building trust and confidence in asia – pki in action trust and... · 3. interoperability among...

Digicert Sdn. Bhd. Copyright 2014 - Commercial In Confidence - PAGE 1

Building Trust and Confidence in Asia– PKI in Action

Nik Khairul R ADigicert Sdn Bhd, MALAYSIA

17 December 2014

Asia PKI Consortium 2014Grand Mercure Fortune Bangkok, Thailand


Agenda

1. Business Drivers for Building TRUST2. Challenges : Building the TRUST3. Moving Forward : Gaining The TRUST4. About Us


1 Business Drivers for Building TRUSTin Electronic ID (PKI) adoption


Enabling of e-Services (Counter to Online)

1. Gov./Business Services are stillprovided over the counter andrequires the physical presence.

2. Due to lack of effective method toestablish trust over digital networks.

3. The need for trust establishment to advance e-Services in light of the existing and emergingrealities.

4. Evolving forms of identities to address these issues :digital identities and the role of PKI technology.


Dubai My E-Identity


Moving Forward As Competitive Nation


India : More on Moving Forward


Malaysia : From Counter to Online (New Direction)

Government PKI

20,000+subscribers

E-Government3.5+ Millionsubscribers

150,000+subscribers

250K+subscribers

BNM & CIMBIncome Tax

Licensed Certificate Authoritysince 1998

5 millions eID

E-Procurement


2 ChallengesBuilding the Trust via PKI


TRUST !


How We Gain the Trust

1. As an Authority – elected or mandated by committee orgovernment

2. As an Expert – based on works and track-records, thus gainsthe confidence

3. As a Genuine Entity – most challenges but not impossible bydemonstrating the true sincerity for contributing goods tothe mankind NOT for personal gains or certain groups.

Nurture the Trust Together


Time StampTime Stamp Digital SignatureDigital Signature

WHEN？WHEN？

To enhance the authenticity of digitaldocument as that of paper document is,“Evidence” is required to prove the fact that

the digital data were exchanged to a thirdparty

To enhance the authenticity of digitaldocument as that of paper document is,“Evidence” is required to prove the fact that

the digital data were exchanged to a thirdparty

WHO？WHO？WHAT？WHAT？

It is difficult toProve the

certainty of yourown time

It is difficult toProve the

certainty of yourown time

Time used in Time Stamp:Standard Time, which is maintained andmanaged by National Time Authority canbe used to countermeasure for settlementas a presumption.

Time used in Digital Signature:Your computer clock

TRUST : More Than This!

12


Right Business Model in the Right Ecosystem

Citizen/Client Service Requirement

InformationServices

TransactionalServices

RequirementSubmission

ServiceFulfillment

IDENTIFICATION

OnlineService

Over TheCounter

InstantService

DeferredService

SERVICE DELIVERY

Government/Companies

Vendors @ Technology Providers

Application Providers !User Entities

Many stakeholders need to be taken care of! Everybody wants their share


Case Study : E-SCROLL

Senate Date

VC Digital Signaturewith Timestamp

Registrar Digital Signaturewith Timestamp

Web address to verify e-Scroll &Disclaimer

University Malaya has embarkede-SCROLL project in 2013

In PDF format. Issued about 6K – 10K e-scroll

every year


Real Case : Halal Traceability with eID & Signatures

Slaughterhouse Warehouse

Transportation Kitchen

Retail & Manufactured Food Restaurant


The Remaining Challenge : Bringing People, Process and Technology TogetherTo Unlock the True Value of Information Centric Security

Commercial In Confidence


3 Moving ForwardGaining the TRUST


Components in Building Trust for PKI Ecosystem

1. Right Applications ‘Killer Apps’ or at least easy to use Strong support from stakeholders

2. Trusted Application Honest / Reputable Application Provider Good software application Strong support from both management & technical

3. Correct Business Model Attractive, and everybody gets the card Not necessary must be cheap

4. Awareness, awareness, awareness Understand the cultural challenges All stakeholders must understand and appreciate and support


To assure your most valuable assets shall notcompromise & usable anywhere regardless

where they are going to

Information Centric Analogy


1. To Get the TRUST

YOU NEED TO CONTRIBUTE FIRST.


2. To Get the TRUST : Start With SIMPLE THING

1. In digital networks, you needkey to identify your identity ieuserid & password. eID is your userid account.

2. To be more trusted, you needdigital certificate (issued bytrusted party) with passwordprotected*. eID is your digital certificate

eID


eID implementation can address

Confidentiality Authentication

eID / PKI

Integrity Accountability

As common platform that consolidates current and futuregovernment/state/organization of eID implementation for any applicationsand…


Visual Signature Initiative for Promoting Paperless

1. Private key withVisual Signatureimplementationmethod.

2. Private keystored in soft-certificate willbe activatedusing correctpassword.


Digital TRUSTMARK on Client’s PO PDF DocSerial Number ID 13041112

Finance Department ApprovalDigital Seal (with digitalsignature & timestamp)

Finance Director Signaturewith Timestamp


3. To Get the TRUST : Persistence & Keep Improving

Year 2000-2001• Tax Payer

print outand fill upTax ReturnForm(AdobeFormat)fromLHDNMwebsite

Year 2002• Tax Payer

candownloadTax ReturnForm anddo e-filling

• Tax Payerstill needsto print andsign on theformmanuallybeforesubmit theform viapost oroverLHDNMcounter

Year 2003Onwards• Submission

of e-FilingTax ReturnFormOnline

• MS Excel &My Kad

Year 2005 -2007• Soft

Certificate• Active X

Download• Adobe

Forms• Traditional

ASP WebPage

Year 2008Onwards• Submission

of e-FilingTax ReturnFormOnline withthe use ofPKIRoaming,ASP.NETweb pageand webservices

• Tax AgenteFilingSystem(TAeF)

Year 2010• Batch

Submissionusing Hostto HostApplication(HTHA)WebService

Year 2011Onwards• WCF

Services• TAeF

Moduleseparatedfrom mainsystem

Year 2012Onwards• Organizatio

nal e-Filing(OeF)

• m-Filing fore-BE

Our journey implementing Income Tax Application for 10 years


Moving Forward ...

eID


4. Our Thoughts for Creating eID/PKI Ecosystem for Asia

1. Start small with good application – Good Business Case2. Trust Establishment – Simple Baseline (Point-to-point) i.e.

ICAO can be a good start, leverage it3. Interoperability Among AMS Participated Countries –

Mechanics for supporting Business Case4. Building Trust Ecosystem for Each Participated Country –

Nurturing More Usages5. Readiness, Simplicity and Usability for Leveraging PKI Asia

Ecosystem – Continuous Awareness6. Agreeable High Level Trust Governance – One Standard

Operating Procedure


4 About Us


Digicert Sdn Bhd : A Leading eID Operator in Malaysia

A Licensed Certificate Authority1. Issued with CA Operational License(2010-2015)

2. Issued with Repository License (2010-2015)

Digital Signature Act1997

(DSA 97)

Digital Signature Act1997

(DSA 97)

Digital SignatureRegulation 1998

(DSR 1998)

Digital SignatureRegulation 1998

(DSR 1998)

Age of MajorityAct 1971 [ age 18]

Contracts Act1950

Age of MajorityAct 1971 [ age 18]

Contracts Act1950

To date Digicert has issued almost 4.5 Millions eID


Digicert Implementation Approach

Risk Assessment

Digicert IT Security Framework“Integrated & Connected” Principle & ICT

Security Directives

Leverage or Share - the common ITInfrastructures & Infostructures

Managed PKI Security ServiceDigicert KMC

Digicert Trust PlafformImplementation

Ensure Interoperability BetweenTarget Applications (New or Existing)

IT Security Governance &Continuous Awareness

Establishment of Technical SecurityBlueprint & Operating Guide

We provide Digicert eID framework to ensure security risks are properlymitigated & managed. In addition as technical blueprint for the long-termimplementation including continuous awareness and technical trainings.

Digicert Sdn. Bhd. Copyright 2014 - Commercial In Confidence - PAGE 31 31

SCAN S3 Benefits


Promotes mobility access multiple appsusing one means, from anywhere and anytime.

Digicert eID Business Benefits

Seamless more user-friendly,offering higher security, privacyand at the same time lead tohigher utilization

Costs saving and costs effective centralizedpoint & automation in less administrative work,operations and maintenance.

Being a centralized enterprise service, retrofitting easily into any existinginfrastructures. Thus can improve service delivery and cost effectiveness

Higher security, as Digicert eID runs asa secure application in Hardware SecurityModule (HSM).



TRUST CENTER - DTC

Center for Excellence for Promoting eID to all stakeholders1. Public & Industry IT Security PKI Training Center

1. Awareness on eID, PKI and Digital Timestamping2. Continuous Marketing and Public Training

2. Digital Trust Industry Forum1. Forum with Industry Players2. Engage industry players to recognize the business needs3. Provide consultancy services

3. Establish Innovation Lab1. New innovative business applications using EiD2. Collaboration with Universities, & industries


THANK YOUContact:NIK KHAIRUL R ABusiness ArchitectE-mail : [email protected] : +6019-2670867

building trust and confidence in asia – pki in action trust and... · 3. interoperability among...

Documents