. @$#$%#@$@$%#@$%#^%$ @$#$%#@$@$%#@$%#^%$ certificate business.
Source
#@#^$#@#$%#fG%d&(*(&*(^) #@#^$#@#$%#fG%d&(*(&*(^)
The only significant direct (*^^*&^&^%&^R%&^$%^$&^$* (*^^*&^&^%&^R%&^$%^$&^$* The only significant direct
competitor has been South Africa %(*^)(*&)(*&_(^E#$#@$@!!@ %(*^)(*&)(*&_(^E#$#@$@!!@ competitor has been South Africa
based Thawte Consulting, which $#^%$$%#@$#@$#$%#@$ $#^%$$%#@$#@$#$%#@$ based Thawte Consulting, which
@$%#@$%#^%$#@#^$#@#$ @$%#@$%#^%$#@#^$#@#$
Internet
VeriSign acquired in February VeriSign acquired in February
2000.. %#fG%d&(*(&*(^)(*^^*&^&^%& %#fG%d&(*(&*(^)(*^^*&^&^%& 2000..
^R%&^$%^$&^$*%(*^)(*&)(*& ^R%&^$%^$&^$*%(*^)(*&)(*&
According to Dataquest (July _(^E#$#@$@!!@$#^%$$%#@ _(^E#$#@$@!!@$#^%$$%#@ According to Dataquest (July
1999), market share is split: $#@$#$%#@$@$%#@$%#^ $#@$#$%#@$@$%#@$%#^ 1999), market share is split:
VeriSign (77%); Thawte (11%); %$#@#^$#@#$%# %$#@#^$#@#$%# VeriSign (77%); Thawte (11%);
CyberTrust (1%); Others (11%). &(*(&*(^)(*^^*&^&^%&^R%&^$ &(*(&*(^)(*^^*&^&^%&^R%&^$ CyberTrust (1%); Others (11%).
With its acquisition of Thawte, %^$&^$*%(*^)(*&)(*&_(^E#$# %^$&^$*%(*^)(*&)(*&_(^E#$# With its acquisition of Thawte,
VeriSign has captured more than @$@!!@$#^%$$%#@$#@$# @$@!!@$#^%$$%#@$#@$# VeriSign has captured more than
80% of the SSL Web server $%#@$@$%#@$%#^%$#@# $%#@$@$%#@$%#^%$#@# 80% of the SSL Web server
Encrypt Decrypt
certificate market. ^$#@#$%#fG ^$#@#$%#fG certificate market.
with with
Secret Secret
Key Key
Asymmetric - Public Key Encryption
• Uses Two Keys, Public to Encrypt and Private to
Decrypt
• Examples are RSA (Rivest, Shamir and Adleman), PGP (Pretty
Good Privacy), and DSA (Digital Signature Algorithm)
• The two
Transaction keys are mathematically linked. Both keys must be used
Transaction
Email Message Email Message
Electronic Contract Electronic Contract
Web Banking Ciphertext Ciphertext Web Banking
The Web server certificate market The Web server certificate market
has been a successful launching fG%d&(*(&*(^)(*^^*&^&^%&^R fG%d&(*(&*(^)(*^^*&^&^%&^R has been a successful launching
point for VeriSign, which currently %&^$%^$&^$*%(*^)(*&)(*&_(^ %&^$%^$&^$*%(*^)(*&)(*&_(^ point for VeriSign, which currently
Destination
dominates the Web server E#$#@$@!!@$#^%$$%#@$# E#$#@$@!!@$#^%$$%#@$# dominates the Web server
certificate business. @$#$%#@$@$%#@$%#^%$ @$#$%#@$@$%#@$%#^%$ certificate business.
Source
#@#^$#@#$%#fG%d&(*(&*(^) #@#^$#@#$%#fG%d&(*(&*(^)
The only significant direct (*^^*&^&^%&^R%&^$%^$&^$* (*^^*&^&^%&^R%&^$%^$&^$* The only significant direct
competitor has been South Africa %(*^)(*&)(*&_(^E#$#@$@!!@ %(*^)(*&)(*&_(^E#$#@$@!!@ competitor has been South Africa
based Thawte Consulting, which $#^%$$%#@$#@$#$%#@$ $#^%$$%#@$#@$#$%#@$ based Thawte Consulting, which
@$%#@$%#^%$#@#^$#@#$ @$%#@$%#^%$#@#^$#@#$
Internet
VeriSign acquired in February VeriSign acquired in February
2000.. %#fG%d&(*(&*(^)(*^^*&^&^%& %#fG%d&(*(&*(^)(*^^*&^&^%& 2000..
^R%&^$%^$&^$*%(*^)(*&)(*& ^R%&^$%^$&^$*%(*^)(*&)(*&
According to Dataquest (July _(^E#$#@$@!!@$#^%$$%#@ _(^E#$#@$@!!@$#^%$$%#@ According to Dataquest (July
1999), market share is split: $#@$#$%#@$@$%#@$%#^ $#@$#$%#@$@$%#@$%#^ 1999), market share is split:
VeriSign (77%); Thawte (11%); %$#@#^$#@#$%# %$#@#^$#@#$%# VeriSign (77%); Thawte (11%);
CyberTrust (1%); Others (11%). &(*(&*(^)(*^^*&^&^%&^R%&^$ &(*(&*(^)(*^^*&^&^%&^R%&^$ CyberTrust (1%); Others (11%).
With its acquisition of Thawte, %^$&^$*%(*^)(*&)(*&_(^E#$# %^$&^$*%(*^)(*&)(*&_(^E#$# With its acquisition of Thawte,
VeriSign has captured more than @$@!!@$#^%$$%#@$#@$# @$@!!@$#^%$$%#@$#@$# VeriSign has captured more than
80% of the SSL Web server $%#@$@$%#@$%#^%$#@# $%#@$@$%#@$%#^%$#@# 80% of the SSL Web server
^$#@#$%#fG ^$#@#$%#fG
Encrypt Decrypt
certificate market. certificate market.
with with
Public Key of Private Key of
Destination Destination
Public Key Encryption - Signing
• Uses Two Keys, Private to Encrypt message digest and
Public to Decrypt
• The two keys are mathematically linked. Both keys must be used
Transaction
Email Message
Electronic Contract Compare
Web Banking Message & d&(*(&*(^)(*^^*&^&^%&^R%&^$
%^$&^$*%(*^)(*&)(*&_(^E#$#@$
%#fG%d&(*(&*(^)(*^^*&^&^%&^ to ensure
Encrypted Message
Hash
The Web server certificate market
Digest Integrity
has been a successful launching
point for VeriSign, which currently
dominates the Web server
certificate business.
Source
The only significant direct The Web server certificate market
competitor has been South Africa The Web server certificate market
has been a successful launching
Destination
based Thawte Consulting, which has been a successful launching
point for VeriSign, which currently point for VeriSign, which currently
VeriSign acquired in February dominates the Web server
2000.. dominates the Web server
certificate business. certificate business.
According to Dataquest (July
1999), market share is split:
Encrypt The only significant direct
competitor has been South Africa
The only significant direct
competitor has been South Africa Decrypt
with Private
VeriSign (77%); Thawte (11%);
with Public
based Thawte Consulting, which based Thawte Consulting, which
CyberTrust (1%); Others (11%). VeriSign acquired in February
With its acquisition of Thawte, VeriSign acquired in February
Internet
2000.. 2000..
VeriSign has captured more than
Key of Key of
80% of the SSL Web server According to Dataquest (July
certificate market. According to Dataquest (July
1999), market share is split: 1999), market share is split:
VeriSign (77%); Thawte (11%);
Source
VeriSign (77%); Thawte (11%);
Hash Source
CyberTrust (1%); Others (11%). CyberTrust (1%); Others (11%).
With its acquisition of Thawte, With its acquisition of Thawte,
VeriSign has captured more than VeriSign has captured more than
80% of the SSL Web server 80% of the SSL Web server
certificate market. certificate market.
d&(*(&*(^)(*^^*&^&^%&^R%&^$ fG%d&(*(&*(^)(*^^*&^&^%&^R d&(*(&*(^)(*^^*&^&^%&^R%&^$
fG%d&(*(&*(^)(*^^*&^&^%&^R
%^$&^$*%(*^)(*&)(*&_(^E#$#@$ %&^$%^$&^$*%(*^)(*&)(*&_(^ %^$&^$*%(*^)(*&)(*&_(^E#$#@$
%&^$%^$&^$*%(*^)(*&)(*&_(^
%#fG%d&(*(&*(^)(*^^*&^&^%&^ E\)*)*&)(*&))(*YTR%$^%#$# %#fG%d&(*(&*(^)(*^^*&^&^%&^
E\)*)*&)(*&))(*YTR%$^%#$#
Message Digest
Online Authentication
"On the Internet,
…or a Teacher,
Nobody Knows You're a Dog…"
…or a Physician,
…or a Supplier,
…or a Child!
Digital Certificates
Electronic Credentials
• Tamper-proof ID and signature
Issued by Certification
Authority
• Public or private communities
Makes security protocols
work
• SSL, S/MIME, IPSec
Digital ID • Identity, privacy, legal recourse
Significant industry adoption
• Technology leaders
• Internet merchants
• Financial service firms
數位憑證申請流程
企業 認證中心 HiTRUST
自動安裝
數位憑證
Internet Internet
個人資料+Public Key
網路用戶 產製數位憑證
OK!
網路註冊
個人資料 自動核驗申請人資料 公告數位憑證
申請服務帳號
Global Directory
企業端
We've Got The Tools
Physical World Digital World
Encryption
Digital Certificate
Digital Signature
Digital Receipt
Directories
E-Commerce Enabler
Data Secure E-commerce VPN Web
Access Messaging Transactions Gateway ERP
Browsers E-mail Servers Routers Directory
VeriSign Trust Backbone
Communications Network (Internet)
Critical Internet Services Lifecycle
Network Solutions VeriSign
Authen-
Registrar Registry DNS tication Payment Validation
Trust Infrastructure
End-to-End Services
Today Today Today
• Domain names • Address distribution • Multiple types
• Web presence Tomorrow • Multiple processors
• Name management • DNS hosting • Application services
Tomorrow • Int’l DNS Tomorrow
• Data services • Secure DNS • Int’l support
• New name types • Geo-location services • Risk management
Network Solutions / VeriSign
Authen-
Registrar Registry DNS tication Payment Validation
Today Today Today
• All .com and .net • Digital certificates • Digital notarization
• Shared registration • Application services • Digital records
Tomorrow Tomorrow Tomorrow
• Registry hosting • User roaming • XML receipts
• New Registrar tools • Authorization service • Archive services
• XML certificates
Securing your Applications
VeriSign Infrastructure eases
deployment and scalability
High availability data centers
• Redundant ISPs, hardware, software, power
• Disaster Recovery HotSite
• VTN Processing Centers->Economies of Scale
Proven scalability to millions
• Largest number of CAs in world
• Software can be replicated as necessary for
redundancy, throughput
24 x 7 Customer Support Center
• 3-shift professional customer support team
• 24x7 online help-desk, largest PKI
KnowledgeDB
Maximum security facilities
• Multi-tier security, biometrics, intrusion
detection, fireproof safes, fortified construction
• DOD guidelines for secure facilities
Binding Service Level Contracts
• For largest CAs in the world
PKI Services Delivered via High
Availability Data Centers
Enterprise
Customer
VeriSign Data Center Affiliate
Registration Sites
Servers
Authentication
Certificate
Management
Servers
Repository
Status
Server
Disaster
Key Manager Recovery
Servers Directory
Server Signing Master
dB
Admin Time-
stamping Slave dB
Support
Server
Key Recovery
Servers
Deployed Globally
Europe
TrustWise
Germany Greece Iceland Italy Ireland France UK Sweden
Canada Computer
Communications
Systems Megaplex
Poland Scandinavia Spain Germany Netherlands Netherlands Portugal
Canada Quebec
Middle East Asia - Pacific
PT Trust Philippines
Israel Egypt Kuwait
South America South Africa Korea Japan HK
iTrus
Argentina Brazil India Taiwan China
Netsure Netsure
Holdings Holdings
Australia Thailand China
Enterprise PKI Services Platform
VeriSign OnSite
VeriSign Onsite PKI Services
Managed trust service
24x7 Certificate “utility”
Cost and time advantage
Consulting and implementation
“We continue to believe that PKI is better delivered on a
service based model. Running your own system on a
software based PKI remains a more expensive and
difficult method of delivery”
(Financial Times/CSFB – 6/12/01)
Provides Full Control and
Customization
VeriSign OnSite PKI Services
Control over CA setup
• Public vs. private hierarchy, certificate liability, usage
Control over certificate content
• Custom extensions - job title, mail stop, location, user
name, …
Control over who gets certificates
• Approve or reject each applicant individually (manually or
programmatically)
Control over enrollment appearance
• Look and feel of all user functions
Strategy Into Technology
VeriSign OnSite
MS Exchange
Training, Technical/Practices Consulting
Go Secure!
CheckPoint
Web Apps
Lotus R5
Identrus
Application
VPNs
Integration
Services
Extended • Key Management • OCSP
Services • Premium Revocation • Roaming Service
• Secure Facilities • CA/RA Functions
• Crypto Functions •Automatic Administration
Core • Certs for Servers • Cert Revocation Cert
Services • Certs for Clients / IPSec •Renewal
Secure Web Applications
Today’s Internet:
Extending Critical Business Functions
Growing customer base by increasing functionality
and differentiation, yet simplifying complexity
Lower costs on existing operations, transactions and
customer acquisition
24X7 self-service and transactions for increased
customer satisfaction and revenue
Risk assessment: Complex transactions and
scalability require Public Key Infrastructure (PKI)
Secure Extranet Requirements
Two-way authentication
• Client and server
certificates
Binding transactions
• Digital signatures Onsite GoSecure! For Web
Easy to deploy and support Apps
• Application / platform Personal Trust Agent (client and
server components)
integration Digital Signature Platform
Easy to use Certificate Parsing Module
• End user experience Certificate Validation Module
Password Migration
Full Documentation
Secure Extranet Architecture
Client Certificate, PTA
SSL encrypted
channel
Browser Web Server Application Data
Certificate
Validation Application Integration
Certificate Parsing
Access Control Logic
Directory Integration
Authentication
Directory / Database
Case Study: TI Extranet
Distributor Information Portal
SSL with OnSite-issued certificates
Other Extranet
Applications
Browser Web Server
• Objective: Give partners secure extranet access to SAP R/3
Application
SAP R/3
Database
product information, sales data, and transactions. Server
• Results: Streamlined process saves time and
improves accuracy, resulting in increased profit.
Case Study: 證券交易網路下單
客戶下單驗簽流程示意圖
交易登入 網路下單 確認交易內容 完成
簽章及核驗
Secure Messaging
Go Secure! for Messaging
Enterprise-class secure messaging
• Built on industry-standard S/MIME
• Easy to install and use
• Transparent extranet interoperability
• VeriSign Trust Network
Seamless integration with leading vendors
• Microsoft Exchange
• Lotus Notes R5
Go Secure! for Exchange
Rapidly integrate and deploy secure messaging with
Microsoft Exchange
Core PKI services plus:
• Administrator Implementation Guide
• End User Tutorial
• Directory Integration
Optional Key Management / Recovery Service
• Available with Enterprise OnSite or Single Application OnSite
Go Secure!
for Microsoft Exchange
MS Exchange Server
Directory Service
GAL
Encryption Certs
4) Certificate published in
directory 2) User authenticated
Outlook client (NT credentials)
3) Certificate generated
Certificate
1) Cert Request Cert Enroll AutoAuth Processing
Key Manager
Comparison
Go Secure!
for Exchange Proprietary PKI
Works natively with Requires separate
Directory Exchange directory directory
End-User Client Outlook 98 or 2000 Proprietary client
Requirements native integration required
Key Management Single or Dual Key Dual Key Only
(both support (limits
Options non-repudiation) interoperability)
Extranet Global Very Limited
Interoperability (leverages VTN) Scalability
Go Secure! Services
for Lotus Notes R5
Notes Administrator
1) Notes Admin
Lotus Notes R5 Server
generates pins, adds Domino Directory
them to the NAB and
Emails users
NAB
Pins
Encryption Certs
3) User
Notes R5 client authenticated
4) Certificate issued & Published VeriSign
Certificate
Local Auto-Auth Processing
2) Cert Enrollment Hosting
Request
Key Manager
Domino Server
Other Applications and Benefits
Secure email delivery
• Disclosure updates
• Trade confirmation
• Statement
Streamline and automate business
processes
• Loan approval, insurance, …
Customer Support
• Non-repudiation: Avoid customer disputes
• Cost reduction: Gartner Group reported a
company with 2,500 desktops can spend more
than $850,000 a year re-setting passwords
Fraud Reduction
Banco do Brazil Case Study
Objective:
• Achieve fully secure and reliable online transactions for the bank and
its customers to reduce average transaction cost
• Manage internet and internal fraud to ensure non-repudiation of
transactions
Problems
• Cumbersome and customer unfriendly security system
• Compete with ebanks
Solutions
• VeriSign OnSite managed services for certificate issuance
• Use digital signatures and encryption to allow more types of
transactions to be done online
Results
• Time to market and reliable / scalable platform
• More services available online dramatically reduces the average cost
per transaction
• Increased customer conversion -- currently serving 1.2 million
customers
Securities and Exchange Commission
“SEC” Case Study
Objective:
• To enable filers at public companies to easily and cost effectively
submit required financial documents securely to the SEC
• Make this service available over the Internet instead of a private
dial-in network
Problems
• Reduce network and support cost of a private dial-in network
• How to pass the cost of certificates to the companies
Solutions
• VeriSign OnSite managed certificate services
• VeriSign payment switch to accept credit card payment
Results
• Saving $150,000 every month
• Authentication and data integrity
• Rapid deployment
Identrus Services
What is Identrus?
Identrus, formed by global financial
institutions, provides a framework for banks
to operate as trusted third parties for e-
commerce transactions.
• Technical specifications for interoperability
• Business agreements and legal framework
• Clear dispute resolution process
Identrus mandate the use of PKI and smart
cards as their minimum security requirement
The “Four Corner” model
Certificate Identrus, LLC Certificate
Validation Validation
Real Time
Certificate/Identity
and Credit
Validation
Bank One Bank Two
RFP
Prospective
Merchant
Buyer
Response
Identrus System Components
Identrus Root
Certificate Authority
Issuing Acquiring
Financial Institution Financial Institution
OCSP Responder OCSP Responder
& Repository & Repository
Risk Management Risk Management
Certificate Module Module Certificate
Authority Authority
Transaction Transaction
Coordinator Coordinator
Client App Business to Business DSMS
Purchasing Interactions B2B Portal
Manager (Relying Party)
(Certificate Holder)
Trust Domain Trust Domain
Seamless Integration
Identrus Root
Certificate Authority
Issuing Acquiring
Financial Institution Financial Institution
OCSP Responder OCSP Responder
& Repository & Repository
Risk Management Risk Management
Certificate Module Module Certificate
Authority Authority
Transaction Transaction
Coordinator Coordinator
Client App Business to Business DSMS
Purchasing Interactions B2B Portal
Manager (Relying Party)
(Certificate Holder)
Trust Domain Trust Domain
Identrus Value to the Market and FIs
Standard specifications to support inter-operability
among banks, entities and customers
Extend services and re-intermediate the banks with their
customers
• "We needed to provide more value in the front end of
the trading chain so customers can engage us earlier
in the process, for example, in supporting trade
negotiations, forging agreements, and then arranging
for payment electronically." Peter Chiu, CIBC
Propel the use of digital certificate for authentication and
non-repudiation
Lay foundation for online b2b payments
Provide trust and confidence for online transactions
Identrus Participants
World’s Major Banks!
ABBEY NATIONAL PLC (UK)
ABN AMRO (Netherlands) DRESDNER BANK (Germany)
AIB Group (Ireland) HONG KONG SHANGHAI BANKING GROUP (UK)
AUSTRALIA NEW ZEALAND BANK (Australia) HYPOVEREINSBANK (Germany)
Banco Sabadell (Spain) INDUSTRIAL BANK OF JAPAN (Japan)
BANCO SANTANDER CENTRAL HISPANO (Spain) ING GROUP (Netherlands)
Banesto (Spain) LLOYDS TSB (UK)
BANK OF AMERICA (United States) MERITA NORDBANKEN UNIBANK (Finland)
BANK OF SCOTLAND (UK) NATIONAL AUSTRALIA BANK (Australia)
Bank of Ireland (Ireland) ROYAL BANK OF CANADA (Canada)
BANK OF TOKYO-MITSUBISHI (Japan) ROYAL BANK OF SCOTLAND (UK)
BARCLAYS (UK) SANWA BANK (Japan)
BBVA (Spain) SCOTIA BANK (Canada)
BNP PARIBAS (France) SEB BANK (Sweden)
CHASE (United States) SOCIETE GENERALE (France)
CIBC (Canada) SUMITOMO/SAKURA (Japan)
CITIBANK (United States) THE CO-OPERATIVE BANK (UK)
COMMERZBANK (Germany) The PNC Financial Services Corp (United States)
CREDIT AGRICOLE (France) WELLS FARGO (United States)
Credit Lyonnais (France) WEST LB (Germany)
DEUTSCHE BANK (Germany) WESTPAC (Australia)
Wireless Internet Solution
Overview
World-Wide Trends
Million
Subscribers
1400 Mobile By 2004 there will
1200 Phones be over 1.2bn
mobile phone users
1000
Mobile By 2004 there will
800 be 600m users of
Internet
600 mobile Internet
400 Internet After 2003 there will
be more users of
200
mobile Internet than
0 fixed Internet
1999 2000 2001 2002 2003 2004 2005
Applications
Wireless Trust Services
Financial Institutions Provide the Security for
• Mobile Banking Today’s Advanced
• Mobile Stock Trading Network Applications:
Employee Intranets
• Access to secure intranet web sites
• Digitally signing emails in same way as wired
Internet
B2C eCommerce
• Movies & Restaurant Reservations and
Payment
• Hotel & Airline Reservations and Payment
B2B eCommerce
• Approval for Transactions
The Internet: The Early Days
Impossible to simply
put paper brochure on
web site
The Internet: Today
Impossible to simply
put web page on
mobile device
Wireless Content Delivery Platform
Partnership with Air2web
Authentication Drives Secure
Transactions
Server Digital
Certificate
Paul Healy
My Mobile
Client Digital
Certificate
Secure Content Delivery
Secure TLS connection
Content Enterprise
Delivery Email
server
Secure WTLS connection
Enterprise
WAP
Databases
Gateway
Payment Processing for
One-Click Transactions
My Mobile Payment Existing Payments
Gateway Network
Profile
Management
Wireless Payment Services
Server based wallet
• Stores credit card, purchase card & bank
information
• Stores address & contact details of user
• Stored value wallet for micro payments
Accepts a range of payment types
• Credit card
• Purchase card
• Bank transfers
• Stored wallet micro payments
• Payments using cell phone bill
VeriSign’s Wireless Internet Platform
VeriSign Wireless Internet Platform
Hertz.com
UAL.com
Content delivery Payments
UPS.com
End users
PKI WebNums
Content providers
Agenda
Building a Security and Trust Foundation
Securing your Applications
• Web Applications: B2B, B2C eCommerce
• Messaging: Secure business communications
• Virtual Private Networks: Remote access, site to site
• Smart Card Integration options
• Financial Applications: Indentrus
• Wireless Applications: Secure contents delivery & payment
Thank You!