Bridge-CA Initiative, 06/19/01, Seite 1

PKI ForumHolger Reif, TeleTrusT eV

David Barcklow, Deutsche Bank AG

Bridge-CA Initiative, 06/19/01, Seite 2

The European Bridge-CA...... is a non-profit initiative open to all organisation - public and private!

... bridges the gap between existing, group-constrained security solutions of global corporations and public authorities.

... enables the secure data interchange between all participating partners.

... uses the existing infrastructures of previously established data networks.

... is available without greater expenditure of time and money.

... exchanges knowledge and experience on development and deployment of PKIs among its participantes

... is an initiative focused on interoperability, flexibility, practicable solutions and neutrality.

Bridge-CA Initiative, 06/19/01, Seite 3

Idea generated by

Interoperabilityreached

European Bridge-CA - The (Known) Past

Mai 2000 August 2000 October 2000 January 2001

Boardestablished

Bridge-CAgoes live

www.bridge-ca.orggoes live

March 2001 End of 2001

Bridge-CA Initiative, 06/19/01, Seite 4

Architectures for Bridging Gaps between PKIs

Super-Root

Peer-to-Peer

Trust Hub

Bridge-CA Initiative, 06/19/01, Seite 5

The Two-Phase approach

• Get Operational fast!– Piloting (implementation by participants with possibly limited user

group)

– requirements as relaxed as possible

– explore business cases (both general PKI and Bridge concept)

– reach critical mass

– implementation: trust lists

• Make it richer!– ease the handling and automate

– foster the active use of PKI by promoting business cases

– deploy network effect

– implementation: cross certification

Bridge-CA Initiative, 06/19/01, Seite 6

European Bridge-CA - The Present

• MoU signed by the founders• Set under the patronage of the Minister of the Interior Otto Schily• Ongoing production of documents

– Policy– Certificate Practice Statement– membership agreement– membership fees

• Explain ideas and concepts • Expand beyond Germany (and even Europe)• Refine Interoperability requirements and testing procedures• Establish co-operation (PKI-Forum, PKI-Challenge, ISIS-MTT)

Bridge-CA Initiative, 06/19/01, Seite 7

European Bridge-CA - The Future (Or: The Wish List)

• Vendors of PKI aware applications should even more look at interoperability issues in general

• Vendors should set a good example, utilize their PKI-applications inhouse and participate the Bridge-CA

• Vendors should watch emerging requirements from our initiative– e.g. German governmental agencies will join the Bridge-CA with

their own PCA and support for Bridge-CA is a must for procurement

• Vendors and Consultants should see the Bridge-CA as new benefit to implement (and sell) a PKI

• co-operation with all parties concerned with interoperability (e.g. PKI-Forum)

Bridge-CA Initiative, 06/19/01, Seite 8

participating & interested parties at the moment

BMW

Deutsche Telekom

Deutsche Bank

Sparkassen Informations Zentrum

Bundesamt für Sicherheit in der Informationstechnik

Daimler Chrysler

Siemens

Giesecke & Devrient

TC TrustCenter

Dresdner Bank

Émagine

Arthur Andersen

SAP

D-Trust

Utimaco

Who are we talking to in the USA:

IBM, Microsoft, Verisign and others

Secude

Bridge-CA Initiative, 06/19/01, Seite 9

Bank guarantees ‚just in time‘In the daily course of business bank guarantees are a usual form to secure a wide array of services (payments, supplies or other pretentions). Speed and flexibility are essential for such a warranty, in an effort to prevent any delay of the underlying customer business. The paper-bound transmittal of sensitive customer data and the necessity of an handwritten signature made a fast reaction nearly impossible.

Today by means of digital certificates e-mails and e-documents can be encoded and signed digitally. Beyond that the certificates are a type of electronic ID-Card identifying the unique owner. The newly developed product db-order of the Deutsche Bank uses this technology and thereby enables the safe electronic supply of relevant business data for the endorsement check and the digital signature for the endorsement request and assertion. Unauthorized third parties cannot see or manipulate this data. The warranty process can be completely automated, the endorsement promise is given within minutes.The Deutsche Bank is a member of the Bridge-CA Initiative. Based on the common standards the Deutsche Bank can accept digital certificates from other participants. The number of potential customers for the automated endorsement request rose significantly. By these means the customers have a broader range of applications they can access with their corporate certificates and the bank doesn’t need to administer the certificates of all customers.

Ben

efit

So

luti

on

Pro

ble

m

Bridge-CA Initiative, 06/19/01, Seite 10

Short notice adaption of communication capacitiesCommunication has became one of the central competition factors in the today's knowledge community. Exchanging data and information fast and error free with branches and/or customers needs to be possible at any given time. Extending communication capacities always was a lengthy and complex enterprise, cost-intensive surplus capacities were regularly kept on stock.

By means of digitally signed e-mails the employees of the Deutsche Bank now can transmit orders and terminations of communication capacities directly to their suppliers at the Deutsche Telekom. Beyond that the specifying and encoded data is being provided in a format that can immediately be processed electronically. Complex administrative handling can thereby be reduced down to minutes. Supplied communications capacities always are in accordance with demand.

Because both organizations are member in the Bridge-CA, this ensures the interoperability of the mailing systems and the mutual confidence into the corporate certificates.

Ben

efit

So

luti

on

Pro

ble

m

Bridge-CA Initiative, 06/19/01, Seite 11

More than 150‘ employees of the Deutsche Telekom need a multi-functional ID-Card for administrating their time accounts based on flexible working hours, for the admission to buildings and premises, for the safe exchange of electronic mail and participating in specific business operations within the enterprise and/or with business partners and customers.

Digital ID-Card in the Deutsche Telekom

The Deutsche Telekom uses an PKI infrastructure by the name of „TIKS 2000“ that issues certificates and smartcards for all corporate employees. By means of digitally signed e-mails and attached document in any format the entire internal and external course of business can be handled faster and more efficiently. Additionally this solution secures the acces to internal web information offers and the accesses to the enterprise-internal Intranet.

The range of certificates issued by Deutsche Telekom - being a member of the Bridge-CA - has grown immense. Other PKIs are now accessible. This enables secure automation of a large amount of business processes with customers and suppliers. Examples are bill presentment, order processing and others. Secure e-mails are being exchanged with T-Online customers and federal institutions.B

enef

itS

olu

tio

nP

rob

lem

Bridge-CA Initiative, 06/19/01, Seite 12

Public secure e-mail

Many enterprises use the services of T-Online for their e-commerce applications, e-mails and web access. Ever more users and customers are requiring functionality for secure communication.

Each T-Online user can request his e-mail certificate with a simple mouse click ‚just in time‘. A additional registration is not necessary since each T-Online user has been previously registered via his customer access. Based on available certificate services each of these customers can immediately sign and encrypt his business and private e-mails and/or transactions.

T-Online is a connected enterprise of the Deutsche Telekom and thus likewise a member of the Bridge-CA. All their customers not only can communicate securely among themselves but now also can interact with the other members of the Bridge-CA. This is particularly interesting for electronic communication between citizens and public authorities. B

enef

itS

olu

tio

nP

rob

lem

Bridge-CA Initiative, 06/19/01, Seite 13

Controlled information flow in projects

In projects many parties need to work together efficiently even though they are of different enterprises and regionally distributed. Keeping up a sufficient information flow especially across company borders is very difficult and time consuming. Especially the flow of sensitive information needs to be monitored closely.

Setting up an extranet for file storage and application providing demands highly secure procedures of client identification and administration of access rights. IDNT has solved this challenge by implementing virtual private networks. Based on this technology corporate applications for project controlling and critical project developments can be accessed from anywhere in this world as long as the team member bears a valid certificate and adequate right.

Intending to become a member the Bridge-CA IDNT will accept the external certificates of these participants. Consultants and suppliers will be able to use their corporate PKI to engage themselves into the electronic project management platform.

Ben

efit

So

luti

on

Pro

ble

m

Bridge-CA Initiative, 06/19/01, Seite 14

Kontakte: www.bridge-ca.org

Bernhard Esslinger

Deutsche Bank AG

Director eID-Solutions

Frankfurter Str. 84

65760 Eschborn

Germany

email: bernhard.esslinger@db.com

b.esslinger@eudoramail.com

Bernd Kowalski

Deutsche Telekom AG

Geschäftsführer T-Telesec

Untere Industriestr. 20

57250 Netphen

Germany

email: bernd.kowalski@telekom.de

Helmut Reimer

Geschäftsführer TeleTrusT

Eichendorfstr. 16

99096 Erfurt

Germany

email: teletrust@t-online.de

Holger Reif

TeleTrusT Deutschland e.V.

Eichendorfstr. 16

99096 Erfurt

Germany

email: kontakt@bridge-ca.org

holger@reif.net