Andersen Labs for Internet & Security

PKI Developments in Asia Pacific

5 December 2000

2© 2000 Andersen Labs for Internet & Security, Arthur Andersen Associates, All Rights Reserved.

Page 2

Agenda

CA Business Model in Asia Pacific

PKI Trends in Asia PacificPKI Enabling AribaCertificate Registration

3© 2000 Andersen Labs for Internet & Security, Arthur Andersen Associates, All Rights Reserved.

Page 3

CA Developments in Asia Pacific

Many countries are setting up their in-country CAs– Japan– Korea– Hong Kong– Singapore– Malaysia– Thailand– Australia

Mostly, government agencies like Post Offices are involved

e.g. HK, Malaysia, Singapore & Australia

4© 2000 Andersen Labs for Internet & Security, Arthur Andersen Associates, All Rights Reserved.

Page 4

CA Developments in Asia Pacific

Issues with the CA business– Most, if not all, of these CAs lose money heavily and has a hazy idea of

business development– All of them follow a subscription based revenue model

• sure revenue losing proposition as price of certificates is projected to drop to between

USD 1 - 2

– Most hyped product is S/Mime certificates– All of them do not manage to sell any SSL certificates as all of them do not

have their CA root key embedded in the browser

• browser-based trust model

– At first, Identrus, the global initiative for b-to-b trust model in banking seemed to

offer a hope

• unfortunately only 3 banks in Asia Pacific (ex Japan) qualify

• all international banks will host their own internal CA in their HQ

5© 2000 Andersen Labs for Internet & Security, Arthur Andersen Associates, All Rights Reserved.

Page 5

Regional CA

Engaged AA to develop a business & technology model for

its operation– Vision– Product/Services– Distribution channels– Competitors– Financials

6© 2000 Andersen Labs for Internet & Security, Arthur Andersen Associates, All Rights Reserved.

Page 6

Foreign Partner

Upside – Brings in necessary marketing & technology expertise– Part of a global network– Critical mass

Downside – heavy royalty costs

Conclusion - must have a way to achieve a win-win solution

© 2000 Andersen Labs for Internet & Security, Arthur Andersen Associates, All Rights Reserved.

Page 7

Market Creation

Consultant

Strategy Process

Technology Change-

Enablement

EnablingTechnology

Cards, etc CA / PKI

Web Server App Server

COM-CORBA

HardwareVendor

Product

ASPs Packaged-

Software

Application

“V-Portals”

Extended- ICS/ ISC

SystemsIntegration

S.I. Firms Insourced

OutsourcedB-O-T

Services

I-Banking On Line- Shopping E-Business

Users

General- Public

Community-Users

Visibility

Market Reach and Impact

Establish Partnership

© 2000 Andersen Labs for Internet & Security, Arthur Andersen Associates, All Rights Reserved.

Page 8

Prioritizing PKI Applications

Application

Secure VPNSecure Web AccessSecure E-MailServer IDsConsolidated Sign-OnSETCode Signing

Priority

HighHighHighMedium-HighMediumLowLow

© 2000 Andersen Labs for Internet & Security, Arthur Andersen Associates, All Rights Reserved.

Page 9

Diversify Revenue Models

Subscription

Transactional

Outsourcing

Professional services & systems integration

Advertising

© 2000 Andersen Labs for Internet & Security, Arthur Andersen Associates, All Rights Reserved.

Page 10

Be A Total Security Partner

B2C

Strategy

B2B

Enterprise

C2B

by Service

Partner withHigh Impact

Industry (+Cross Industry)Service P roviders

11© 2000 Andersen Labs for Internet & Security, Arthur Andersen Associates, All Rights Reserved.

Page 11

Pricing Strategy

Unit pricing based on number of certificates & toolkits– separate pricing for certificates and toolkits

Solution-based pricing– Verisign Onsite– Provide better comparison with traditional solution pricing– ‘Free’ or development-based toolkits

12© 2000 Andersen Labs for Internet & Security, Arthur Andersen Associates, All Rights Reserved.

Page 12

Transaction Guarantee & Insurances

Readily explains the concept of ‘trust’– effective competitive edge

Most CAs relies on technical explanations– not understood by customers– difficult to explain if the CA is so confident, why is it not guaranteeing the

transaction.

Error & Omission– Impersonation & Delay in Performance

Cost– $10,000 for every $1,000,000 of coverage

13© 2000 Andersen Labs for Internet & Security, Arthur Andersen Associates, All Rights Reserved.

Page 13

Mobile Certificates

Wireless is huge in Asia Pacific

In Asia Pacific, m-commerce will dominate in 2005

Early adopters will appear in 2002 – e.g. HKMIF m-cert project

WAP PKI standard (draft) released in Mar 2000– work with WAP 1.2 WIM cards– specifies an end-to-end security model– introduces a new entity called PKI portal

14© 2000 Andersen Labs for Internet & Security, Arthur Andersen Associates, All Rights Reserved.

Page 14

PKI Trends in Asia Pacific

PKI-Enabling Ariba

15© 2000 Andersen Labs for Internet & Security, Arthur Andersen Associates, All Rights Reserved.

Page 15

Background

AA is a leading implementor of Ariba. Out of 280 Ariba-

based exchanges, AA has or is implementing 60.

Out of this, 6 Ariba exchanges are in Asia Pacific

These exchanges are finding that digital signatures are

necessary for the following documents– RFQ– PO– PR– Invoices

16© 2000 Andersen Labs for Internet & Security, Arthur Andersen Associates, All Rights Reserved.

Page 16

Ariba Architecture - Applet/Servlet

17© 2000 Andersen Labs for Internet & Security, Arthur Andersen Associates, All Rights Reserved.

Page 17

Ariba Architecture - JSP

18© 2000 Andersen Labs for Internet & Security, Arthur Andersen Associates, All Rights Reserved.

Page 18

PKI Trends in Asia Pacific

Certificate registration services

19© 2000 Andersen Labs for Internet & Security, Arthur Andersen Associates, All Rights Reserved.

Page 19

Certificate Authorities

CA Agent

Registration Server

Local Registration Agents

Security Administration

Customer Databases

Single Point of Administration

ca:SEAL

ca:SEAL

ca:SEAL