evincible ™ making e-business invincible will guyton executive vice president will guyton...
TRANSCRIPT
Evincible™Evincible™Making e-Business Invincible
Will GuytonExecutive Vice President
Will GuytonExecutive Vice President
Presentation Overview
• Our roots• Our target• Our philosophy• Our framework• Our products
E-Business Evolution
Stage 1: Presence
Stage 2: Interaction
Stage 3: Transactions
Stage 4: Transformation
Time
Eco
nom
ic V
alue
2001
Demands:•XML, Standards•Operational demands•eCommerce integration•Collaboration•Efficient Decision making
Security Needs:•Notary and Receipt Services•Transaction level access control•Transaction entitlements•Reconciliation and monitoring
Is a signature worth the paper it is written on?• Cannot determine intent
– Was there duress?– What was your interpretation?– Did you understand the consequences?
• Cannot assure validity– Put an “X” in the block…– Are you still a valid signer?– Are you even who you say you are?
• Cannot resolve disputes– The signature is seldom the cause of a dispute– There are few proven ways to discover counterfeiting
“Wet” Signatures merely ensure adherence to trusted processes
Process is the key to real world trust
• Overarching agreements– Service level agreements– Master Service / Purchase Agreements– Blank Purchase Order– Authorized purchaser registration
• Formalized internal processes– “Chop Chain” of sign-offs and approvals– Legal review for template agreements– Checks and balances
• Public Law– Timeframe to abort– Requirement for clarity and disclosure (e.g. truth in lending etc.)– Precedence both between trading partners and within the trading
populationIn many cases notarization of documents is the binding
proof of adherence to trusted and mutually agreed upon processes.
“Digital” Signatures offer many advantages…• Confidence in the sender’s identity
– Technically ensures that sender is the person holding the credential
– Virtually impossible to forge– Enforces requirement for rigorous registration
• Confidence in Validity– Enables real-time means for ensuring validity of sender– Enforces requirement for rigorous maintenance of
authorized users
• Confidence in Integrity– Ensures that the document is not changed enroute– Provides a means for version control
But signatures alone do not address many of the overriding issues associated with building trusted relationships in e-
business
Challenges remaining after digital signatures…• Cannot indicate adherence to a trusted process
– No built in mechanism for managing multiple signatures, counter-signatures, signatures spanning across multiple documents etc.
– Does not provide a record of precedence
• Cannot resolve/avoid disputes– Cannot determine validity independently– Cannot provide proof of delivery (with or without request)– Does not meet full requirements of pending legislation (e.g. HIPAA,
GLB, etc.)
• Cannot provide mechanisms for reconciliation, synchronization and evidence reconstruction– Contracts are singed by multiple parties at the same time or at
different times. – Payment vouchers (checks) require counter signature before they
are approved. Etc.
Companies must address these requirements by adding additional services, policy management tools and
enforcement controls
Technical requirements for implementing “real world” trust in e-business… • A policy centric framework for security process
management
• A service based “face” to business applications that represents business requirements vs. security functions– Signature Policy Management– Notary– Receipt– Identity– Confidentiality
• Transaction aware security mechanisms– Defined by policy according to “transaction events” in a business
application– Triggered by events and enforced through simple API connections
Rapid PKI enablement requires a simplified integration interface
80/20 prioritization for rapid results • Digital Signature Management
– What should be signed?– Under what circumstances?– Using what format?
• Notary – as a function versus an entity– When should signatures be validated?– Do we need a timestamp on this process?– Under what circumstances should we ensure process adherence?
• Receipts – in terms of reconcilable acknowledgement of trades – Does a transaction need a digitally signed acknowledgement?– Are their “time-out” rules, etc. that should be considered?– How can I use reconciliation as a means to avoid disputes?
• Dispute Resolution capabilities (repository, alarms, etc.)
On a transaction by transaction basis, minimally, these issues must be addressed to create a trusted e-business
environment
Value generation by extensions of security capabilities…
Evidence gathering Witness Dispute resolution
Multiple signatures Process adherence via Policy
Sectional Signatures Receipts Reconciliation
Policy +
Notary +
Toolkits +User Key Mgmt Certificate Status Check Browser support
Single App
Enterprise
e-business
Proof of Concept
Value
Business applications need easy access to security functions…
Business Requirements
• “Legal grade” Transactions
• “Future Proofing”• Multi-deployment
support• Reduced TCO• Speed
Technology Today
• Tool kits• Evolving/Competing
standards• Application “Islands”
… “service deployments” provide flexible methods for rapid integration of security
CryptographyPKI OSDBMS, LDAP
ApplicationInterfaces
Transaction Security Services Framework (TSSFTM)
ValidationRepositoryAccess ControlSecurityFunctions /Services
TransactionSecurityServices
Infrastructure
services are invoked according to POLICY
Business Application
Encryption Authentication
Dig. Signature Management
Notary Entitlements ConfidentialityReceipt/
Reconciliation
Browser WirelessOpen Stds.(Java, EJB)
MS Stds.(COM, C#)
Evincible products address key business requirements..
… providing the most comprehensive TSSF support.
Transmission Security (SSL, VPN)
Anti-intrusion
Evincible Access grants selective access and privileges so you can provide service & manage
risk
Valuable services require access to sensitive information…
Evincible AccessEvincible Access
Pol i cy Management Server
Evincible AccessAdapter
Wi rel ess Gateway
Appl i cat i on Gateway
Aut hor i zat i onPol i cy
Pol i cy based aut hor i zat i on, suppor t i ngDel egat i on of Admi ni st rat i on
Di ff erent Aut hent i cat i on mechani sms
Enabl es personal i zat i on
Connect ors t o Web Servers, EJ B
API enabl es easy i nt egrat i on
Secur i t y Server
Opt i onalEvi nci bl e AccessAdapt er
Evincible AccessAdapter
Web Server
Comm. Tower
www
You must offer trusted transaction capabilities to capitalize on the opportunity of the web…
Evincible Ink allows you to logically create and efficiently control trusted transaction
environments
EvincibleEvincible InkInk
You must provide document level confidentiality to ensure privacy…
Evincible Privacy “replaces the ‘trust’ in privacy with ‘absolute assurance’” without full PKI
EvincibleEvincible PrivacyP
Questions?
Will [email protected]