Скачать презентацию PKI Benefits Applications Lisa Pretty Executive Director Скачать презентацию PKI Benefits Applications Lisa Pretty Executive Director

caf8b42b7eceb5a33b336dad5864f486.ppt

  • Количество слайдов: 43

PKI Benefits & Applications Lisa Pretty Executive Director December 1999 PKI Forum Overview PKI Benefits & Applications Lisa Pretty Executive Director December 1999 PKI Forum Overview

PKI Forum “The PKI Forum is an international, not-forprofit, multi-vendor and end-user alliance whose PKI Forum “The PKI Forum is an international, not-forprofit, multi-vendor and end-user alliance whose purpose is to accelerate the adoption and use of Public-Key Infrastructure (PKI). The PKI Forum advocates industry cooperation and market awareness to enable organizations to understand exploit the value of PKI in their e-business applications. ”

Agenda u PKI Benefits & Applications u PKI Technology & Interoperability u PKI Vendor Agenda u PKI Benefits & Applications u PKI Technology & Interoperability u PKI Vendor Panel u Q&A

PKI Applications Source: Aberdeen Group, PKI Multi-Client Study, December 1999 PKI Applications Source: Aberdeen Group, PKI Multi-Client Study, December 1999

PKI Market Forecast, 1997 -2003 by Revenue Category Source: Datamonitor, “Public-Key Infrastructure 1999 -2003”, PKI Market Forecast, 1997 -2003 by Revenue Category Source: Datamonitor, “Public-Key Infrastructure 1999 -2003”, December 1999

The Speakers u Financial: Sven Hammar – Celo u Healthcare: Justin Kromelow – Phyve The Speakers u Financial: Sven Hammar – Celo u Healthcare: Justin Kromelow – Phyve u Government: Bill Wehrmacher – Data. Key u Europe: Steve Matthews - Netlexis

PKI in the Financial Market Sven Hammar, CEO Celo Communications December 1999 PKI Forum PKI in the Financial Market Sven Hammar, CEO Celo Communications December 1999 PKI Forum Overview

Why PKI in Finance? u PKI + Finance = Logical relationship Banks = TRUST… Why PKI in Finance? u PKI + Finance = Logical relationship Banks = TRUST… – Take advantage of trust – biggest strength! – PKI proving to become security standard – Online transactions require security – Manage risk – Vital to embrace new technology – Can afford to be one step ahead – Customer loyalty

PKI for Customer Loyalty u Use PKI as customer tool u Build loyalty relationship PKI for Customer Loyalty u Use PKI as customer tool u Build loyalty relationship with customers u PKI enables added service offerings: – Online banking – Stock brokerage – Loans – Online payment of bills

Threats… u PKI a new technology – Understand value in order to reap benefits Threats… u PKI a new technology – Understand value in order to reap benefits u Leverage existing brand – Image, relationship & Infrastructure – PKI enable legacy applications u Customer understanding value of PKI – Always keep it simple for the customer!

Banks moving fast enough? u Banks challenged by “non-banks” – Retail industry already “e-savvy” Banks moving fast enough? u Banks challenged by “non-banks” – Retail industry already “e-savvy” – Infrastructure in place – Customers in place, worldwide access u Online Competition – Web Portals, ISPs offer Internet Banking – Yahoo, AOL issue certificates… – Telco’s – Superior Infrastructure

PKI Strategy in Finance u Use the advantage of TRUST! – Work out brand PKI Strategy in Finance u Use the advantage of TRUST! – Work out brand management system u Create PKI business alliances – Identrus the right path – Global presence u Think long term – Market landscape is changing fast u Work with open standards – PKI Forum a step in the right direction

New revenue opportunities u Certificates; A new revenue opportunity u Banks can market active New revenue opportunities u Certificates; A new revenue opportunity u Banks can market active certificate list u These customers are already: – Online – Trusted – Banking/Payment/Credit-Worthy – Early Adaptor Mentality

PKI Applications in Finance u Digital Signatures – a vital PKI feature – Legally, PKI Applications in Finance u Digital Signatures – a vital PKI feature – Legally, binding mechanism to digitally sign documents and transactions remotely u U. S Senate approved the E-signing Law – Removes legal barriers for e-business – Bill Clinton signed E-Signing bill June 30 – E-Signing law effective October 1 st

Digital Signatures in Finance u Enables non-repudiation – Verify identity of customer – Revocation Digital Signatures in Finance u Enables non-repudiation – Verify identity of customer – Revocation – Storage of signatures u Customer user-friendly – Sign online transactions with a single click – Sign HTML web forms & contracts – Stronger sense of security for customer when performing online transactions

Digitally Signed Bank Transaction u Overview Digitally Signed Bank Transaction u Overview

Smart Cards / USB Tokens u Smart Cards as relationship device – Tool to Smart Cards / USB Tokens u Smart Cards as relationship device – Tool to leverage relations to customer – Creates stronger tie to customer – Bank’s brand always present (on card) – Customer offer for higher level of security u USB Tokens – Competitive option to smart cards – PC hardware not yet supporting card readers

PKI is the Future! u Predictions for the overall market are huge. Potential in PKI is the Future! u Predictions for the overall market are huge. Potential in Financial Sector is unlimited! – Both IDC and Frost & Sullivan put PKI as one of the fastest growing markets in the Internet security space in coming years. – According to Aberdeen Group, 98% of the Global 2000 enterprises will be using PKI before 2003.

Summary u PKI and Finance is a marriage made in heaven – Logical and Summary u PKI and Finance is a marriage made in heaven – Logical and obvious relationship u The Trust issue puts Financial institutions in pole position u Digital signatures enable a stronger position on the market as well as with customers u Keep it simple for the customer! u Start now – PKI means money!

PKI Benefits in Healthcare Justin Kromelow Phyve. December 1999 PKI Forum Overview PKI Benefits in Healthcare Justin Kromelow Phyve. December 1999 PKI Forum Overview

Why PKI in Healthcare u HIPAA u TCO maximization objectives u Adoption and implementation Why PKI in Healthcare u HIPAA u TCO maximization objectives u Adoption and implementation of technical standards u Large diverse, distributed organizations and groups of users

Benefits u The Internet u Administrative savings – Paper vs EDI, Electronic report delivery Benefits u The Internet u Administrative savings – Paper vs EDI, Electronic report delivery u Enhance information systems delivery plan u Data mining/disease management u Cornerstone for data driven efficiency

Contact Information Phyve 2200 Bridge Parkway Redwood City, CA 94065 650 -620 -5100 http: Contact Information Phyve 2200 Bridge Parkway Redwood City, CA 94065 650 -620 -5100 http: //www. phyve. com justin. kromelow@phyve. com

PKI: Your government working for you W. H. (Bill) Wehrmacher Datakey, Inc. December 1999 PKI: Your government working for you W. H. (Bill) Wehrmacher Datakey, Inc. December 1999 PKI Forum Overview

Not the first, but certainly a very public step In 1997, Vice President Al Not the first, but certainly a very public step In 1997, Vice President Al Gore published Access America, a report which outlined actions the Federal government is taking to promote the electronic delivery of services, and electronic transactions between agencies and trading partners, over open networks such as the Internet. The report made it clear that providing a proper security infrastructure was essential for electronic transactions to flourish. The Evolving Federal Public Key Infrastructure, CIO (Department of the Treasury) Richard A. Guida Final Draft 4. 0, 5 -21 -2000

What Government Agencies u State u U. S. Government – Federal – Department of What Government Agencies u State u U. S. Government – Federal – Department of Defense u International

State Governments u Electronic / Digital Signature Law – All 50 states have law State Governments u Electronic / Digital Signature Law – All 50 states have law allowing for the use of digital signatures, most of which allow or require PKI. • Mandate use of Digital Signatures in inter-government communication and commerce • Permits use of Digital Signatures elsewhere – 43 states have adopted the Uniform Computer Information Transactions Act (UCITA) which references PKI based digital signatures

U. S. Government Federal u Access Certificates for Electronic Commerce (ACES) – General Services U. S. Government Federal u Access Certificates for Electronic Commerce (ACES) – General Services Administration contract schedule for issuing Certificates – Potential ACES users’: SSA, EPA, and Dept of Education – Three Schedule awardees: ORC (Operational Research Consultants), Digital Signature Trust, AT&T u Smart Access Common Identification – GSA contract schedule for issuing PKI smart cards u Federal PKI – hosted by NIST – At core of interoperability and cross certification – Federal Bridge CA

U. S. Department of Defense u Do. D Medium-Pilot Assurance PKI – Sensitive, but U. S. Department of Defense u Do. D Medium-Pilot Assurance PKI – Sensitive, but unclassified material – 50, 000 certificates in use today u Interim External Certificate Authorities (IECA) – IECA program can be trusted by Do. D applications – Four IECA vendors: ORC (Operational Research Consultants), Digital Signature Trust, Veri. Sign, General Dynamics u Do. D Class 3 PKI – CA keys in FIPS 140 -1 Level 2 hardware tokens – LRA and RA keys in FIPS 140 -1 Level 2 smart cards u Target Do. D Class 4 PKI – will require smart cards or other tokens for all certificate holders u Do. D Common Access Card – Upgrade ID cards to PKI smart cards

International Law u 43 countries have law in place, in draft or are actively International Law u 43 countries have law in place, in draft or are actively investigating PKI based law for digital signatures or ecommerce u German Digital Signature Law – PKI based digital signatures – Oldest and most well known u United Nations Commission on International Trade Law (UNCIRTL)

Why? Because we must! u u u “Business-to-business and business-to-consumer electronic commerce reached $43 Why? Because we must! u u u “Business-to-business and business-to-consumer electronic commerce reached $43 billion and $8 billion respectively in 1998. Estimates predict that by 2003, those totals will exceed $108 billion and $1. 3 trillion respectively (Forrester Research). This experience suggests that electronic forms of authentication which are accepted over the Internet – and which include the use of public key technology – be generally accepted as having sufficient legal foundation by the transacting parties to allow e-commerce to proceed and grow” “In October 1998, Congress enacted the Government Paperwork Elimination Act (GPEA, Public Law 105 -277) requiring that when practicable, Federal agencies by October 2003 accept forms electronically with electronic signatures. ” “Federal agency efforts have focused on using public key technology for intraagency, interagency, and agency to trading partner transactions. The largest potential volume of traffic, and the greatest prospects for service delivery, involves transactions with the general public. Recognizing this, and appreciating that the best approach to use public key technology with the public is to devise a PKI that all agencies can collectively use for that purpose to share the costs of a common infrastructure, the General Services Administration began working in 1996 on an effort called Access Certificates for Electronic Services (ACES). ”

Conclusions u The use of Public Key technology within Government and business will continue Conclusions u The use of Public Key technology within Government and business will continue to grow at an astounding rate. u Public Key Infrastructures to provide and maintain trust must expand to support the growth of this technology u Government is leading, and will continue to lead, the expansion of PKI technology and service

Please feel free to contact me W. H. (Bill) Wehrmacher Director of Technical Services Please feel free to contact me W. H. (Bill) Wehrmacher Director of Technical Services Datakey, Inc. bill. wehrmacher@datakey. com +1 952 808 -2337 407 West travelers Trail Burnsville Minnesota 55337

PKI: A European Perspective Steve Mathews Netlexis December 1999 PKI Forum Overview PKI: A European Perspective Steve Mathews Netlexis December 1999 PKI Forum Overview

Where is Europe on the PKI map? u Baltimore Technologies u Uti. Maco u Where is Europe on the PKI map? u Baltimore Technologies u Uti. Maco u i. D 2 u Axenet u Siemens u Belsign u Bull u and others ……………….

How about European experiences? u European Commission R&D funding for major security projects since How about European experiences? u European Commission R&D funding for major security projects since 1991 u European Commission R&D and demonstrator funding for PKI projects since 1995

A sample of projects u DIABCARD-3 Smartcard held medical records for diabetes and cardiovascular A sample of projects u DIABCARD-3 Smartcard held medical records for diabetes and cardiovascular diseases – Siemens – Austria, France, Germany, Greece u ISHTAR – secure healthcare telematics – R 3 (now Entrust), Belgium, France, Germany, Greece, Netherlands, UK

More projects u TRUSTHEALTH I + II implementing PKI and TTPs in international healthcare More projects u TRUSTHEALTH I + II implementing PKI and TTPs in international healthcare – I – France, Netherlands, Norway, UK, Sweden – II – Belgium, Denmark, France, UK, Sweden u ICX – international commercial exchange for developing PKI supported trade – ICL, Shell International, Sweden Post, The Post Office

Commercial actions u Axenet announces a CA service for the French electronic marketplace in Commercial actions u Axenet announces a CA service for the French electronic marketplace in April 98 u Brokat and i. D 2 integrate PKI and smartcards to provide encrypted payments systems complying with German digital signature law – November 1998

National examples u Finnish citizen card and electronic identification launched using the Finnish Population National examples u Finnish citizen card and electronic identification launched using the Finnish Population Register Centre as the CA and Helsinki Telephone Corporation as the directory. Valid for electronic exchange of information for official purposes.

National examples u Netherlands Data Protection office working with ICL/Fujitsu and others to deliver National examples u Netherlands Data Protection office working with ICL/Fujitsu and others to deliver a PKI and smartcard based solution for the protection of healthcare information for access from and transport over the Internet

Commercial examples u Merita Nordbanken – Internet bank using PKI and smartcards u Bankgirot Commercial examples u Merita Nordbanken – Internet bank using PKI and smartcards u Bankgirot – Giro bank using PKI to support Corporate payments system

www. PKIForum. org www. PKIForum. org