the identrus system pki forum- dublin john g bullard managing director participant relations 27th...
TRANSCRIPT
The Identrus System
PKI FORUM- Dublin
JOHN G BULLARD
MANAGING DIRECTOR
PARTICIPANT RELATIONS
27th June 2000 www.identrus.com
Market Opportunity
Identrus, L L C C O N FIDE N TIA L - D o N ot D uplicate.
Corporate Interest in leveraging the internet for com m ercial activity is accelerating
Source: The Yankee Group
45%
28%
20%
60%
48%
39%
1996 1998
% Interested in ED I over Internet
% Interested in O nline Sales
% Interested in Financial Transactions
Identrus, LLC CONFIDENTIAL - Do Not Duplicate.
1998 was the “take-off” year for Business-to-Business E-commerce
$1.1 Trillion
Source: IDC – Global Market Forecast for Internet Usage and Commerce, July 1998
Acceleration of E-Commerce acceptance in early 1998 resulted in upward revisionsof market forecast
$1000
$800
$600
$400
$200
$01998 1999 2000 2001 2002
1997 forecasts for 1998 were exceeded by 30%
1997
Other industries
Utilities
Motor vehicles
Petro-chemicals
Computing and electronics
2 617
39
80
149
3 817
41
105
183
1 7
34
90
171
320
0
50
100
150
200
250
300
350
1996 1997 1998 1999 2000 2001U
SD
in b
illio
ns
IDC Corporation Forrester Group (US Only) Yankee Group
Financial Institutions as Trusted Third Parties …….Trust and Risk are closely connected……..Systems of Trust are only as viable as the processes they are based upon…
• Keys/certificates issued indiscriminately erodes trust• Certificate Issuers should know the recipients• Certificate Issuers should financially endorse Identities• Issuers recognized as trustworthy enhance the utility• A sophisticated technology capability is required• Processes and systems are required to initially validate personalities prior to issuance,
validate & verify on an ongoing basis, and communicate changes in privilege
Systems of Trust are only as viable as the processes they are based upon…
• Keys/certificates issued indiscriminately erodes trust• Certificate Issuers should know the recipients• Certificate Issuers should financially endorse Identities• Issuers recognized as trustworthy enhance the utility• A sophisticated technology capability is required• Processes and systems are required to initially validate personalities prior to issuance,
validate & verify on an ongoing basis, and communicate changes in privilege
Banks Already …
are positioned as trusted intermediaries in traditional commerce {Signature Guarantors; Payments}
have extensive experience in deploying and managing robust security solutions to customers {Funds Transfer; Online Treasury Workstations}
are beginning to deploy certificates for use when customers desire to access their banks’ payments network {Broadening the acceptability of bank certificates provides seamless connectivity between the buying process and the payments environment}
have broad customer reach {Large Corporate; Middle Market, Small Business}
IDENTRUS RELATIONSHIPSIDENTRUS RELATIONSHIPS
INVESTORS
CUSTOMERS
CUSTOMERS’ CUSTOMERS
IDENTRUS LLC
SOL. PARTNERS
TEC. VENDORS
HR, PREMISES ETC.
Identrus Foundation
International trust infrastructure
Based on Public Key Infrastructure (PKI) technology.
Leverages Financial Institutions for global distribution and local presence.
End-user certificates provide for Identity of transacting parties, Message integrity, and non-repudiation.
Financial Institutions globally are engaging to participate in the Identrus network
As agents of trust, managers of risk, and enablers of commerce, financial
institutions are uniquely positioned to provide CA services to buyers and
sellers and make digital certificates an integral part of the global
electronic commerce marketplace.
Our Market Thesis
United States Federal Reserve Board Order
...
Proposed Activities
Identrus is a joint venture among Notificants and other commercial banks and foreign banking organizations. Under the proposal Identrus would act as the global rulemaking and coordinating body for a network of financial institutions that would act as CAs and therby provide services designed to verify or authenticate the identity of customers conducting financial and nonfinancial transactions over the Internet and other “open” electronic networks. To provide these services, Identrus and its network of participating financial institutions (the “Identrus System”) would utilize digital certificates and digital signatures created through the use of public key cryptography.
…
Conclusion
Based on the foregoing and all the facts of record, the Board has determined that the proposal should be, and hereby is, approved.
…
By order of the Board of Governors, effective November 10, 1999
Voting for this action: Chairman Greenspan, Vice Chairman Ferguson, and Governors Kelley, Meyer, and Gramlich, USA.
Business To Business Interactions
Identrus Root Certificate Authority
Identrus Root Repository
BANKS
COMPANI ES
AUTHORI ZED EMPLOYEES
Business To Business Interactions
Identrus Root Certificate Authority
Identrus Root Repository
BANKS
COMPANI ES
AUTHORI ZED EMPLOYEES
HIERARCHICAL PKI
Identrus
SponsorCorporation
PurchasingMgr. 2
SponsorCorporation
SalesAgent 2
Identrus to CA System Rules &
Contracts
CA to Corp Contract
• Binds sponsor corporation to system
• Define standard operating and liability rules for corporations
{{
Identrus to CA System Rules &
Contracts
AuthenticatedE-Commerce Transactions
Purchasing Manager
Sales Agent
GLOBAL LEGAL FRAMEWORK.:.INT’L CONTRACT LAW.
Firestone E-Bid Form
Company: XYZ CorpAgent: John JonesQty: 1,000Price: $100/tireTotal Value: $100,000Delivery Date: 6/15/98
Validation &Identity
Assurance$1,000/30days
Message/Offer
Real-timeCertificate/Identity
Verification
Real-timeCertificate/Identity
Verification
Identrus
RelyingParticipant
Relying Participant
Issuing Participant
Sponsor Corporation
Sponsor Corporation
Sales Agent
Purchasing Manager
REAL TIME VALIDATION & WARRANTY…...
SponsorCorporationXYZ Corp
PurchasingMgr.
Liability Metering
Bank RM ReportingMax: $10MMOutstd: $10MOpen Bal: $9.9MM
XYZ Corporate ReportingMax: $1MMOutstd: $10MOpen Bal: $.9MM
Employee Level ReportingMax: $250MOutstd: $10MOpen Bal: $240M
$
Time
$
Time
$
Time
$
Time
$
Time
$
Time
Participating Bank
SYSTEM-WIDE RISK MANAGEMENT METERING….
Service Layer Model
Layer 1
Layer 2
Layer 3
Service 1
Service 2
Customer Services
Layer 2 Rules
Layer 1 Rules Identrus provides basic, globale-trust infrastructure
Local Group provides shared value added services on top ofon top of Identrus
Local Participants delivercompeting applications to customers.
Opportunity- the end customer does not want a fistful of cards- just simplicity, transparency and reliability
Online Auction Markets Electronic Content Delivery Insurance Sales & Contracts Securities Trading Government Filings,
Procurement, etc.
EC Applications
ACH Payments Corporate Purchasing International Trade Letter of Credit Statement Delivery Others
Financial Services
Global Trust Identity Certificate
TraditionalTrust Role
Where is Trust required? How much certainty required at each stage?
FindTradingPartner
Offer/Accept
AssessCredit
Contracts/Purch. Order
LogisticsPay /Settle
FindTradingPartner
Bid/Selection
ObtainCredit
Contracts/Purch. Order
LogisticsPay /Settle
Bank
Bank
Buyer
Seller
Emerging Online Trust Roles
Where we stand: Customer Usage/Pilots
• Pilots underway:
– Cisco – Commercial Leasing
– Allianz – Insurance Contract Administration
– Siemens – Online Procurement/Computer Sales
– ComLease – Equipment Leasing
– SAP – MySAP – Single Sign-on and STP for ERP
– eBx – Bill Presentment and Payment
Many others finalizing details with their sponsor banks
– Auction Sites/Online Markets/Exchanges
– Corporate Purchasing
– E-Letters of Credit
– E-Payments
Identrus System Documentation
Identrus System Documentation
Policy documents
Legal documents
Operational documents
Technical documents
Other documents
Risk Management Approach
Risk Controls
Security/Technology• Infrastructure specifications• Security specifications• Exposure Management
Allocation• Customer Agreements• Participant Agreements• Collateral Agreements• Claims and Dispute Resolution
Procedures
Monitoring, Procedures & Practices• Controls and Practices• Minimum Operating Requirements• Collateral and Cap monitoring
System-wide Roles & ResponsibilitiesContracts & Procedures
Seller(Relying Party)
Client AppClient App Business to Business
Interactions
Identrus
PurchasingManager
(Certificate Holder)
Certificate Authority
Risk ManagementModule
OCSP Responder& Repository
TransactionCoordinator
Certificate Authority
Risk ManagementModule
OCSP Responder& Repository
TransactionCoordinator
Root Certificate Authority (CA)
Issuing Participant Relying Participant
Subscribing Customer
Relying Customer
Root CA
Transaction Coordinator
Risk Mgmt Module
OCSP Resp. & Repository
Summary
• The Identrus System allows for a Global Electronic Marketplace
• FI’s issued Digital Certificates for authenticating Businesses, Employees and Application Servers
• Identrus focused on Identity risk management services – Validation, Warranty, Authorization, etc.
• Partnership approach is key to building a robust highly interoperable business system