Establishing a Digital Identity Martin Roe - Director of Technology, Royal Mail ViaCode

Establishing a Digital Identity

Martin Roe - Director of Technology, Royal Mail ViaCode

What’s in a name?

Work Health Club

Family Member

Who am I?

Citizen

Work Health Club

Family Member

One Signature!

Who am I?

Citizen

The Signature is mineBecause I signed it!

Note that the Signature is:Perpetual (All my life)Not affected by value of the transaction

This is clearly open to Fraud:Risk can be reduced by using NotariesChecks are increased if value rises

Signing a Contract

Digital ID’s

Digital signatures are ‘One Off’Associated with a single transaction

Signatures are validated against KeysKeys need to be under tight control

Private secure/Public readily availableIssuer must maintain history/audit

Oddly, less open to fraudProcesses are tighter

Digital Signatures

Both Specific or General UseOther uses achievableRestricted by liabilityRestricted by law (currently)

PKI Technology MatureExtending Storage MediumPC, Smart Cards, WAP DevicesHas a full revocation method

Needs a Trusted Issuing Party

Digital Signatures

Examples Travel Agents Insurance Brokers Insurance Assessors Auditors

Trusted Third Parties

OK; I’ve got a Digital Signature.

The world knows who I am; ViaCode have validated me!

Now, what can I use it for?

Signing Documents Digitally

Level Cert.Strength

Meaning

0 No Authentication Required

1 Low On Balance of ProbabilityThey are who they say they are

2 Medium ID Established to a SubstantialDegree of Assurance

3 High Identity Established Beyond aReasonable Doubt

Legal Defintions (CITU/PIU)

Level Cert.Strength

Authentication Method


1 Low On Line with Checks

2 Medium On Line with Extensive Checks

3 High Face to Face

ViaCode: Citizen Authentication

Level Cert.Strength

Authentication Method


1 Low Trusted Organisation (Agents)

2 Medium Delegated Face to Face

3 High Face to Face

ViaCode: Business Authentication

PKI provides: Content Confidentiality through Encryption Content Integrity Authentication of both Parties

ViaCode: Document Exchange

PKI does NOT provide: Non Repudiation; inability to deny an event Backed by a Trusted Organisation Backed by Insurance/Liability protection Backed by Audit/Forensic Evidence


Send eMail/Document to Royal Mail in an Encrypted Session

Receipt Acknowledgement


Royal Mail re- transmits the Document but without ‘Keys’

Opening Requests ‘Keys’?

‘Keys’ are Returned


The Originator is informed that the transaction is complete

OR


The Originator is informed that the transaction is INCOMPLETE

X


State of the Art

Within the Post Office..

Secure track and trace facility for selected customers

Veronica - International Services can have secure communications with their Dutch division

ViaCode: State of the Art

Major Reseller partnership

300,000 potential certificate holders

Secure communications between European network

Export documentation process reduced from 3 days to 3 hours with ViaCode


New Second Generation Portal Launch

Portal web site with trust a key feature of differentiation

Planning for over 2 million subscribers

ViaCode certificates will secure all transactions and communications

launching summer 2000

Corporate Solution involving Royal Mail, POCL & Parcelforce


Operating as a reseller of ViaCode in the Channel Islands

Targeting lucrative banking, legal and finance sectors

Applications such as on line contract signing money transfer requests and insurance quotes

ViaCode: State the Art

Government

The e-commerce minister Patricia Hewitt MP used a ViaCode certificate in the first ever digital signing of an agreement between two European Governments(Mar 2000)

Legal Sector

8 contracts secured in March 2000 alone

ViaCode: State the Art

Establishing a Digital Identity

Martin Roe - Director of Technology, Royal Mail ViaCode