Evincible™Evincible™Making e-Business Invincible

Will GuytonExecutive Vice President

Will GuytonExecutive Vice President

Presentation Overview

• Our roots• Our target• Our philosophy• Our framework• Our products

E-Business Evolution

Stage 1: Presence

Stage 2: Interaction

Stage 3: Transactions

Stage 4: Transformation

Time

Eco

nom

ic V

alue

2001

Demands:•XML, Standards•Operational demands•eCommerce integration•Collaboration•Efficient Decision making

Security Needs:•Notary and Receipt Services•Transaction level access control•Transaction entitlements•Reconciliation and monitoring

Is a signature worth the paper it is written on?• Cannot determine intent

– Was there duress?– What was your interpretation?– Did you understand the consequences?

• Cannot assure validity– Put an “X” in the block…– Are you still a valid signer?– Are you even who you say you are?

• Cannot resolve disputes– The signature is seldom the cause of a dispute– There are few proven ways to discover counterfeiting

“Wet” Signatures merely ensure adherence to trusted processes

Process is the key to real world trust

• Overarching agreements– Service level agreements– Master Service / Purchase Agreements– Blank Purchase Order– Authorized purchaser registration

• Formalized internal processes– “Chop Chain” of sign-offs and approvals– Legal review for template agreements– Checks and balances

• Public Law– Timeframe to abort– Requirement for clarity and disclosure (e.g. truth in lending etc.)– Precedence both between trading partners and within the trading

populationIn many cases notarization of documents is the binding

proof of adherence to trusted and mutually agreed upon processes.

“Digital” Signatures offer many advantages…• Confidence in the sender’s identity

– Technically ensures that sender is the person holding the credential

– Virtually impossible to forge– Enforces requirement for rigorous registration

• Confidence in Validity– Enables real-time means for ensuring validity of sender– Enforces requirement for rigorous maintenance of

authorized users

• Confidence in Integrity– Ensures that the document is not changed enroute– Provides a means for version control

But signatures alone do not address many of the overriding issues associated with building trusted relationships in e-

business

Challenges remaining after digital signatures…• Cannot indicate adherence to a trusted process

– No built in mechanism for managing multiple signatures, counter-signatures, signatures spanning across multiple documents etc.    

– Does not provide a record of precedence

• Cannot resolve/avoid disputes– Cannot determine validity independently– Cannot provide proof of delivery (with or without request)– Does not meet full requirements of pending legislation (e.g. HIPAA,

GLB, etc.)

• Cannot provide mechanisms for reconciliation, synchronization and evidence reconstruction– Contracts are singed by multiple parties at the same time or at

different times.  – Payment vouchers (checks) require counter signature before they

are approved.  Etc.

Companies must address these requirements by adding additional services, policy management tools and

enforcement controls

Technical requirements for implementing “real world” trust in e-business… • A policy centric framework for security process

management

• A service based “face” to business applications that represents business requirements vs. security functions– Signature Policy Management– Notary– Receipt– Identity– Confidentiality

• Transaction aware security mechanisms– Defined by policy according to “transaction events” in a business

application– Triggered by events and enforced through simple API connections

Rapid PKI enablement requires a simplified integration interface

80/20 prioritization for rapid results • Digital Signature Management

– What should be signed?– Under what circumstances?– Using what format?

• Notary – as a function versus an entity– When should signatures be validated?– Do we need a timestamp on this process?– Under what circumstances should we ensure process adherence?

• Receipts – in terms of reconcilable acknowledgement of trades – Does a transaction need a digitally signed acknowledgement?– Are their “time-out” rules, etc. that should be considered?– How can I use reconciliation as a means to avoid disputes?

• Dispute Resolution capabilities (repository, alarms, etc.)

On a transaction by transaction basis, minimally, these issues must be addressed to create a trusted e-business

environment

Value generation by extensions of security capabilities…

Evidence gathering Witness Dispute resolution

Multiple signatures Process adherence via Policy

Sectional Signatures Receipts Reconciliation

Policy +

Notary +

Toolkits +User Key Mgmt Certificate Status Check Browser support

Single App

Enterprise

e-business

Proof of Concept

Value

Business applications need easy access to security functions…

Business Requirements

• “Legal grade” Transactions

• “Future Proofing”• Multi-deployment

support• Reduced TCO• Speed

Technology Today

• Tool kits• Evolving/Competing

standards• Application “Islands”

… “service deployments” provide flexible methods for rapid integration of security

CryptographyPKI OSDBMS, LDAP

ApplicationInterfaces

Transaction Security Services Framework (TSSFTM)

ValidationRepositoryAccess ControlSecurityFunctions /Services

TransactionSecurityServices

Infrastructure

services are invoked according to POLICY

Business Application

Encryption Authentication

Dig. Signature Management

Notary Entitlements ConfidentialityReceipt/

Reconciliation

Browser WirelessOpen Stds.(Java, EJB)

MS Stds.(COM, C#)

Evincible products address key business requirements..

… providing the most comprehensive TSSF support.

Transmission Security (SSL, VPN)

Anti-intrusion

Evincible Access grants selective access and privileges so you can provide service & manage

risk

Valuable services require access to sensitive information…

Evincible AccessEvincible Access

Pol i cy Management Server

Evincible AccessAdapter

Wi rel ess Gateway

Appl i cat i on Gateway

Aut hor i zat i onPol i cy

Pol i cy based aut hor i zat i on, suppor t i ngDel egat i on of Admi ni st rat i on

Di ff erent Aut hent i cat i on mechani sms

Enabl es personal i zat i on

Connect ors t o Web Servers, EJ B

API enabl es easy i nt egrat i on

Secur i t y Server

Opt i onalEvi nci bl e AccessAdapt er

Evincible AccessAdapter

Web Server

Comm. Tower

www

You must offer trusted transaction capabilities to capitalize on the opportunity of the web…

Evincible Ink allows you to logically create and efficiently control trusted transaction

environments

EvincibleEvincible InkInk

You must provide document level confidentiality to ensure privacy…

Evincible Privacy “replaces the ‘trust’ in privacy with ‘absolute assurance’” without full PKI

EvincibleEvincible PrivacyP

Questions?

Will Guytonwguyton@evincible.com