PKI Benefits

1
PKI Benefits Applications

• Lisa Pretty
• Executive Director

2
PKI Forum

• The PKI Forum is an international,
  not-for-profit, multi-vendor and end-user
  alliance whose purpose is to accelerate the
  adoption and use of Public-Key Infrastructure
  (PKI). The PKI Forum advocates industry
  cooperation and market awareness to enable
  organizations to understand and exploit the value
  of PKI in their e-business applications.

3
Agenda

• PKI Benefits Applications
• PKI Technology Interoperability
• PKI Vendor Panel
• QA

4
PKI Applications
Source Aberdeen Group, PKI Multi-Client Study,
December 1999
5
PKI Market Forecast, 1997-2003by Revenue Category
Source Datamonitor, Public-Key Infrastructure
1999-2003, December 1999
6
The Speakers

• Financial Sven Hammar Celo
• Healthcare Justin Kromelow Phyve
• Government Bill Wehrmacher DataKey
• Europe Steve Matthews - Netlexis

7
PKI in the Financial Market

• Sven Hammar, CEO
• Celo Communications

8
Why PKI in Finance?

• PKI Finance Logical relationship
• Banks TRUST
• Take advantage of trust biggest strength!
• PKI proving to become security standard
• Online transactions require security
• Manage risk
• Vital to embrace new technology
• Can afford to be one step ahead
• Customer loyalty

9
PKI for Customer Loyalty

• Use PKI as customer tool
• Build loyalty relationship with customers
• PKI enables added service offerings
• Online banking
• Stock brokerage
• Loans
• Online payment of bills

10
Threats

• PKI a new technology
• Understand value in order to reap benefits
• Leverage existing brand
• Image, relationship Infrastructure
• PKI enable legacy applications
• Customer understanding value of PKI
• Always keep it simple for the customer!

11
Banks moving fast enough?

• Banks challenged by non-banks
• Retail industry already e-savvy
• Infrastructure in place
• Customers in place, worldwide access
• Online Competition
• Web Portals, ISPs offer Internet Banking
• Yahoo, AOL issue certificates
• Telcos Superior Infrastructure

12
PKI Strategy in Finance

• Use the advantage of TRUST!
• Work out brand management system
• Create PKI business alliances
• Identrus the right path Global presence
• Think long term
• Market landscape is changing fast
• Work with open standards
• PKI Forum a step in the right direction

13
New revenue opportunities

• Certificates A new revenue opportunity
• Banks can market active certificate list
• These customers are already
• Online
• Trusted
• Banking/Payment/Credit-Worthy
• Early Adaptor Mentality

14
PKI Applications in Finance

• Digital Signatures a vital PKI feature
• Legally, binding mechanism to digitally sign
  documents and transactions remotely
• U.S Senate approved the E-signing Law
• Removes legal barriers for e-business
• Bill Clinton signed E-Signing bill June 30
• E-Signing law effective October 1st

15
Digital Signatures in Finance

• Enables non-repudiation
• Verify identity of customer
• Revocation
• Storage of signatures
• Customer user-friendly
• Sign online transactions with a single click
• Sign HTML web forms contracts
• Stronger sense of security for customer when
  performing online transactions

16
Digitally Signed Bank Transaction

• Overview

17
Smart Cards / USB Tokens

• Smart Cards as relationship device
• Tool to leverage relations to customer
• Creates stronger tie to customer
• Banks brand always present (on card)
• Customer offer for higher level of security
• USB Tokens
• Competitive option to smart cards
• PC hardware not yet supporting card readers

18
PKI is the Future!

• Predictions for the overall market are huge.
  Potential in Financial Sector is unlimited!
• Both IDC and Frost Sullivan put PKI as one of
  the fastest growing markets in the Internet
  security space in coming years.
• According to Aberdeen Group, 98 of the Global
  2000 enterprises will be using PKI before 2003.

19
Summary

• PKI and Finance is a marriage made in heaven
  Logical and obvious relationship
• The Trust issue puts Financial institutions in
  pole position
• Digital signatures enable a stronger position on
  the market as well as with customers
• Keep it simple for the customer!
• Start now PKI means money!

20
PKI Benefits in Healthcare

• Justin Kromelow
• Phyve.

21
Why PKI in Healthcare

• HIPAA
• TCO maximization objectives
• Adoption and implementation of technical
  standards
• Large diverse, distributed organizations and
  groups of users

22
Benefits

• The Internet
• Administrative savings
• Paper vs EDI, Electronic report delivery
• Enhance information systems delivery plan
• Data mining/disease management
• Cornerstone for data driven efficiency

23
Contact Information
Phyve 2200 Bridge Parkway Redwood City, CA
94065 650-620-5100 http//www.phyve.com justin.kr
omelow_at_phyve.com
24
PKI Your government working for you

• W.H.(Bill) Wehrmacher
• Datakey, Inc.

25
Not the first, but certainly a very public step
In 1997, Vice President Al Gore published Access
America, a report which outlined actions the
Federal government is taking to promote the
electronic delivery of services, and electronic
transactions between agencies and trading
partners, over open networks such as the
Internet. The report made it clear that
providing a proper security infrastructure was
essential for electronic transactions to flourish.
The Evolving Federal Public Key Infrastructure,
CIO (Department of the Treasury) Richard A.
Guida Final Draft 4.0, 5-21-2000
26
What Government Agencies

• State
• U.S. Government
• Federal
• Department of Defense
• International

27
State Governments

• Electronic / Digital Signature Law
• All 50 states have law allowing for the use of
  digital signatures, most of which allow or
  require PKI.
• Mandate use of Digital Signatures in
  inter-government communication and commerce
• Permits use of Digital Signatures elsewhere
• 43 states have adopted the Uniform Computer
  Information Transactions Act (UCITA) which
  references PKI based digital signatures

28
U.S. Government Federal

• Access Certificates for Electronic Commerce
  (ACES)
• General Services Administration contract schedule
  for issuing Certificates
• Potential ACES users SSA, EPA, and Dept of
  Education
• Three Schedule awardees ORC (Operational
  Research Consultants), Digital Signature Trust,
  ATT
• Smart Access Common Identification
• GSA contract schedule for issuing PKI smart cards
  
• Federal PKI
• hosted by NIST
• At core of interoperability and cross
  certification
• Federal Bridge CA

29
U.S. Department of Defense

• DoD Medium-Pilot Assurance PKI
• Sensitive, but unclassified material
• 50,000 certificates in use today
• Interim External Certificate Authorities (IECA)
• IECA program can be trusted by DoD applications
• Four IECA vendors ORC (Operational Research
  Consultants), Digital Signature Trust, VeriSign,
  General Dynamics
• DoD Class 3 PKI
• CA keys in FIPS 140-1 Level 2 hardware tokens
• LRA and RA keys in FIPS 140-1 Level 2 smart cards
• Target DoD Class 4 PKI
• will require smart cards or other tokens for all
  certificate holders
• DoD Common Access Card
• Upgrade ID cards to PKI smart cards

30
International Law

• 43 countries have law in place, in draft or are
  actively investigating PKI based law for digital
  signatures or e-commerce
• German Digital Signature Law
• PKI based digital signatures
• Oldest and most well known
• United Nations Commission on International Trade
  Law (UNCIRTL)

31
Why? Because we must!

• Business-to-business and business-to-consumer
  electronic commerce reached 43 billion and 8
  billion respectively in 1998. Estimates predict
  that by 2003, those totals will exceed 108
  billion and 1.3 trillion respectively (Forrester
  Research). This experience suggests that
  electronic forms of authentication which are
  accepted over the Internet and which include
  the use of public key technology be generally
  accepted as having sufficient legal foundation by
  the transacting parties to allow e-commerce to
  proceed and grow
• In October 1998, Congress enacted the Government
  Paperwork Elimination Act (GPEA, Public Law
  105-277) requiring that when practicable, Federal
  agencies by October 2003 accept forms
  electronically with electronic signatures.
• Federal agency efforts have focused on using
  public key technology for intra-agency,
  interagency, and agency to trading partner
  transactions. The largest potential volume of
  traffic, and the greatest prospects for service
  delivery, involves transactions with the general
  public. Recognizing this, and appreciating that
  the best approach to use public key technology
  with the public is to devise a PKI that all
  agencies can collectively use for that purpose to
  share the costs of a common infrastructure, the
  General Services Administration began working in
  1996 on an effort called Access Certificates for
  Electronic Services (ACES).

32
Conclusions

• The use of Public Key technology within
  Government and business will continue to grow at
  an astounding rate.
• Public Key Infrastructures to provide and
  maintain trust must expand to support the the
  growth of this technology
• Government is leading, and will continue to lead,
  the expansion of PKI technology and service

33
Please feel free to contact me

• W.H.(Bill) Wehrmacher
• Director of Technical Services
• Datakey, Inc.
• bill.wehrmacher_at_datakey.com
• 1 952 808-2337
• 407 West travelers Trail
• Burnsville Minnesota 55337

34
PKI A European Perspective

• Steve Mathews
• Netlexis

35
Where is Europe on the PKI map?

• Baltimore Technologies
• UtiMaco
• iD2
• Axenet
• Siemens
• Belsign
• Bull
• and others .

36
How about European experiences?

• European Commission RD funding for major
  security projects since 1991
• European Commission RD and demonstrator funding
  for PKI projects since 1995

37
A sample of projects

• DIABCARD-3 Smartcard held medical records for
  diabetes and cardiovascular diseases Siemens
  Austria, France, Germany, Greece
• ISHTAR secure healthcare telematics R3 (now
  Entrust), Belgium, France, Germany, Greece,
  Netherlands, UK

38
More projects

• TRUSTHEALTH I II implementing PKI and TTPs in
  international healthcare
• I France, Netherlands, Norway, UK, Sweden
• II Belgium, Denmark, France, UK, Sweden
• ICX international commercial exchange for
  developing PKI supported trade ICL, Shell
  International, Sweden Post, The Post Office

39
Commercial actions

• Axenet announces a CA service for the French
  electronic marketplace in April 98
• Brokat and iD2 integrate PKI and smartcards to
  provide encrypted payments systems complying with
  German digital signature law November 1998

40
National examples

• Finnish citizen card and electronic
  identification launched using the Finnish
  Population Register Centre as the CA and Helsinki
  Telephone Corporation as the directory. Valid
  for electronic exchange of information for
  official purposes.

41
National examples

• Netherlands Data Protection office working with
  ICL/Fujitsu and others to deliver a PKI and
  smartcard based solution for the protection of
  healthcare information for access from and
  transport over the Internet

42
Commercial examples

• Merita Nordbanken Internet bank using PKI and
  smartcards
• Bankgirot Giro bank using PKI to support
  Corporate payments system

43
www.PKIForum.org