Upload
simon-paul
View
214
Download
0
Tags:
Embed Size (px)
Citation preview
2© 2000 Andersen Labs for Internet & Security, Arthur Andersen Associates, All Rights Reserved.
Page 2
Agenda
CA Business Model in Asia Pacific
PKI Trends in Asia PacificPKI Enabling AribaCertificate Registration
3© 2000 Andersen Labs for Internet & Security, Arthur Andersen Associates, All Rights Reserved.
Page 3
CA Developments in Asia Pacific
Many countries are setting up their in-country CAs– Japan– Korea– Hong Kong– Singapore– Malaysia– Thailand– Australia
Mostly, government agencies like Post Offices are involved
e.g. HK, Malaysia, Singapore & Australia
4© 2000 Andersen Labs for Internet & Security, Arthur Andersen Associates, All Rights Reserved.
Page 4
CA Developments in Asia Pacific
Issues with the CA business– Most, if not all, of these CAs lose money heavily and has a hazy idea of
business development– All of them follow a subscription based revenue model
• sure revenue losing proposition as price of certificates is projected to drop to between
USD 1 - 2
– Most hyped product is S/Mime certificates– All of them do not manage to sell any SSL certificates as all of them do not
have their CA root key embedded in the browser
• browser-based trust model
– At first, Identrus, the global initiative for b-to-b trust model in banking seemed to
offer a hope
• unfortunately only 3 banks in Asia Pacific (ex Japan) qualify
• all international banks will host their own internal CA in their HQ
5© 2000 Andersen Labs for Internet & Security, Arthur Andersen Associates, All Rights Reserved.
Page 5
Regional CA
Engaged AA to develop a business & technology model for
its operation– Vision– Product/Services– Distribution channels– Competitors– Financials
6© 2000 Andersen Labs for Internet & Security, Arthur Andersen Associates, All Rights Reserved.
Page 6
Foreign Partner
Upside – Brings in necessary marketing & technology expertise– Part of a global network– Critical mass
Downside – heavy royalty costs
Conclusion - must have a way to achieve a win-win solution
© 2000 Andersen Labs for Internet & Security, Arthur Andersen Associates, All Rights Reserved.
Page 7
Market Creation
Consultant
Strategy Process
Technology Change-
Enablement
EnablingTechnology
Cards, etc CA / PKI
Web Server App Server
COM-CORBA
HardwareVendor
Product
ASPs Packaged-
Software
Application
“V-Portals”
Extended- ICS/ ISC
SystemsIntegration
S.I. Firms Insourced
OutsourcedB-O-T
Services
I-Banking On Line- Shopping E-Business
Users
General- Public
Community-Users
Visibility
Market Reach and Impact
Establish Partnership
© 2000 Andersen Labs for Internet & Security, Arthur Andersen Associates, All Rights Reserved.
Page 8
Prioritizing PKI Applications
Application
Secure VPNSecure Web AccessSecure E-MailServer IDsConsolidated Sign-OnSETCode Signing
Priority
HighHighHighMedium-HighMediumLowLow
© 2000 Andersen Labs for Internet & Security, Arthur Andersen Associates, All Rights Reserved.
Page 9
Diversify Revenue Models
Subscription
Transactional
Outsourcing
Professional services & systems integration
Advertising
© 2000 Andersen Labs for Internet & Security, Arthur Andersen Associates, All Rights Reserved.
Page 10
Be A Total Security Partner
B2C
Strategy
B2B
Enterprise
C2B
by Service
Partner withHigh Impact
Industry (+Cross Industry)Service P roviders
11© 2000 Andersen Labs for Internet & Security, Arthur Andersen Associates, All Rights Reserved.
Page 11
Pricing Strategy
Unit pricing based on number of certificates & toolkits– separate pricing for certificates and toolkits
Solution-based pricing– Verisign Onsite– Provide better comparison with traditional solution pricing– ‘Free’ or development-based toolkits
12© 2000 Andersen Labs for Internet & Security, Arthur Andersen Associates, All Rights Reserved.
Page 12
Transaction Guarantee & Insurances
Readily explains the concept of ‘trust’– effective competitive edge
Most CAs relies on technical explanations– not understood by customers– difficult to explain if the CA is so confident, why is it not guaranteeing the
transaction.
Error & Omission– Impersonation & Delay in Performance
Cost– $10,000 for every $1,000,000 of coverage
13© 2000 Andersen Labs for Internet & Security, Arthur Andersen Associates, All Rights Reserved.
Page 13
Mobile Certificates
Wireless is huge in Asia Pacific
In Asia Pacific, m-commerce will dominate in 2005
Early adopters will appear in 2002 – e.g. HKMIF m-cert project
WAP PKI standard (draft) released in Mar 2000– work with WAP 1.2 WIM cards– specifies an end-to-end security model– introduces a new entity called PKI portal
14© 2000 Andersen Labs for Internet & Security, Arthur Andersen Associates, All Rights Reserved.
Page 14
PKI Trends in Asia Pacific
PKI-Enabling Ariba
15© 2000 Andersen Labs for Internet & Security, Arthur Andersen Associates, All Rights Reserved.
Page 15
Background
AA is a leading implementor of Ariba. Out of 280 Ariba-
based exchanges, AA has or is implementing 60.
Out of this, 6 Ariba exchanges are in Asia Pacific
These exchanges are finding that digital signatures are
necessary for the following documents– RFQ– PO– PR– Invoices
16© 2000 Andersen Labs for Internet & Security, Arthur Andersen Associates, All Rights Reserved.
Page 16
Ariba Architecture - Applet/Servlet
17© 2000 Andersen Labs for Internet & Security, Arthur Andersen Associates, All Rights Reserved.
Page 17
Ariba Architecture - JSP
18© 2000 Andersen Labs for Internet & Security, Arthur Andersen Associates, All Rights Reserved.
Page 18
PKI Trends in Asia Pacific
Certificate registration services
19© 2000 Andersen Labs for Internet & Security, Arthur Andersen Associates, All Rights Reserved.
Page 19
Certificate Authorities
CA Agent
Registration Server
Local Registration Agents
Security Administration
Customer Databases
Single Point of Administration
ca:SEAL
ca:SEAL
ca:SEAL