Docstoc

PKI Forum PKI Benefits Applications

Document Sample
PKI Forum PKI Benefits Applications Powered By Docstoc
					PKI Benefits &
 Applications



             Lisa Pretty
          Executive Director
            PKI Forum
“The  PKI Forum is an international, not-for-
profit, multi-vendor and end-user alliance
whose purpose is to accelerate the adoption
and use of Public-Key Infrastructure (PKI).
The PKI Forum advocates industry
cooperation and market awareness to enable
organizations to understand and exploit the
value of PKI in their e-business
applications.”
            Agenda
 PKI Benefits & Applications
 PKI Technology & Interoperability

 PKI Vendor Panel

 Q&A
  PKI Applications
68%                                                      Web
      62%                                                VPN
                   58%
                                                         E-Mail
                                                         Custom
                                   43%                   ERP




                                                  21%




            Source: Aberdeen Group, PKI Multi-Client Study, December 1999
               PKI Market Forecast, 1997-2003
                   by Revenue Category
               $3,500
                          Maintenance
                          Professional Services
               $3,000     System Integration
                          PKI Services
                          PKI Products
               $2,500
Revenue ($M)




               $2,000



               $1,500



               $1,000



                $500



                  $0
                   1997          1998             1999         2000            2001            2002           2003


                                        Source: Datamonitor, “Public-Key Infrastructure 1999-2003”, December 1999
               The Speakers
 Financial:Sven Hammar – Celo
 Healthcare: Justin Kromelow – Phyve

 Government: Bill Wehrmacher – DataKey

 Europe: Steve Matthews - Netlexis
PKI in the Financial
      Market



            Sven Hammar, CEO
            Celo Communications
  Why PKI in Finance?
 PKI   + Finance = Logical relationship
                       Banks = TRUST…
  –   Take advantage of trust – biggest strength!
  –   PKI proving to become security standard
  –   Online transactions require security
  –   Manage risk
  –   Vital to embrace new technology
  –   Can afford to be one step ahead
  –   Customer loyalty
  PKI for Customer Loyalty
 Use PKI as customer tool
 Build loyalty relationship with customers

 PKI enables added service offerings:
  –   Online banking
  –   Stock brokerage
  –   Loans
  –   Online payment of bills
             Threats…
 PKI   a new technology
  – Understand value in order to reap benefits
 Leverage   existing brand
  – Image, relationship & Infrastructure
  – PKI enable legacy applications
 Customer   understanding value of PKI
  – Always keep it simple for the customer!
Banks moving fast enough?
 Banks   challenged by “non-banks”
  – Retail industry already “e-savvy”
  – Infrastructure in place
  – Customers in place, worldwide access
 Online   Competition
  – Web Portals, ISPs offer Internet Banking
  – Yahoo, AOL issue certificates…
  – Telco’s – Superior Infrastructure
  PKI Strategy in Finance
 Use   the advantage of TRUST!
  – Work out brand management system
 Create   PKI business alliances
  – Identrus the right path – Global presence
 Think   long term
  – Market landscape is changing fast
 Work    with open standards
  – PKI Forum a step in the right direction
 New revenue opportunities
              A new revenue opportunity
 Certificates;

 Banks can market active certificate list

 These customers are already:
  –   Online
  –   Trusted
  –   Banking/Payment/Credit-Worthy
  –   Early Adaptor Mentality
PKI Applications in Finance
 Digital   Signatures – a vital PKI feature
  – Legally, binding mechanism to digitally sign
    documents and transactions remotely
 U.S   Senate approved the E-signing Law
  – Removes legal barriers for e-business
  – Bill Clinton signed E-Signing bill June 30
  – E-Signing law effective October 1st
Digital Signatures in Finance
   Enables non-repudiation
    – Verify identity of customer
    – Revocation
    – Storage of signatures
   Customer user-friendly
    – Sign online transactions with a single click
    – Sign HTML web forms & contracts
    – Stronger sense of security for customer when
      performing online transactions
Digitally Signed Bank
     Transaction
       Overview
 Smart Cards / USB Tokens
 Smart   Cards as relationship device
  –   Tool to leverage relations to customer
  –   Creates stronger tie to customer
  –   Bank’s brand always present (on card)
  –   Customer offer for higher level of security
 USB    Tokens
  – Competitive option to smart cards
  – PC hardware not yet supporting card readers
         PKI is the Future!
 Predictions  for the overall market are huge.
  Potential in Financial Sector is unlimited!
  – Both IDC and Frost & Sullivan put PKI as one
    of the fastest growing markets in the Internet
    security space in coming years.
  – According to Aberdeen Group, 98% of the
    Global 2000 enterprises will be using PKI
    before 2003.
                Summary
 PKI  and Finance is a marriage made in
  heaven – Logical and obvious relationship
 The Trust issue puts Financial institutions in
  pole position
 Digital signatures enable a stronger position
  on the market as well as with customers
 Keep it simple for the customer!

 Start now – PKI means money!
PKI Benefits in
 Healthcare


          Justin Kromelow
               Phyve.
     Why PKI in Healthcare
 HIPAA

 TCO  maximization objectives
 Adoption and implementation of technical
  standards
 Large diverse, distributed organizations and
  groups of users
                 Benefits
 TheInternet
 Administrative savings
  – Paper vs EDI, Electronic report delivery
 Enhance  information systems delivery plan
 Data mining/disease management

 Cornerstone for data driven efficiency
Contact Information


          Phyve
   2200 Bridge Parkway
  Redwood City, CA 94065
       650-620-5100
  http://www.phyve.com

justin.kromelow@phyve.com
PKI: Your government
  working for you




           W.H.(Bill) Wehrmacher
               Datakey, Inc.
 Not the first, but certainly a
       very public step
  In 1997, Vice President Al Gore published Access
America, a report which outlined actions the Federal
   government is taking to promote the electronic
   delivery of services, and electronic transactions
 between agencies and trading partners, over open
 networks such as the Internet. The report made it
clear that providing a proper security infrastructure
 was essential for electronic transactions to flourish.

                              The Evolving Federal Public Key Infrastructure,
                              CIO (Department of the Treasury)
                              Richard A. Guida
                              Final Draft 4.0, 5-21-2000
What Government Agencies
 State

 U.S.   Government
  – Federal
  – Department of Defense
 International
          State Governments
   Electronic / Digital Signature Law
    – All 50 states have law allowing for the use of digital
      signatures, most of which allow or require PKI.
       • Mandate use of Digital Signatures in inter-government
         communication and commerce
       • Permits use of Digital Signatures elsewhere
    – 43 states have adopted the Uniform Computer
      Information Transactions Act (UCITA) which
      references PKI based digital signatures
      U.S. Government Federal
   Access Certificates for Electronic Commerce (ACES)
     – General Services Administration contract schedule for issuing
       Certificates
     – Potential ACES users’: SSA, EPA, and Dept of Education
     – Three Schedule awardees: ORC (Operational Research Consultants),
       Digital Signature Trust, AT&T
   Smart Access Common Identification
     – GSA contract schedule for issuing PKI smart cards
   Federal PKI
     – hosted by NIST
     – At core of interoperability and cross certification
     – Federal Bridge CA
    U.S. Department of Defense
   DoD Medium-Pilot Assurance PKI
     – Sensitive, but unclassified material
     – 50,000 certificates in use today
   Interim External Certificate Authorities (IECA)
     – IECA program can be trusted by DoD applications
     – Four IECA vendors: ORC (Operational Research Consultants), Digital
       Signature Trust, VeriSign, General Dynamics
   DoD Class 3 PKI
     – CA keys in FIPS 140-1 Level 2 hardware tokens
     – LRA and RA keys in FIPS 140-1 Level 2 smart cards
   Target DoD Class 4 PKI
     – will require smart cards or other tokens for all certificate holders
   DoD Common Access Card
     – Upgrade ID cards to PKI smart cards
           International Law
 43countries have law in place, in draft
 or are actively investigating PKI based
 law for digital signatures or e-
 commerce
 German Digital Signature Law
  – PKI based digital signatures
  – Oldest and most well known
 United  Nations Commission on
  International Trade Law (UNCIRTL)
          Why? Because we must!
   “Business-to-business and business-to-consumer electronic commerce reached
    $43 billion and $8 billion respectively in 1998. Estimates predict that by 2003,
    those totals will exceed $108 billion and $1.3 trillion respectively (Forrester
    Research). This experience suggests that electronic forms of authentication
    which are accepted over the Internet – and which include the use of public key
    technology – be generally accepted as having sufficient legal foundation by the
    transacting parties to allow e-commerce to proceed and grow”
   “In October 1998, Congress enacted the Government Paperwork Elimination Act
    (GPEA, Public Law 105-277) requiring that when practicable, Federal agencies
    by October 2003 accept forms electronically with electronic signatures.”
   “Federal agency efforts have focused on using public key technology for intra-
    agency, interagency, and agency to trading partner transactions. The largest
    potential volume of traffic, and the greatest prospects for service delivery,
    involves transactions with the general public. Recognizing this, and appreciating
    that the best approach to use public key technology with the public is to devise a
    PKI that all agencies can collectively use for that purpose to share the costs of a
    common infrastructure, the General Services Administration began working in
    1996 on an effort called Access Certificates for Electronic Services (ACES).”
             Conclusions
 The  use of Public Key technology within
  Government and business will continue to
  grow at an astounding rate.
 Public Key Infrastructures to provide and
  maintain trust must expand to support the
  the growth of this technology
 Government is leading, and will continue to
  lead, the expansion of PKI technology and
  service
Please feel free to contact me
    W.H.(Bill) Wehrmacher
    Director of Technical Services
    Datakey, Inc.
    bill.wehrmacher@datakey.com

    +1 952 808-2337

    407 West travelers Trail
    Burnsville Minnesota 55337
PKI: A European
  Perspective




           Steve Mathews
              Netlexis
Where is Europe on the PKI
          map?
 Baltimore   Technologies
 UtiMaco

 iD2
 Axenet

 Siemens

 Belsign
 Bull

 and   others ……………………………….
       How about European
          experiences?
 European  Commission R&D funding for
  major security projects since 1991
 European Commission R&D and
  demonstrator funding for PKI projects since
  1995
      A sample of projects
 DIABCARD-3       Smartcard held medical
  records for diabetes and cardiovascular
  diseases – Siemens – Austria, France,
  Germany, Greece
 ISHTAR – secure healthcare telematics –
  R3 (now Entrust), Belgium, France,
  Germany, Greece, Netherlands, UK
            More projects
 TRUSTHEALTH      I + II implementing PKI
 and TTPs in international healthcare
  – I – France, Netherlands, Norway, UK, Sweden
  – II – Belgium, Denmark, France, UK, Sweden
 ICX – international commercial exchange
 for developing PKI supported trade – ICL,
 Shell International, Sweden Post, The Post
 Office
       Commercial actions
 Axenet  announces a CA service for the
  French electronic marketplace in April 98
 Brokat and iD2 integrate PKI and
  smartcards to provide encrypted payments
  systems complying with German digital
  signature law – November 1998
        National examples
 Finnish citizen card and electronic
 identification launched using the Finnish
 Population Register Centre as the CA and
 Helsinki Telephone Corporation as the
 directory. Valid for electronic exchange of
 information for official purposes.
         National examples
 Netherlands Data Protection office working
 with ICL/Fujitsu and others to deliver a PKI
 and smartcard based solution for the
 protection of healthcare information for
 access from and transport over the Internet
      Commercial examples
 Merita Nordbanken – Internet bank using
  PKI and smartcards
 Bankgirot – Giro bank using PKI to support
  Corporate payments system
www.PKIForum.org

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:63
posted:8/8/2011
language:English
pages:43