Trust 2 ™ Share your confidential information assets without headaches about unauthorized leakage...

Trust2™ Share your confidential information assets without headaches about

unauthorized leakage

WIM COULIER, SENIOR PROJECT MANAGER CERTIPOSTWIM.COULIER@STAFF.CERTIPOST.BE

2

Agenda

Short intro of Certipost

Trust2, boosted by the Belgian electronic ID Card

Trust2, a cost-effective and secure way to exchange business documents with business partners

Trust2 demo

Trust2 case studiesInstitutes of Belgian Accountants and Company Auditors

Simont Braun

Conclusion

3

Direct model vs Consolidator

Inhouse costsSoftware purchase

Implementation

Maintenance

Upgrades

Inhouse servicesUser management

Support

Archiving

Applications

Connectivity

Interconnections

Proof of delivery

Payment

Translation

Print gateway

Security

SMS gateway

Centralized &

outsourced

services

platform

cust

omer

1cu

stom

er 2

customer 3

customer 4

supplier 1

supplier 2

supplier 3

residentialresidential

residential

CertiONE

Large company

SME

Residential customer

Hybrid gatewayeGOV

interconnections

4

Trust2, boosted by the Belgian electronic ID Card

Role of CertipostArchitect & manager of digital certificates on eID cards

Service provider of eID validation services (cfr. card stop for credit cards)

Our role:eID applications: Trust², registered mail, others, ...

eID shop: help companies with eID implementation

IAM : help organisations use eID as a unique tool for authentication

5

4 eID applications

Ph

ysic

al

Iden

tifi

cati

on

Data capture

eID validation services

Au

then

tic

atio

n

Sig

nat

ure

6

CertiONE e-Worker: Trust²

CertiONE

Trust2

Distributor defines

document rights & sends

via e-mail

Read access

Trust² identified via user/password

Trust² identified

Trust² identified via eID

no identification

no identification

Read, write,

copy & print

access

Read access

7

Trust2, a cost-effective and secure way to exchange business documents with business partners

• Today, most communication policies only exist on paperToday, most communication policies only exist on paper• Its easy to unintentionally forward e-mails & documentsIts easy to unintentionally forward e-mails & documents• Its easy to intentionally share/sell plans w/competitors, press, InternetIts easy to intentionally share/sell plans w/competitors, press, Internet

8

Re-usage rights cleared via Get-a-Copy

29/05/2004

The need: Collaborative working requires persistent information Protection

9

The solution

Define and Enforce your usage and distribution policies of your information assets via Information Rights Management

10

Acce

ss C

ontro

l

Use

r Man

agem

ent

Yes

No People

File

The solution: Trust2 based on information Rights Management

Information Rights ManagementDo not forwardDo not Copy….

People

Yes

11

Information flows within and across the organizational borders

Publish confidential information on portal only accessible by authorized members without risk of accidental or intentional leakages

Safeguard the confidentiality of financial and audit reports when shared with customer

Sales manager preventing dissemination of business intelligence embedded in a proposal

….

12

UID/PSWD UID/PSWD

13

TrustTrust22 for MS Office for MS Office at Work..at Work..

Trustworthy information exchange Trustworthy information exchange for Office documents, web content for Office documents, web content and Outlook emailsand Outlook emails

Content Distributor

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

Content Recipient

33

34

35

36

37

38

39

40

41

TrustTrust22 for MS Office for MS Office at Work..at Work..

Trustworthy information exchange Trustworthy information exchange for Office documents, web content for Office documents, web content and Outlook emailsand Outlook emails

Scenario’s

43

Inhouse

44

Service Model

IInnffoorrmmaattiioonn AAuutthhoorr

TThhee RReecciippiieenntt

RRMMSS SSeerrvveerr

SQL Server Active Directory

TTrruusstt22 hhoosstteedd eennvviirroonnmmeenntt

CCoommppaannyy AA CCoommppaannyy AA oorr BB

45

Hybrid Model

IInnffoorrmmaattiioonn AAuutthhoorr

TThhee RReecciippiieenntt

RRMMSS SSeerrvveerr

SQL Server Active Directory

TTrruusstt22 hhoosstteedd eennvviirroonnmmeenntt

RMS certificate trust

Case studies

47

Trust2 Case Study (1) : IAB-I.B.R.

Institutes of Tax Accountants and Company Auditors

Usage of a professionaltoken/smartcard

Various confidentialinformation flows identified

48

Trust2 case studies (1) : IAB-I.B.R.

Relations with the InstituteEither via secured e-mail or Intranet secure access Secure sending of expertise reports, permanent training annual attests, modification of personal or professional coordinatesDeposit of deontologically requested reportsDisciplinary related documents exchangePublication of Members Lists, Stagiairs Lists and Masters of “Stagiairs”

Relations with confratersAny confidential information exchangeExchange of working documents, reportsAny confraternal information exchange

Relations with Third parties & customersAudit ReportsAny confidential information exchange

Relations with authoritiesAny confidential information exchangeAnswers to “avis” from the AdministrationFiscal agreement Complaints introduction

49

Pilot project : Law Firm Simont Braun

Headquartered in the middle of the traditional Brussels business district,

The firm Simont Braun is the result of the merger between two groups of lawyers, one gathered around Lucien Simont and the other coming from the firm Braun Bigwood

• Its activities cover business law at large, their practice areas are • Arbitration & Litigation

Corporate law Finance & Banking Intellectual property & Competition law Public and Administrative Law Real estate and Construction law Tax & Labor law Trade practices, E-commerce & Distribution

Trust2 Case Study (2) : Simont Braun

50

Trust2 Case Study (2) : Simont Braun

Case studyIn the process of deploying Office 2003 Pro

70 collaborators exchange monthly more or less than 500.000 emails

Trust² would be the right means for Simont Braun to

• exchange confidential documents,contracts with other Lawyer’s firms

• To provide legal documents just in time, replacing fax transmission (ex: conclusions, …)

51

Conclusion

Trust2 for cost-effective and secure way to exchange business documents with business partners

DRM • Leveraging on Microsoft RMS Technology

Strong Authentication• Leveraging on the Belgian eID project

Policy based for customisation

Available “out-of-the box” as standard feature of MS Office 2003 Pro

Different models are availableOutsourced

Insourced

Hybrid

52

Questions and Answers

See you on http://www.trust2.com or mailto:wim.coulier@staff.certipost.be