Post on 26-May-2020
Digicert Sdn. Bhd. Copyright 2014 - Commercial In Confidence - PAGE 1
Building Trust and Confidence in Asia– PKI in Action
Nik Khairul R ADigicert Sdn Bhd, MALAYSIA
17 December 2014
Asia PKI Consortium 2014Grand Mercure Fortune Bangkok, Thailand
Digicert Sdn. Bhd. Copyright 2014 - Commercial In Confidence - PAGE 2
Agenda
1. Business Drivers for Building TRUST2. Challenges : Building the TRUST3. Moving Forward : Gaining The TRUST4. About Us
Digicert Sdn. Bhd. Copyright 2014 - Commercial In Confidence - PAGE 3
1 Business Drivers for Building TRUSTin Electronic ID (PKI) adoption
Digicert Sdn. Bhd. Copyright 2014 - Commercial In Confidence - PAGE 4
Enabling of e-Services (Counter to Online)
1. Gov./Business Services are stillprovided over the counter andrequires the physical presence.
2. Due to lack of effective method toestablish trust over digital networks.
3. The need for trust establishment to advance e-Services in light of the existing and emergingrealities.
4. Evolving forms of identities to address these issues :digital identities and the role of PKI technology.
Digicert Sdn. Bhd. Copyright 2014 - Commercial In Confidence - PAGE 6
Moving Forward As Competitive Nation
Digicert Sdn. Bhd. Copyright 2014 - Commercial In Confidence - PAGE 7
India : More on Moving Forward
Digicert Sdn. Bhd. Copyright 2014 - Commercial In Confidence - PAGE 8
Malaysia : From Counter to Online (New Direction)
Government PKI
20,000+subscribers
E-Government3.5+ Millionsubscribers
150,000+subscribers
250K+subscribers
BNM & CIMBIncome Tax
Licensed Certificate Authoritysince 1998
5 millions eID
E-Procurement
Digicert Sdn. Bhd. Copyright 2014 - Commercial In Confidence - PAGE 9
2 ChallengesBuilding the Trust via PKI
Digicert Sdn. Bhd. Copyright 2014 - Commercial In Confidence - PAGE 11
How We Gain the Trust
1. As an Authority – elected or mandated by committee orgovernment
2. As an Expert – based on works and track-records, thus gainsthe confidence
3. As a Genuine Entity – most challenges but not impossible bydemonstrating the true sincerity for contributing goods tothe mankind NOT for personal gains or certain groups.
Nurture the Trust Together
Digicert Sdn. Bhd. Copyright 2014 - Commercial In Confidence - PAGE 12
Time StampTime Stamp Digital SignatureDigital Signature
WHEN?WHEN?
To enhance the authenticity of digitaldocument as that of paper document is,“Evidence” is required to prove the fact that
the digital data were exchanged to a thirdparty
To enhance the authenticity of digitaldocument as that of paper document is,“Evidence” is required to prove the fact that
the digital data were exchanged to a thirdparty
WHO?WHO?WHAT?WHAT?
It is difficult toProve the
certainty of yourown time
It is difficult toProve the
certainty of yourown time
Time used in Time Stamp:Standard Time, which is maintained andmanaged by National Time Authority canbe used to countermeasure for settlementas a presumption.
Time used in Digital Signature:Your computer clock
TRUST : More Than This!
12
Digicert Sdn. Bhd. Copyright 2014 - Commercial In Confidence - PAGE 13
Right Business Model in the Right Ecosystem
Citizen/Client Service Requirement
InformationServices
TransactionalServices
RequirementSubmission
ServiceFulfillment
IDENTIFICATION
OnlineService
Over TheCounter
InstantService
DeferredService
SERVICE DELIVERY
Government/Companies
Vendors @ Technology Providers
Application Providers !User Entities
Many stakeholders need to be taken care of! Everybody wants their share
Digicert Sdn. Bhd. Copyright 2014 - Commercial In Confidence - PAGE 14
Case Study : E-SCROLL
Senate Date
VC Digital Signaturewith Timestamp
Registrar Digital Signaturewith Timestamp
Web address to verify e-Scroll &Disclaimer
University Malaya has embarkede-SCROLL project in 2013
In PDF format. Issued about 6K – 10K e-scroll
every year
Digicert Sdn. Bhd. Copyright 2014 - Commercial In Confidence - PAGE 15
Real Case : Halal Traceability with eID & Signatures
Slaughterhouse Warehouse
Transportation Kitchen
Retail & Manufactured Food Restaurant
Digicert Sdn. Bhd. Copyright 2014 - Commercial In Confidence - PAGE 16
The Remaining Challenge : Bringing People, Process and Technology TogetherTo Unlock the True Value of Information Centric Security
Commercial In Confidence
Digicert Sdn. Bhd. Copyright 2014 - Commercial In Confidence - PAGE 17
3 Moving ForwardGaining the TRUST
Digicert Sdn. Bhd. Copyright 2014 - Commercial In Confidence - PAGE 18
Components in Building Trust for PKI Ecosystem
1. Right Applications ‘Killer Apps’ or at least easy to use Strong support from stakeholders
2. Trusted Application Honest / Reputable Application Provider Good software application Strong support from both management & technical
3. Correct Business Model Attractive, and everybody gets the card Not necessary must be cheap
4. Awareness, awareness, awareness Understand the cultural challenges All stakeholders must understand and appreciate and support
Digicert Sdn. Bhd. Copyright 2014 - Commercial In Confidence - PAGE 19
To assure your most valuable assets shall notcompromise & usable anywhere regardless
where they are going to
Information Centric Analogy
Digicert Sdn. Bhd. Copyright 2014 - Commercial In Confidence - PAGE 20
1. To Get the TRUST
YOU NEED TO CONTRIBUTE FIRST.
Digicert Sdn. Bhd. Copyright 2014 - Commercial In Confidence - PAGE 21
2. To Get the TRUST : Start With SIMPLE THING
1. In digital networks, you needkey to identify your identity ieuserid & password. eID is your userid account.
2. To be more trusted, you needdigital certificate (issued bytrusted party) with passwordprotected*. eID is your digital certificate
eID
Digicert Sdn. Bhd. Copyright 2014 - Commercial In Confidence - PAGE 22
eID implementation can address
Confidentiality Authentication
eID / PKI
Integrity Accountability
As common platform that consolidates current and futuregovernment/state/organization of eID implementation for any applicationsand…
Digicert Sdn. Bhd. Copyright 2014 - Commercial In Confidence - PAGE 23
Visual Signature Initiative for Promoting Paperless
1. Private key withVisual Signatureimplementationmethod.
2. Private keystored in soft-certificate willbe activatedusing correctpassword.
Digicert Sdn. Bhd. Copyright 2014 - Commercial In Confidence - PAGE 24
Digital TRUSTMARK on Client’s PO PDF DocSerial Number ID 13041112
Finance Department ApprovalDigital Seal (with digitalsignature & timestamp)
Finance Director Signaturewith Timestamp
Digicert Sdn. Bhd. Copyright 2014 - Commercial In Confidence - PAGE 25
3. To Get the TRUST : Persistence & Keep Improving
Year 2000-2001• Tax Payer
print outand fill upTax ReturnForm(AdobeFormat)fromLHDNMwebsite
Year 2002• Tax Payer
candownloadTax ReturnForm anddo e-filling
• Tax Payerstill needsto print andsign on theformmanuallybeforesubmit theform viapost oroverLHDNMcounter
Year 2003Onwards• Submission
of e-FilingTax ReturnFormOnline
• MS Excel &My Kad
Year 2005 -2007• Soft
Certificate• Active X
Download• Adobe
Forms• Traditional
ASP WebPage
Year 2008Onwards• Submission
of e-FilingTax ReturnFormOnline withthe use ofPKIRoaming,ASP.NETweb pageand webservices
• Tax AgenteFilingSystem(TAeF)
Year 2010• Batch
Submissionusing Hostto HostApplication(HTHA)WebService
Year 2011Onwards• WCF
Services• TAeF
Moduleseparatedfrom mainsystem
Year 2012Onwards• Organizatio
nal e-Filing(OeF)
• m-Filing fore-BE
Our journey implementing Income Tax Application for 10 years
Digicert Sdn. Bhd. Copyright 2014 - Commercial In Confidence - PAGE 27
4. Our Thoughts for Creating eID/PKI Ecosystem for Asia
1. Start small with good application – Good Business Case2. Trust Establishment – Simple Baseline (Point-to-point) i.e.
ICAO can be a good start, leverage it3. Interoperability Among AMS Participated Countries –
Mechanics for supporting Business Case4. Building Trust Ecosystem for Each Participated Country –
Nurturing More Usages5. Readiness, Simplicity and Usability for Leveraging PKI Asia
Ecosystem – Continuous Awareness6. Agreeable High Level Trust Governance – One Standard
Operating Procedure
Digicert Sdn. Bhd. Copyright 2014 - Commercial In Confidence - PAGE 29
Digicert Sdn Bhd : A Leading eID Operator in Malaysia
A Licensed Certificate Authority1. Issued with CA Operational License(2010-2015)
2. Issued with Repository License (2010-2015)
Digital Signature Act1997
(DSA 97)
Digital Signature Act1997
(DSA 97)
Digital SignatureRegulation 1998
(DSR 1998)
Digital SignatureRegulation 1998
(DSR 1998)
Age of MajorityAct 1971 [ age 18]
Contracts Act1950
Age of MajorityAct 1971 [ age 18]
Contracts Act1950
To date Digicert has issued almost 4.5 Millions eID
Digicert Sdn. Bhd. Copyright 2014 - Commercial In Confidence - PAGE 30
Digicert Implementation Approach
Risk Assessment
Digicert IT Security Framework“Integrated & Connected” Principle & ICT
Security Directives
Leverage or Share - the common ITInfrastructures & Infostructures
Managed PKI Security ServiceDigicert KMC
Digicert Trust PlafformImplementation
Ensure Interoperability BetweenTarget Applications (New or Existing)
IT Security Governance &Continuous Awareness
Establishment of Technical SecurityBlueprint & Operating Guide
We provide Digicert eID framework to ensure security risks are properlymitigated & managed. In addition as technical blueprint for the long-termimplementation including continuous awareness and technical trainings.
Digicert Sdn. Bhd. Copyright 2014 - Commercial In Confidence - PAGE 31 31
SCAN S3 Benefits
Commercial In Confidence
Promotes mobility access multiple appsusing one means, from anywhere and anytime.
Digicert eID Business Benefits
Seamless more user-friendly,offering higher security, privacyand at the same time lead tohigher utilization
Costs saving and costs effective centralizedpoint & automation in less administrative work,operations and maintenance.
Being a centralized enterprise service, retrofitting easily into any existinginfrastructures. Thus can improve service delivery and cost effectiveness
Higher security, as Digicert eID runs asa secure application in Hardware SecurityModule (HSM).
Commercial In Confidence
Digicert Sdn. Bhd. Copyright 2014 - Commercial In Confidence - PAGE 32
TRUST CENTER - DTC
Center for Excellence for Promoting eID to all stakeholders1. Public & Industry IT Security PKI Training Center
1. Awareness on eID, PKI and Digital Timestamping2. Continuous Marketing and Public Training
2. Digital Trust Industry Forum1. Forum with Industry Players2. Engage industry players to recognize the business needs3. Provide consultancy services
3. Establish Innovation Lab1. New innovative business applications using EiD2. Collaboration with Universities, & industries