pki: a taxing experience ed bristow technical manager, pki project australian taxation office 5...
TRANSCRIPT
![Page 1: PKI: A Taxing Experience Ed Bristow Technical Manager, PKI Project Australian Taxation Office 5 December 2000 Secure Foundations](https://reader034.vdocument.in/reader034/viewer/2022042608/56649c895503460f949419c0/html5/thumbnails/1.jpg)
PKI: A Taxing ExperiencePKI: A Taxing Experience
Ed BristowTechnical Manager, PKI ProjectAustralian Taxation Office5 December 2000
Secure Foundations
![Page 2: PKI: A Taxing Experience Ed Bristow Technical Manager, PKI Project Australian Taxation Office 5 December 2000 Secure Foundations](https://reader034.vdocument.in/reader034/viewer/2022042608/56649c895503460f949419c0/html5/thumbnails/2.jpg)
.Canberr
a
•Canberra
Canberra
![Page 3: PKI: A Taxing Experience Ed Bristow Technical Manager, PKI Project Australian Taxation Office 5 December 2000 Secure Foundations](https://reader034.vdocument.in/reader034/viewer/2022042608/56649c895503460f949419c0/html5/thumbnails/3.jpg)
• What we did• Why we did it• Where are we now?• How did it happen• Learnings• Where to from here?• Conclusion
Presentation Outline
![Page 4: PKI: A Taxing Experience Ed Bristow Technical Manager, PKI Project Australian Taxation Office 5 December 2000 Secure Foundations](https://reader034.vdocument.in/reader034/viewer/2022042608/56649c895503460f949419c0/html5/thumbnails/4.jpg)
Business Drivers
• Tax Reform– Australian Business Number (ABN)– The New Tax System– GST– Business Activity Statement (BAS)
• Investing for Growth– Must offer services online by end 2001– ATO keen to add to existing eServices
• Electronic Lodgment Service (ELS)• e-tax (self-lodged returns via Internet)
Australia undertook a major change to its taxation system during 2000.
The Federal Government has announced strategies for increasing government transactions available online.
![Page 5: PKI: A Taxing Experience Ed Bristow Technical Manager, PKI Project Australian Taxation Office 5 December 2000 Secure Foundations](https://reader034.vdocument.in/reader034/viewer/2022042608/56649c895503460f949419c0/html5/thumbnails/5.jpg)
Context & Starting Points• Gatekeeper
– Sets outs standards and processes for evaluating:
• POI• Security• Technology• Operations
– Aims to ensure• Trust• Interoperability
– Assist with• Development of e-
commerce
Gatekeeper establishes a framework for PKI in Federal Govt
![Page 6: PKI: A Taxing Experience Ed Bristow Technical Manager, PKI Project Australian Taxation Office 5 December 2000 Secure Foundations](https://reader034.vdocument.in/reader034/viewer/2022042608/56649c895503460f949419c0/html5/thumbnails/6.jpg)
The ATO PKI Today
• Roll-out started 16 June 2000
• 306,871 sets of keys & certificates generated so far– Total includes those revoked (12%) and those
requested by businesses unable to use them
• 75,587 have been collected from the PKI web server
• 53,000 businesses are now ‘Ready to Deal’ electronically
The ATO PKI has been in production since June 2000
Australian Businesses are using a PKI enabled application to exchange information with the ATO
![Page 7: PKI: A Taxing Experience Ed Bristow Technical Manager, PKI Project Australian Taxation Office 5 December 2000 Secure Foundations](https://reader034.vdocument.in/reader034/viewer/2022042608/56649c895503460f949419c0/html5/thumbnails/7.jpg)
Key Features of the ATO PKI• ATO CA operated for ATO by Certificates
Australia Pty Ltd• CA uses UniCERT technology• RA function interfaces with ABR• Keys & Certificates distributed via Internet• Certificates valid for 2 years• End-users get two certificates and key pairs -
authentication and confidentiality• End-entity keys are 1024 bit RSA, CA keys are
2048 bit RSA• Predominantly NT4 platform• Baltimore & ATO custom components
![Page 8: PKI: A Taxing Experience Ed Bristow Technical Manager, PKI Project Australian Taxation Office 5 December 2000 Secure Foundations](https://reader034.vdocument.in/reader034/viewer/2022042608/56649c895503460f949419c0/html5/thumbnails/8.jpg)
The ATO PKI in Action
• Securing and authenticating eBAS lodgments– Businesses with turnover > $20M
are obliged to lodge electronically
• Superfund administrators lodging Surcharge and other reports – Up to 100,000 records in a file
– Assessments returned to superfunds by ATO
The ATO PKI is being used for the electronic commerce Interface (ECI)
![Page 9: PKI: A Taxing Experience Ed Bristow Technical Manager, PKI Project Australian Taxation Office 5 December 2000 Secure Foundations](https://reader034.vdocument.in/reader034/viewer/2022042608/56649c895503460f949419c0/html5/thumbnails/9.jpg)
Electronic Commerce InterfaceFat client
Interacts with server component in ATO
Written in Java Swing
Win 95, 98, NT
Netscape 4 & IE 4
Macintosh version also available
Encrypts using confidentiality key and signs using authentication key
ECI and PKI Keys work together
Browser required but not used for interface
HTTP traffic only - firewall friendly
![Page 10: PKI: A Taxing Experience Ed Bristow Technical Manager, PKI Project Australian Taxation Office 5 December 2000 Secure Foundations](https://reader034.vdocument.in/reader034/viewer/2022042608/56649c895503460f949419c0/html5/thumbnails/10.jpg)
The PKI Project• Very tight timeframe
• Key objectives:– Establish PKI to support Tax Reform
– Get Gatekeeper accreditation by 16 June 2000
• Small core team, but over 300 people involved in some way
• Testing and integration the main technical challenges
• Documentation and and accreditation the most time consuming aspects
![Page 11: PKI: A Taxing Experience Ed Bristow Technical Manager, PKI Project Australian Taxation Office 5 December 2000 Secure Foundations](https://reader034.vdocument.in/reader034/viewer/2022042608/56649c895503460f949419c0/html5/thumbnails/11.jpg)
Project Milestones
• PKI Project starts 1 June 1999
• Conceptual Design finalised 21 Sept 1999
• Baltimore Delivers Phase 1 30 Sept 1999
• Phase 2 starts 19 Sept 1999
• ABN Registration Process begins 1 Nov 1999
• Baltimore Delivers Phase 2 4 Apr 2000
• ATO CA Certificate signed 25 May 2000
• ATO OCA certificate signed 5 June 2000
• Testing Completed 15 June 2000
![Page 12: PKI: A Taxing Experience Ed Bristow Technical Manager, PKI Project Australian Taxation Office 5 December 2000 Secure Foundations](https://reader034.vdocument.in/reader034/viewer/2022042608/56649c895503460f949419c0/html5/thumbnails/12.jpg)
Project Milestones
• Gatekeeper Accreditation 16 June 2000
• Start of Certificate issue 16 June 2000
• ECI CD mailout started 22 June 2000
• First download 28 June 2000
• First ‘Ready to Deal’ set 3 July 2000
• First eBAS ready for collection 15 July 2000
• First eBas returned to ATO 27 July 2000
![Page 13: PKI: A Taxing Experience Ed Bristow Technical Manager, PKI Project Australian Taxation Office 5 December 2000 Secure Foundations](https://reader034.vdocument.in/reader034/viewer/2022042608/56649c895503460f949419c0/html5/thumbnails/13.jpg)
Success Factors
• Ability to use ABN registration process– Businesses already being registered
– Avoided need for face to face POI
• Strong level of commitment from senior management
• Exceptionally hard work by all concerned
• Immovable deadline
What needs to go right in order to compress an 18 month project into
9 months?
![Page 14: PKI: A Taxing Experience Ed Bristow Technical Manager, PKI Project Australian Taxation Office 5 December 2000 Secure Foundations](https://reader034.vdocument.in/reader034/viewer/2022042608/56649c895503460f949419c0/html5/thumbnails/14.jpg)
Achievements
CA Signing(25 May 2000)
CA Signing25 May 2000
CA and OCA operated for the ATO by Certificates Australia Pty Ltd
![Page 15: PKI: A Taxing Experience Ed Bristow Technical Manager, PKI Project Australian Taxation Office 5 December 2000 Secure Foundations](https://reader034.vdocument.in/reader034/viewer/2022042608/56649c895503460f949419c0/html5/thumbnails/15.jpg)
Full Gatekeeper
Accreditation(16 June 2000)
Certificate Generation commenced(16 June 2000)
Achievements
CA Signing25 May 2000
Full Gatekeeper Accreditation 16 June 2000
Certificate generation commenced 16 June 2000
![Page 16: PKI: A Taxing Experience Ed Bristow Technical Manager, PKI Project Australian Taxation Office 5 December 2000 Secure Foundations](https://reader034.vdocument.in/reader034/viewer/2022042608/56649c895503460f949419c0/html5/thumbnails/16.jpg)
ABN Registrations 3.4m (Target 2.5m)
Keys & certificates to mid July 145K
(Target 137K) to 5 December 2000 307K‘Active’ keys & certificates 270K
Reissues 23KRevocations 14K
Total Downloads 76K
‘Ready To Deal’ 53K(Businesses)
Proportion downloaded 84%in use
Achievements
CA Signing25 May 2000
Full Gatekeeper Accreditation 16 June 2000
Certificate generation commenced 16 June 2000
Media Release 27June 2000
3.4m ABNs and 307,0000 sets of Certificates by 5 Dec 2000
![Page 17: PKI: A Taxing Experience Ed Bristow Technical Manager, PKI Project Australian Taxation Office 5 December 2000 Secure Foundations](https://reader034.vdocument.in/reader034/viewer/2022042608/56649c895503460f949419c0/html5/thumbnails/17.jpg)
Achievements
UniCERT
UniCERT ITSEC E3 certification formally awarded on 4 Sept 2000
The Australian Taxation Office congratulates Baltimore Technologies on achieving ITSEC E3 certification for
![Page 18: PKI: A Taxing Experience Ed Bristow Technical Manager, PKI Project Australian Taxation Office 5 December 2000 Secure Foundations](https://reader034.vdocument.in/reader034/viewer/2022042608/56649c895503460f949419c0/html5/thumbnails/18.jpg)
• Large scale registration is likely to be hardest and most expensive component of establishing a PKI.
• Beware of tightly coupling PKI and business applications
• Increased security is likely to mean less ease of use
• Gatekeeper accreditation is a non-trivial undertaking - ATO produced 64 different documents
Learnings
![Page 19: PKI: A Taxing Experience Ed Bristow Technical Manager, PKI Project Australian Taxation Office 5 December 2000 Secure Foundations](https://reader034.vdocument.in/reader034/viewer/2022042608/56649c895503460f949419c0/html5/thumbnails/19.jpg)
• Set up a call centre and be prepared for up to 3 * 5 minute calls from each customer
• Would the outcome have been even better if there had been an opportunity for a pilot?
• Get good partners involved and use their expertise
• Hide complexity wherever possible
• Do not over-estimate computing abilities of end-users, or their willingness to read instructions
Learnings
![Page 20: PKI: A Taxing Experience Ed Bristow Technical Manager, PKI Project Australian Taxation Office 5 December 2000 Secure Foundations](https://reader034.vdocument.in/reader034/viewer/2022042608/56649c895503460f949419c0/html5/thumbnails/20.jpg)
Learnings• Of Help Desk Calls
– 15 % are related to the ECI and BAS
– 85% are related to PKI
• 15% are due to clients not following instructions
• 50% of PKI calls relate to passwords, PIC or Certificate download issues
• 10% are requests to change Certificate Holder name
• 10% are general enquiries
![Page 21: PKI: A Taxing Experience Ed Bristow Technical Manager, PKI Project Australian Taxation Office 5 December 2000 Secure Foundations](https://reader034.vdocument.in/reader034/viewer/2022042608/56649c895503460f949419c0/html5/thumbnails/21.jpg)
Where to from here?
• Increase take-up rate• Introduce additional PKI-enabled
applications such as:– Australian Business Register Phase 2
•Businesses able to update their own records on-line
• Extend ATO-CA to be the trust point for ATO specific purposes, such as:– Mobile computing– Authenticated single login– e-tax
The ATO has established a secure foundation for electronic commerce.
There are a number of strategies being developed to take advantage of the PKI deployment to Australian Businesses
![Page 22: PKI: A Taxing Experience Ed Bristow Technical Manager, PKI Project Australian Taxation Office 5 December 2000 Secure Foundations](https://reader034.vdocument.in/reader034/viewer/2022042608/56649c895503460f949419c0/html5/thumbnails/22.jpg)
Whole Of Government Issues• ATO certificates are for ATO use
only– Initial minimalist position to deal with
liability issues
• NOIE is developing ABN-DSC– Common profile– A number of commercial providers– Federal Govt agencies must accept
ABN-DSC from any provider
• ATO’s systems will accept ABN DSC’s
Many federal government agencies want to roll out PKI enabled applications
NOIE trying to establish common standards
Private sector seen as having key role
![Page 23: PKI: A Taxing Experience Ed Bristow Technical Manager, PKI Project Australian Taxation Office 5 December 2000 Secure Foundations](https://reader034.vdocument.in/reader034/viewer/2022042608/56649c895503460f949419c0/html5/thumbnails/23.jpg)
To be successful with a complex project you need an environment where:
there are clearly defined business objectives;
there is a well understood time line; and
all participants are 100% committed to achieving a quality business outcome on time.
The introduction of Australia’s Goods and Services Tax provided such an environment
Conclusion
![Page 24: PKI: A Taxing Experience Ed Bristow Technical Manager, PKI Project Australian Taxation Office 5 December 2000 Secure Foundations](https://reader034.vdocument.in/reader034/viewer/2022042608/56649c895503460f949419c0/html5/thumbnails/24.jpg)
Conclusion
• Australian Taxation Office• Certificates Australia P/L• Office of Government Online• Defence Signals Directorate• Australian Government Solicitor
The overwhelming success of the ATO PKI project was due to the efforts of over 300 talented people from:
• Baltimore Technologies • Admiral Computing• Aspect Computing• EDS Australia
![Page 25: PKI: A Taxing Experience Ed Bristow Technical Manager, PKI Project Australian Taxation Office 5 December 2000 Secure Foundations](https://reader034.vdocument.in/reader034/viewer/2022042608/56649c895503460f949419c0/html5/thumbnails/25.jpg)
Conclusion
Thank you
References:References:
www.ato.gov.au
www.pki-ato.ato.gov.au
www.taxreform.ato.gov.au
www.business.gov.au
www.fsmke.org
www.ogo.gov.au
www.govonline.gov.au
www.noie.gov.au