1 / 13

PKI Forum Sydney 2000 Members Meeting

PKI in Australia. PKI Forum Sydney 2000 Members Meeting. Stephen Wilson Chair -- Certification Forum of Australia Director -- PricewaterhouseCoopers beTRUSTed. PKI in Australia. Evolution of PKI in Australia What’s hot in PKI? The PKI market Certification Forum of Australia

snowy
Download Presentation

PKI Forum Sydney 2000 Members Meeting

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PKI in Australia PKI Forum Sydney 2000 Members Meeting Stephen Wilson Chair -- Certification Forum of Australia Director -- PricewaterhouseCoopers beTRUSTed

  2. PKI in Australia • Evolution of PKI in Australia • What’s hot in PKI? • The PKI market • Certification Forum of Australia • Towards a national PKI

  3. PKAF Report AS4539 PKAF Gatekeeper 2 Gatekeeper Report First CAs A-G’s Expert Group ETA States Non Govt PKI Model Unified model “Light touch” PKI policy Research Projects Evolution of PKI in Australia Standards Australia Project Gatekeeper Law reform Certification Forum NEAC 1997 1998 1999 2000 2001 1996

  4. What’s hot in PKI? • Internet transaction value -- and risk -- on the rise • Applications: corporate banking, health, govt services • Non-value transactions • corporate & taxation reporting • online healthcare • superannuation, conveyancing • Communities of Interest; certificate policy customisation • Mutual recognition rather than cross certification

  5. Characterising the Australian PKI environment • Light touch politics & regulatory settings (UNCITRAL) • Strong Internet & e-commerce uptake • Strong history of e-security technology companies • Government a vigorous PKI user and regulator (Gatekeeper) • Increasing latent demand for authentication • But historically difficult to crystalise PKI business case

  6. PKI market highlights in Australia • Australian Tax Office certificates for GST returns • 300,000 certs issued; 20-40,000 used • leading to general purpose govt endorsed Australian Business Certificate (see www.noie.gov.au/projects/govt/ABNDSC.htm) • Finance sector experience • National Australia Bank retail Internet banking • Australian Stock Exchange block trading system • Identrus (three of the four majors joined up)

  7. PKI market highlights in Australia (cont.) • Government services delivery • Australia Securities & Investment Commission (live) • Electronic Conveyancing Victoria (planned) • HealthConnect national health network • PKI central to practitioner & patient identifiers • see www.health.gov.au

  8. The Certification Forum of Australia • Pre-eminent authentication sector industry group • lobbying & position papers • awareness & education • Code of Practice & control model • represent PKI on the NEAC • 40+ members • PKI services and vendors • users & user groups • governments • lawyers, auditors, insurers

  9. Accreditation Body Accreditation Body Accreditation Body ISO/IEC Guides ISO/IEC Guides ISO/IEC Guides Auditor Auditor AS/NZS 4444 e.g. AS 4539 Supplier CA Security System CP CPS Goods or Services Alice CA 1010111001 The CFA model: audit-based PKI

  10. Advantages of audit-based PKI • Light touch; no legislation needed • Industry-based yet highly trusted • Utilises existing bodies & processes • Transparent liability for all types of CA • Demystifies the role of Root CA • Supports fitness for purpose

  11. Independent NEAC review [We] can expect that it will soon become normal practice for every electronic business system … to undergo regular audits of compliance with legal and regulatory requirements ... there will be considerable demand for an accreditation framework for electronic authentication products and services, driven by the need for businesses to assure their information systems and processes in the emerging climate of electronic business there is already a general framework for certifying appropriate auditors and development of appropriate audit standards • NEAC now proposing a joint Gatekeeper-CFA national model

  12. Bank 1 Australian PKI Accreditation Body Bank 2 Auditor A Auditor B Bank 3 Identrus PKI as communities of interest Doctors Nurses Health sector Auditor ATO ABN-DSC CA Gatekeeper Auditor

  13. Discussion www.aeema.asn.au (look for CFA under “Groups”) www.noie.gov.au/neac www.gpka.gov.au www.health.gov.au/healthonline/ehr_rep.htm www.apii.or.kr/apec/atwg/preatg.html

More Related