Upload
aderes
View
53
Download
0
Embed Size (px)
DESCRIPTION
PKI Forum Holger Reif, TeleTrusT eV David Barcklow, Deutsche Bank AG. The European Bridge-CA. ...is a non-profit initiative open to all organisation - public and private! ...bridges the gap between existing, group-constrained security solutions of global corporations and public authorities. - PowerPoint PPT Presentation
Citation preview
Bridge-CA Initiative, 06/19/01, Seite 1
PKI ForumHolger Reif, TeleTrusT eV
David Barcklow, Deutsche Bank AG
Bridge-CA Initiative, 06/19/01, Seite 2
The European Bridge-CA...... is a non-profit initiative open to all organisation - public and private!
... bridges the gap between existing, group-constrained security solutions of global corporations and public authorities.
... enables the secure data interchange between all participating partners.
... uses the existing infrastructures of previously established data networks.
... is available without greater expenditure of time and money.
... exchanges knowledge and experience on development and deployment of PKIs among its participantes
... is an initiative focused on interoperability, flexibility, practicable solutions and neutrality.
Bridge-CA Initiative, 06/19/01, Seite 3
Idea generated by
Interoperabilityreached
European Bridge-CA - The (Known) Past
Mai 2000 August 2000 October 2000 January 2001
Boardestablished
Bridge-CAgoes live
www.bridge-ca.orggoes live
March 2001 End of 2001
Bridge-CA Initiative, 06/19/01, Seite 4
Architectures for Bridging Gaps between PKIs
Super-Root
Peer-to-Peer
Trust Hub
Bridge-CA Initiative, 06/19/01, Seite 5
The Two-Phase approach
• Get Operational fast!– Piloting (implementation by participants with possibly limited user
group)
– requirements as relaxed as possible
– explore business cases (both general PKI and Bridge concept)
– reach critical mass
– implementation: trust lists
• Make it richer!– ease the handling and automate
– foster the active use of PKI by promoting business cases
– deploy network effect
– implementation: cross certification
Bridge-CA Initiative, 06/19/01, Seite 6
European Bridge-CA - The Present
• MoU signed by the founders• Set under the patronage of the Minister of the Interior Otto Schily• Ongoing production of documents
– Policy– Certificate Practice Statement– membership agreement– membership fees
• Explain ideas and concepts • Expand beyond Germany (and even Europe)• Refine Interoperability requirements and testing procedures• Establish co-operation (PKI-Forum, PKI-Challenge, ISIS-MTT)
Bridge-CA Initiative, 06/19/01, Seite 7
European Bridge-CA - The Future (Or: The Wish List)
• Vendors of PKI aware applications should even more look at interoperability issues in general
• Vendors should set a good example, utilize their PKI-applications inhouse and participate the Bridge-CA
• Vendors should watch emerging requirements from our initiative– e.g. German governmental agencies will join the Bridge-CA with
their own PCA and support for Bridge-CA is a must for procurement
• Vendors and Consultants should see the Bridge-CA as new benefit to implement (and sell) a PKI
• co-operation with all parties concerned with interoperability (e.g. PKI-Forum)
Bridge-CA Initiative, 06/19/01, Seite 8
participating & interested parties at the moment
BMW
Deutsche Telekom
Deutsche Bank
Sparkassen Informations Zentrum
Bundesamt für Sicherheit in der Informationstechnik
Daimler Chrysler
Siemens
Giesecke & Devrient
TC TrustCenter
Dresdner Bank
Émagine
Arthur Andersen
SAP
D-Trust
Utimaco
Who are we talking to in the USA:
IBM, Microsoft, Verisign and others
Secude
Bridge-CA Initiative, 06/19/01, Seite 9
Bank guarantees ‚just in time‘In the daily course of business bank guarantees are a usual form to secure a wide array of services (payments, supplies or other pretentions). Speed and flexibility are essential for such a warranty, in an effort to prevent any delay of the underlying customer business. The paper-bound transmittal of sensitive customer data and the necessity of an handwritten signature made a fast reaction nearly impossible.
Today by means of digital certificates e-mails and e-documents can be encoded and signed digitally. Beyond that the certificates are a type of electronic ID-Card identifying the unique owner. The newly developed product db-order of the Deutsche Bank uses this technology and thereby enables the safe electronic supply of relevant business data for the endorsement check and the digital signature for the endorsement request and assertion. Unauthorized third parties cannot see or manipulate this data. The warranty process can be completely automated, the endorsement promise is given within minutes.The Deutsche Bank is a member of the Bridge-CA Initiative. Based on the common standards the Deutsche Bank can accept digital certificates from other participants. The number of potential customers for the automated endorsement request rose significantly. By these means the customers have a broader range of applications they can access with their corporate certificates and the bank doesn’t need to administer the certificates of all customers.
Ben
efit
So
luti
on
Pro
ble
m
Bridge-CA Initiative, 06/19/01, Seite 10
Short notice adaption of communication capacitiesCommunication has became one of the central competition factors in the today's knowledge community. Exchanging data and information fast and error free with branches and/or customers needs to be possible at any given time. Extending communication capacities always was a lengthy and complex enterprise, cost-intensive surplus capacities were regularly kept on stock.
By means of digitally signed e-mails the employees of the Deutsche Bank now can transmit orders and terminations of communication capacities directly to their suppliers at the Deutsche Telekom. Beyond that the specifying and encoded data is being provided in a format that can immediately be processed electronically. Complex administrative handling can thereby be reduced down to minutes. Supplied communications capacities always are in accordance with demand.
Because both organizations are member in the Bridge-CA, this ensures the interoperability of the mailing systems and the mutual confidence into the corporate certificates.
Ben
efit
So
luti
on
Pro
ble
m
Bridge-CA Initiative, 06/19/01, Seite 11
More than 150‘ employees of the Deutsche Telekom need a multi-functional ID-Card for administrating their time accounts based on flexible working hours, for the admission to buildings and premises, for the safe exchange of electronic mail and participating in specific business operations within the enterprise and/or with business partners and customers.
Digital ID-Card in the Deutsche Telekom
The Deutsche Telekom uses an PKI infrastructure by the name of „TIKS 2000“ that issues certificates and smartcards for all corporate employees. By means of digitally signed e-mails and attached document in any format the entire internal and external course of business can be handled faster and more efficiently. Additionally this solution secures the acces to internal web information offers and the accesses to the enterprise-internal Intranet.
The range of certificates issued by Deutsche Telekom - being a member of the Bridge-CA - has grown immense. Other PKIs are now accessible. This enables secure automation of a large amount of business processes with customers and suppliers. Examples are bill presentment, order processing and others. Secure e-mails are being exchanged with T-Online customers and federal institutions.B
enef
itS
olu
tio
nP
rob
lem
Bridge-CA Initiative, 06/19/01, Seite 12
Public secure e-mail
Many enterprises use the services of T-Online for their e-commerce applications, e-mails and web access. Ever more users and customers are requiring functionality for secure communication.
Each T-Online user can request his e-mail certificate with a simple mouse click ‚just in time‘. A additional registration is not necessary since each T-Online user has been previously registered via his customer access. Based on available certificate services each of these customers can immediately sign and encrypt his business and private e-mails and/or transactions.
T-Online is a connected enterprise of the Deutsche Telekom and thus likewise a member of the Bridge-CA. All their customers not only can communicate securely among themselves but now also can interact with the other members of the Bridge-CA. This is particularly interesting for electronic communication between citizens and public authorities. B
enef
itS
olu
tio
nP
rob
lem
Bridge-CA Initiative, 06/19/01, Seite 13
Controlled information flow in projects
In projects many parties need to work together efficiently even though they are of different enterprises and regionally distributed. Keeping up a sufficient information flow especially across company borders is very difficult and time consuming. Especially the flow of sensitive information needs to be monitored closely.
Setting up an extranet for file storage and application providing demands highly secure procedures of client identification and administration of access rights. IDNT has solved this challenge by implementing virtual private networks. Based on this technology corporate applications for project controlling and critical project developments can be accessed from anywhere in this world as long as the team member bears a valid certificate and adequate right.
Intending to become a member the Bridge-CA IDNT will accept the external certificates of these participants. Consultants and suppliers will be able to use their corporate PKI to engage themselves into the electronic project management platform.
Ben
efit
So
luti
on
Pro
ble
m
Bridge-CA Initiative, 06/19/01, Seite 14
Kontakte: www.bridge-ca.org
Bernhard Esslinger
Deutsche Bank AG
Director eID-Solutions
Frankfurter Str. 84
65760 Eschborn
Germany
email: [email protected]
Bernd Kowalski
Deutsche Telekom AG
Geschäftsführer T-Telesec
Untere Industriestr. 20
57250 Netphen
Germany
email: [email protected]
Helmut Reimer
Geschäftsführer TeleTrusT
Eichendorfstr. 16
99096 Erfurt
Germany
email: [email protected]
Holger Reif
TeleTrusT Deutschland e.V.
Eichendorfstr. 16
99096 Erfurt
Germany
email: [email protected]