InfoCore, Inc. Sponsors End User Meeting
Concerning Utilization of Public Key
Technologies at Large Global Companies
April 27, 2001 - At the request of many large global companies and enterprise
organizations from various industries, InfoCore and its partners hosted an end user industry
meeting to understand, discuss and collaborate on the challenges, concerns and issues
surrounding the use of current public key technologies to conduct business in the
Internet/Intranet environment. Using the Black Forest Group's (BFG) E-Commerce Security Framework,
InfoCore and others conducted a roundtable discussion and reviewed various presentations on
industry approaches to identify risks, allocate liability, provide insurability for information
transactions, reduce costs, and decrease the technical complexities for large global companies
using or wanting to use public key and related technologies in their enterprise information
technology (IT) environments. In response, vendors have indicated a willingness to work to
resolve the challenges, issues and concerns and are preparing to release products in support
of the BFG's Security Framework.
As an example of the issues involved, one enterprise's experiences were examined. In its
attempts to utilize public key technologies to conduct business in the Internet environment,
the enterprise had searched the commercial market place for a globally interoperable and secure
means to perform the Business-to-Business (B2B) E-Business exchanges that are becoming
increasingly important. Frustrated by an inability to find products that were responsive to
its needs, the enterprise turned to InfoCore for assistance. After introducing the enterprise
to a group of other large global companies that had encountered similar serious limitations
and identified a promising public key framework for addressing them, InfoCore was able to aid
the enterprise in designing and developing a target architecture that enables it to deploy public
key technologies as a fundamental part of its infrastructure while meeting its business objectives
In outlining the enterprise's target architecture, InfoCore identified a solution to the problem
of balancing the benefits of public key technologies with the new liabilities and associated risks.
This solution integrates the two elements of public key technology-(1) Certificate Authorities (CA)
that produce certificates and (2) applications that consume certificates to implement specific business
processes-and the BFG's Security Framework. The resulting formula has three key properties:
- Hardened PKI Platform. The risk from platform failures throughout the framework is
ameliorated by associating with each platform an explicit quantitative measure of the assurance of the
platform's correct behavior. Recognized and authoritative independent third parties are used for security
validation of the platforms against international security standards.
- Quality Attribute Within Each Certificate. Effective use of a CA requires confidence in the
quality of each certificate chain. The BFG has identified a powerful standards-compliant quality attribute.
The target architecture incorporates the BFG Quality into each certificate.
- Global Liability Assuming Root CA. A high integrity copy of a root certificate, in components
that consume certificates, enables pervasive interoperability. The BFG is actively engaged in efforts to
provide such a root CA with sufficient liability assumption resources.