200 likes | 330 Views
The Business Perspective: The contribution of electronic signatures to the development of electronic commerce. Market Perspectives Implemented Business Applications Lessons Learned Bridge CA Initiative. Anti-virus. Firewall. VPN.
E N D
The Business Perspective: The contribution of electronic signatures to the development of electronic commerce • Market Perspectives • Implemented Business Applications • Lessons Learned • Bridge CA Initiative
Anti-virus Firewall VPN Authentication Encryption PKI Security management Market Perspectives IT Security Market Growth Germany = 10% of worldmarket Market Characteristics D = US $ 802 • Electronic Signatures are only • a fragment of the security market Mio US $ 8.022 CAGR IT -Security 24 % • PKI solutions provide • Certificates & Tokens for • multifunctional use (saving costs) D = US $ 417 Mio US $ 4.170 • electronic signatures • are only one option • for secure e-business transactions • Market growth for legally valid • signatures was not satisfactory 2000 2003 Quelle: Datamonitor 1999
Cardissuer: • Bank • Merchant • Enterprise • Community • Cardholder: • Account Holder • Consumer • Employee • Member Implemented Business Applications The long term Vision Logistics Stat. trade Production Transport orders Online customers Supplier Sales Customer service Offer of goods Order Payment Invitations to bid Price lists Quotations Call-up orders INTRANET Shop/Mall Purchasing Public means of payment Payment processing Clearing Clearing Supplier Bank Customer Banks Dealer Bank
Mail Accounts e-mail Smith@local_net.de meyer@western_net.com Internet Service Provider WESTERN_NET Internet Service Provider LOCAL_NET temp IP Cert Cert Implemented Business Applications • Secure E-Mail • Signed & encrypted E-Mail incl. attachments - smartcard optional - Security Solution for Intra-/Inter-Company Business Workflow
www.community.de D-Base Browser Internet Service Provider web server Internet Service Provider temp IP Cert Cert Implemented Business Applications • Secure Web-based Information Services • Authentication Client Server • Authenticated and encrypted SSL-Link Security Solution for Webportals and Market Sites
Remote Access Secure VPN Implemented Business Applications • Enterprise PKI Largest project: 150 thsd users e.g. Telekom, Federal and Regional Governments Secure File/E-Documents and Workflow Virtual CA Trust Center multifunctional smartcard (optional) Corporate PKI Web Server Certificates Secure E-Mail Secure Desktop
Certification • Revocation • Registration • Certificate Directory • Policy Support • T-TeleSec TrustCenter / CA / RA • Certificate • Revocation • List • A • X.500/ Features: • LDAP Certificate • strong mutual IP level Authentication • full IP-Link encryption • Request • A ENX network CRL Request • based on IP standards • VPN Encryptor • VPN Encryptor Certificate Certificate IPSEC • A • A Authentication & Encryption • Trading Partner A • Trading Partner B Implemented Business Applications • ENX: VPN-IP for European Automotive Industry TeleSec VPN_IPSEC certificates are used in the European Automotive Exchange Network by different carriers serving manufactures, delivers etc.
===!"§ Deutsche Telekom Implemented Business Applications Interoperability Project between Administrations, Private Enterprises and Consumers secure business transactions Enterprise PKI Enterprise PKI Consumer / Citizen T-Online Federal Government IVBB Land Thüringen TESTA-Thu Internet-Compatibility: PKIX/SPHINX, SMIME/MTT
Lessons learned • Simple Solutions sell best • Still too many technical problems with smartcards • Mostly big customers with highly customized PKI solutions • Interoperability problem between Corporate PKIs is a show stopper • Consumers, Citizens and Employees won´t pay • qualified signatures are still not understood • no market yet for 100% smartcard-based solutions • Corporate PKIs won´t sell without interoperability • Complex business models for financing security in E-Commerce • qualified electronic signatures are still no driving factor in the market
Lessons learned Actions to improve market situation • Bridge CA Initiative - achieve interoperability between existing PKIs - define basic rules - no discussion about security levels • ISIS - MTT specification - migrate regulated & non-regulated platforms to one - specification of all relevant interfaces until QIV/2001 - develop test scenario until QIII/2002 - joint action between AG Trust Center (“T7”) and TeleTrusT
Bridge CA Initiative mission of the European Bridge-CA is... ... to create a bridge of trust between different PKIs world-wide ... to enable secure electronic communication between organizations (corporations and administrations) ... to establish a mutual basis for the use of digital signatures in processes and applications ... to set standards for inter-organizational electronic communication ... applied principles: practicality, flexibility, interoperability, safeguarding of investments
Bridge CA Initiative the bridge-CA is a non-hierarchical, 1:n „hub“ • Single contracting party • widely accepted and agreed standards • customizable string of trust Ties of trust Company CA Company CA Employee Employee Employee Employee Employee Employee
Bridge CA Initiative the bridge-CA... ... is a non-profit initiative open to all organizations. ... bridges the gap between existing, group-constrained security solutions of global corporations and public authorities. ... enables the secure data interchange between all participating partners. ... uses the existing PKI and mailing infrastructures of previously established data networks. ... is available without greater expenditure of time and money. ... exchanges knowledge and experience on development and deployment of PKIs among its participants. ... Is an initiative focused on interoperability, flexibility, practicable solutions and neutrality.
Bridge CA Initiative advantages Protection of investment: Companies, which already have a PKI and an S/MIME-able mailing system, can now securely communicate internally and externally without additional costs. Flexibility: Both software and hardware certificates can be used in the Bridge-CA initiative. Exchange of experience: All organizations involved profit from jointly won perceptions and insights. Network effect: The more organizations participate in the Bridge-Ca initiative, the larger become the synergies and the benefits of PKI usage. Innovation: Crossborder definition of standards within the area of safe electronic communication.
Deutsche Telekom Lufthansa Deutsche Bank Bosch Siemens IBM BASF Giesecke & Devrient BMW TC TrustCenter German Savings Bank Organisation German Information Security Agency (GISA) Daimler Chrysler Bridge CA Initiative participating & interested parties at the moment
Bridge CA Initiative elements of interoperability of some participants Organisation E-Mail Client S/MIME Solution CA-Products (native e-mail client or with Plug-in) BMW AG Netscape Messenger 4.7.2 native TC TrustCenter Deutsche Bank AG Lotus Notes 4.5/4.6 Lotus MailProtect 1.3.4 a TC TrustCenter (Production) SECUDE CA (Test, Development) Deutsche Telekom AG MS Outlook 98 SECUDE AuthentEmail ( customized) Cybertrust CA Dresdner Bank AG MS Outlook 2000 native Netscape/Baltimore Secartis AG MS Outlook 98 G&D TrustedMail GDTrust CA Siemens AG MS Outlook 98 SSE TrustedMime Trusted CA TC Trust Center GmbH Netscape Messenger 4.7.6 native TC TrustCenter Interoperability demonstrated via exchange of sign and signed/encrypted S/MIME-Mails messages.
PKI participant 2 PKI participant 1 6 6 6 7 7 7 2 4 5 5 4 5 4 4 3 1 Directory Directory Bridge CA Initiative basic functionality Generate and sign list of participating Root-Certificates Standards andRequirements Registry and exchange of Root-Certificates Signed list transmitted to participant Bridge-CA Signed list with Root-Certificatestransmitted to „new“ participant „New“ PKI participant PKI participant 3 Very signature of Bridge-CA on the received list Import Root-Certificates into own directory services Retrieve Root-Certificate of own directory services by users to verify digital signatures of external PKIs User User
Bridge CA Initiative open issues, current challenges • Certificate standards (e.g. AuthorityKeyId, SubjectKeyId, critical/non-critical values) => educational task • Resolve smaller problems among tested clients • Access to and interoperability of corporate directories • Verification of trust paths within Microsoft products (NT, Windows 2000) • Verification of nested validity periods within Microsoft products • Test encryption and policy mapping • Basic Constraints - length of trust path • Effective control of trust spreading
Bridge CA Initiative major milestones Idea generated by Number of participant reaches 50 Interoperability reached Board established Bridge-CA goes live www.bridge-ca.org goes live May 2000 August 2000 October 2000 January 2001 March 2001 End of 2001