Try the all-new QuickBooks Online for FREE.  No credit card required.


Document Sample
CFA Powered By Docstoc
					                  PKI in Australia

                                PKI Forum
               Sydney 2000 Members Meeting

                                    Stephen Wilson
           Chair -- Certification Forum of Australia
Director -- PricewaterhouseCoopers beTRUSTed
                              PKI in Australia

n   Evolution of PKI in Australia
n   What’s hot in PKI?
n   The PKI market
n   Certification Forum of Australia
n   Towards a national PKI

                                       PKI Forum Sydney 2000
                                       Evolution of PKI in Australia
                      Standards Australia
PKAF Report                                 AS4539 PKAF
                                                 Project Gatekeeper
                   Gatekeeper Report           First CAs        Gatekeeper 2

                                                  Law reform
                A-G’s Expert Group                    ETA               States

                                                           Certification Forum

                               Non Govt PKI Model                Unified model
              “Light touch” PKI policy           Research Projects

     1996          1997         1998           1999            2000           2001
                                                                      PKI Forum Sydney 2000
                                         What’s hot in PKI?
n   Internet transaction value -- and risk -- on the rise
n   Applications: corporate banking, health, govt services
n   Non-value transactions
    n   corporate & taxation reporting
    n   online healthcare
    n   superannuation, conveyancing
n   Communities of Interest; certificate policy customisation
n   Mutual recognition rather than cross certification

                                                    PKI Forum Sydney 2000
    Characterising the Australian PKI environment

n   Light touch politics & regulatory settings (UNCITRAL)
n   Strong Internet & e-commerce uptake
n   Strong history of e-security technology companies
n   Government a vigorous PKI user and regulator (Gatekeeper)
n   Increasing latent demand for authentication
n   But historically difficult to crystalise PKI business case

                                                     PKI Forum Sydney 2000
                      PKI market highlights in Australia

n   Australian Tax Office certificates for GST returns
    n 300,000 certs issued; 20-40,000 used
    n leading to general purpose govt endorsed Australian Business
     Certificate (see
n   Finance sector experience
    n   National Australia Bank retail Internet banking
    n   Australian Stock Exchange block trading system
    n   Identrus (three of the four majors joined up)

                                                          PKI Forum Sydney 2000
        PKI market highlights in Australia (cont.)

n   Government services delivery
    n   Australia Securities & Investment Commission (live)
    n   Electronic Conveyancing Victoria (planned)
n   HealthConnect national health network
    n   PKI central to practitioner & patient identifiers
    n   see

                                                        PKI Forum Sydney 2000
               The Certification Forum of Australia
n   Pre-eminent authentication sector industry group
    n   lobbying & position papers
    n   awareness & education
    n   Code of Practice & control model
    n   represent PKI on the NEAC
n   40+ members
    n   PKI services and vendors
    n   users & user groups
    n   governments
    n   lawyers, auditors, insurers
                                             PKI Forum Sydney 2000
                 The CFA model: audit-based PKI
                  Accreditation Body                Accreditation
                  Body ISO/IEC                      Body ISO/IEC
                               Guides                         Guides
           Auditor                            Auditor
                      AS/NZS                        e.g. AS
                       4444                           4539
    Supplier                         CA
           Security                           CP
 Goods     System                Alice
   or                             CA

                                                        PKI Forum Sydney 2000
       Advantages of audit-based PKI

n   Light touch; no legislation needed
n   Industry-based yet highly trusted
n   Utilises existing bodies & processes
n   Transparent liability for all types of CA
n   Demystifies the role of Root CA
n   Supports fitness for purpose

                                            PKI Forum Sydney 2000
                               Independent NEAC review
[We] can expect that it will soon become normal practice for every
  electronic business system … to undergo regular audits of
  compliance with legal and regulatory requirements ...
there will be considerable demand for an accreditation framework for
   electronic authentication products and services, driven by the
   need for businesses to assure their information systems and
   processes in the emerging climate of electronic business
there is already a general framework for certifying appropriate
   auditors and development of appropriate audit standards

n   NEAC now proposing a joint Gatekeeper-CFA national model
                                                         PKI Forum Sydney 2000
                           PKI as communities of interest

                       Doctors                     Bank 1
Australian PKI
Accreditation                     Nurses
Body              Health sector
                                                   Bank 2           Auditor A
               ABN-DSC CA
                                     Auditor B
                                                 Bank 3
      Gatekeeper Auditor                                     Identrus

                                                          PKI Forum Sydney 2000
                                       Discussion (look for CFA under “Groups”)

                                         PKI Forum Sydney 2000

Shared By: