PKI Forum Holger Reif, TeleTrusT eV David Barcklow, Deutsche Bank AG

1. PKI Forum Holger Reif, TeleTrusT eVDavid Barcklow, Deutsche Bank AG

2. The European Bridge-CA... ... is a non-profit initiative open to all organisation - public and private! ... bridges the gap between existing, group-constrained security solutions of global corporations and public authorities. ... enables the secure data interchange between all participating partners. ... uses the existing infrastructures of previously established data networks. ... is available without greater expenditure of time and money. ... exchanges knowledge and experience on development and deployment of PKIs among its participantes ... is an initiative focused on interoperability, flexibility, practicable solutions and neutrality.

3. European Bridge-CA - The (Known) Past Idea generated by Interoperability reached Board established Bridge-CA goes live www.bridge-ca.org goes live Mai 2000 August 2000 October 2000 January 2001 March 2001 End of 2001

4. Architectures for Bridging Gaps between PKIs Super-Root Peer-to-Peer Trust Hub

5. The Two-Phase approach • Get Operational fast! • Piloting (implementation by participants with possibly limited user group) • requirements as relaxed as possible • explore business cases (both general PKI and Bridge concept) • reach critical mass • implementation: trust lists • Make it richer! • ease the handling and automate • foster the active use of PKI by promoting business cases • deploy network effect • implementation: cross certification

6. MoU signed by the founders Set under the patronage of the Minister of the Interior Otto Schily Ongoing production of documents Policy Certificate Practice Statement membership agreement membership fees Explain ideas and concepts Expand beyond Germany (and even Europe) Refine Interoperability requirements and testing procedures Establish co-operation (PKI-Forum, PKI-Challenge, ISIS-MTT) European Bridge-CA - The Present

7. Vendors of PKI aware applications should even more look at interoperability issues in general Vendors should set a good example, utilize their PKI-applications inhouse and participate the Bridge-CA Vendors should watch emerging requirements from our initiative e.g. German governmental agencies will join the Bridge-CA with their own PCA and support for Bridge-CA is a must for procurement Vendors and Consultants should see the Bridge-CA as new benefit to implement (and sell) a PKI co-operation with all parties concerned with interoperability (e.g. PKI-Forum) European Bridge-CA - The Future (Or: The Wish List)

8. Siemens Giesecke & Devrient TC TrustCenter Sparkassen Informations Zentrum Bundesamt für Sicherheit in der Informationstechnik Daimler Chrysler participating & interested parties at the moment Deutsche Telekom Arthur Andersen Deutsche Bank BMW SAP D-Trust Utimaco Secude Who are we talking to in the USA: IBM, Microsoft, Verisign and others Dresdner Bank Émagine

9. Bank guarantees ‚just in time‘ In the daily course of business bank guarantees are a usual form to secure a wide array of services (payments, supplies or other pretentions). Speed and flexibility are essential for such a warranty, in an effort to prevent any delay of the underlying customer business. The paper-bound transmittal of sensitive customer data and the necessity of an handwritten signature made a fast reaction nearly impossible. Problem Today by means of digital certificates e-mails and e-documents can be encoded and signed digitally. Beyond that the certificates are a type of electronic ID-Card identifying the unique owner. The newly developed product db-order of the Deutsche Bank uses this technology and thereby enables the safe electronic supply of relevant business data for the endorsement check and the digital signature for the endorsement request and assertion. Unauthorized third parties cannot see or manipulate this data. The warranty process can be completely automated, the endorsement promise is given within minutes. Solution The Deutsche Bank is a member of the Bridge-CA Initiative. Based on the common standards the Deutsche Bank can accept digital certificates from other participants. The number of potential customers for the automated endorsement request rose significantly. By these means the customers have a broader range of applications they can access with their corporate certificates and the bank doesn’t need to administer the certificates of all customers. Benefit

10. Short notice adaption of communication capacities Communication has became one of the central competition factors in the today's knowledge community. Exchanging data and information fast and error free with branches and/or customers needs to be possible at any given time. Extending communication capacities always was a lengthy and complex enterprise, cost-intensive surplus capacities were regularly kept on stock. Problem By means of digitally signed e-mails the employees of the Deutsche Bank now can transmit orders and terminations of communication capacities directly to their suppliers at the Deutsche Telekom. Beyond that the specifying and encoded data is being provided in a format that can immediately be processed electronically. Complex administrative handling can thereby be reduced down to minutes. Supplied communications capacities always are in accordance with demand. Solution Because both organizations are member in the Bridge-CA, this ensures the interoperability of the mailing systems and the mutual confidence into the corporate certificates. Benefit

11. Digital ID-Card in the Deutsche Telekom More than 150‘ employees of the Deutsche Telekom need a multi-functional ID-Card for administrating their time accounts based on flexible working hours, for the admission to buildings and premises, for the safe exchange of electronic mail and participating in specific business operations within the enterprise and/or with business partners and customers. Problem The Deutsche Telekom uses an PKI infrastructure by the name of „TIKS 2000“ that issues certificates and smartcards for all corporate employees. By means of digitally signed e-mails and attached document in any format the entire internal and external course of business can be handled faster and more efficiently. Additionally this solution secures the acces to internal web information offers and the accesses to the enterprise-internal Intranet. Solution The range of certificates issued by Deutsche Telekom - being a member of the Bridge-CA - has grown immense. Other PKIs are now accessible. This enables secure automation of a large amount of business processes with customers and suppliers. Examples are bill presentment, order processing and others. Secure e-mails are being exchanged with T-Online customers and federal institutions. Benefit

12. Public secure e-mail Many enterprises use the services of T-Online for their e-commerce applications, e-mails and web access. Ever more users and customers are requiring functionality for secure communication. Problem Each T-Online user can request his e-mail certificate with a simple mouse click ‚just in time‘. A additional registration is not necessary since each T-Online user has been previously registered via his customer access. Based on available certificate services each of these customers can immediately sign and encrypt his business and private e-mails and/or transactions. Solution T-Online is a connected enterprise of the Deutsche Telekom and thus likewise a member of the Bridge-CA. All their customers not only can communicate securely among themselves but now also can interact with the other members of the Bridge-CA. This is particularly interesting for electronic communication between citizens and public authorities. Benefit

13. Controlled information flow in projects In projects many parties need to work together efficiently even though they are of different enterprises and regionally distributed. Keeping up a sufficient information flow especially across company borders is very difficult and time consuming. Especially the flow of sensitive information needs to be monitored closely. Problem Setting up an extranet for file storage and application providing demands highly secure procedures of client identification and administration of access rights. IDNT has solved this challenge by implementing virtual private networks. Based on this technology corporate applications for project controlling and critical project developments can be accessed from anywhere in this world as long as the team member bears a valid certificate and adequate right. Solution Intending to become a member the Bridge-CA IDNT will accept the external certificates of these participants. Consultants and suppliers will be able to use their corporate PKI to engage themselves into the electronic project management platform. Benefit

14. Kontakte: www.bridge-ca.org Holger Reif TeleTrusT Deutschland e.V. Eichendorfstr. 16 99096 Erfurt Germany email: kontakt@bridge-ca.org holger@reif.net Helmut Reimer Geschäftsführer TeleTrusT Eichendorfstr. 16 99096 Erfurt Germany email: teletrust@t-online.de Bernd Kowalski Deutsche Telekom AG Geschäftsführer T-Telesec Untere Industriestr. 20 57250 Netphen Germany email: bernd.kowalski@telekom.de Bernhard Esslinger Deutsche Bank AG Director eID-Solutions Frankfurter Str. 84 65760 Eschborn Germany email: bernhard.esslinger@db.com b.esslinger@eudoramail.com