InfoCore, Inc. Sponsors End User Meeting 
                    Concerning Utilization of Public Key 
                    Technologies at Large Global Companies   
		    
		    April 27, 2001 - At the request of many large global companies and enterprise
                    organizations from various industries, InfoCore and its partners hosted an end user industry 
                    meeting to understand, discuss and collaborate on the challenges, concerns and issues 
                    surrounding the use of current public key technologies to conduct business in the
                    Internet/Intranet environment.  Using the Black Forest Group's (BFG) E-Commerce Security Framework,
                    InfoCore and others conducted a roundtable discussion and reviewed various presentations on
                    industry approaches to identify risks, allocate liability, provide insurability for information
                    transactions, reduce costs, and decrease the technical complexities for large global companies
                    using or wanting to use public key and related technologies in their enterprise information
                    technology (IT) environments.  In response, vendors have indicated a willingness to work to 
                    resolve the challenges, issues and concerns and are preparing to release products in support
                    of the BFG's Security Framework.
		    As an example of the issues involved, one enterprise's experiences were examined.  In its 
                    attempts to utilize public key technologies to conduct business in the Internet environment,
                    the enterprise had searched the commercial market place for a globally interoperable and secure
                    means to perform the Business-to-Business (B2B) E-Business exchanges that are becoming
                    increasingly important.  Frustrated by an inability to find products that were responsive to
                    its needs, the enterprise turned to InfoCore for assistance.  After introducing the enterprise 
                    to a group of other large global companies that had encountered similar serious limitations 
                    and identified a promising public key framework for addressing them, InfoCore was able to aid
                    the enterprise in designing and developing a target architecture that enables it to deploy public
                    key technologies as a fundamental part of its infrastructure while meeting its business objectives
                    and requirements.
		
		    In outlining the enterprise's target architecture, InfoCore identified a solution to the problem
                    of balancing the benefits of public key technologies with the new liabilities and associated risks.
                    This solution integrates the two elements of public key technology-(1) Certificate Authorities (CA) 
                    that produce certificates and (2) applications that consume certificates to implement specific business
                    processes-and the BFG's Security Framework.  The resulting formula has three key properties:
		    
- Hardened PKI Platform.  The risk from platform failures throughout the framework is 
                    ameliorated by associating with each platform an explicit quantitative measure of the assurance of the
                    platform's correct behavior.  Recognized and authoritative independent third parties are used for security
                    validation of the platforms against international security standards.
		    
- Quality Attribute Within Each Certificate.  Effective use of a CA requires confidence in the
                    quality of each certificate chain.  The BFG has identified a powerful standards-compliant quality attribute.
                    The target architecture incorporates the BFG Quality into each certificate.
		    
- Global Liability Assuming Root CA.  A high integrity copy of a root certificate, in components
                    that consume certificates, enables pervasive interoperability.  The BFG is actively engaged in efforts to 
                    provide such a root CA with sufficient liability assumption resources.
		    
 Back
 Back