BANKING AND BUSINESS SOLUTIONS (BBS) Bj

1
BANKING AND BUSINESS SOLUTIONS (BBS) Bjørn
Søland
2
BBS A knowledge-based IT-company

• 700 employees
• Total turnover 183 Mill
• Owned by banks
• Subsidiary companies
• BBS AB, LD Betalingssystemer AS,
• ZebSign AS
• Ownership interests
• Acos AS (34)
• NETS (50)
• Business areas
• Retail services
• Trusted Services
• Payment- and information services
• Interbank / infrastructure

BBS Headquarter, Oslo
3
BBS Offerings and Trusted Services
Customer solutions
Payment Services
Trade and Purchase
eID/ Trust Services
Information Services

• gt eInvoice B2C/B2B
• gt Direct Debit
• gt Paper based
• gt Dir.rem./ Egiro in.
• gt Egiro out payments
• gt Net-giro
• gt Invoice hotel

gt Collection gt Archive gt Distribution gt
Scanning gt OCR/Egiro in. gt BBS Online gt Net-post
gt Smart cards/ EMV gt Terminal solutions gt
E-Commerce gt Mobile Bank gt Automates gt Mobile gt
Collection

• gt PKI Hosting
• gt Multi-ID auth sign
• gt Client solutions
• gt Trust archive
• gt Wireless eID

INFRASTRUCTURE SOLUTIONS
Customer Service
Customer Service
Customer Service
Customer Service
4
BBS Strategic Assets

• 3 decades of experience in delivering nation wide
  infrastructures
• Largest managed PKI service provider in Nordic
  region
• 300 persons in IT development and operations
• 85 persons in customer service
• 60 persons in Trusted Services
• 40 persons in IT-Trusted Services
• 50 persons working with Information Services

5
Accomplishments

• Year 2007 Worlds first International Mobile
  Signature Roaming Test
• Year 2006 EEMA Award for Excellence in
  e-business in Europe
• Year 2003 Recognized for Excellence in Europe by
  EFQM
• Year 2002 BS 7799.22002 (security
  certification)
• Year 2001 BBS became Identrus certified PKI
  Operator
• Year 2000 Won Year 2000 Norwegian Quality
  Prize
• Year 1998 Europay MC and VISA certified BBS to
  operate SET CA PGW (first company world wide
  to achieve this at first attempt)
• Year 1997 BBS was certified according to NS-EN
  ISO 90012000

6
BBS eID ServicesSome reference cases

• Norwegian BankID Scheme, includes all banks in
  Norway and some leading Nordic banks
• National Internet gambling
• Norwegian Tax Authorities
• National Office of Social Insurance (reports from
  doctors/ pharmacy)
• Norwegian Patent Office
• Electronic maintenance of insurance agreements
• Electronic tax reports
• Telenor Mobile for wireless purchase
• National Loan Fund (electronic form filling)
• Posten Norge and ErgoGroup Employee certificates
  on smart cards

7
BBS PKI ServicesInternational Dimensions

• Identrus certified PKI operator. Served Nordea
  Banks in Europe
• Nordic Banks using BBS PKI Services
• SEB, Handelsbanken, Danske Bank (Fokus bank),
  Skandiabanken (2007) and Nordea
• Det norske Veritas (DnV) partnership
• Pan-European shipping portal project.
• Certificate services for internal and external
  usage
• Trusted archive
• Global technology company has chosen BBS PKI
  services

8
BBS eID Service Offeringsfor Issuer and Merchant
Markets
Value Added Services Multi-ID Portals allow
merchants to offer their web-services securely to
different eID users. Signing and Archive
solutions will reduce costs.
Customer Solutions ID Request Management and
Client-Server solutions allow customers to
connect to central systems, order/ issue and
suspend eIDs. Registration solution allows
customers to register administer users.
Central Systems BBS Co-Managed Service comprises
full certificate OTP solutions, allowing
customers to issue eIDs/ OTPs, validate end users
towards web services (e-banking, public
services, VPN).
To sum up, BBS PKI offerings fulfil the business
needs of full value chain (i.e., BBS customers
and BBS customers customers).
9
BBS eID Services For issuers and (public)
service providers

• Managed eID Services for issuers
• 30 certificate profiles, 20 certificate
  policies
• Qualified certificates
• PKI complexity is hidden behind simple interfaces
• WEB based Registration Authority for small scale
  issuing
• Wireless eID (SIM based)
• Value added services
• Client and server side components
• Multi ID authentication
• Multi ID signing
• Archive for signed documents
• Personal identification number lookup

10
Norwegian BankID roll out status
11
Norwegian BankID usage status
12
Value Added ServicesFinding the killer
application

• The average number of interactions citizen
  public sector is 1,8/year for all services!!
• Figures to compare
• 93 uses the netbank more than once a week
• 98 uses the netbank more than once every 14 days

) Norwegian Savings Banks Association
13
Observations

• eID must be used more than 15 times/ year
• If used less than 15 times/year users will
• Forget passwords/ PINs
• Put away their devices at a smart place
• Lock their card/ device
• Etc, etc

14
Value of eID depends on context

• eID is useful for users when
• The eID can be used for all protected public
  services
• Services outside public sector is available
• eID is useful for service providers when
• Everyone has eID and is familiar with its use
• Costs are predictable
• eID does not add complexity
• To technical solution
• In risk management

15
Complexity and value propositions
Longtime archiving of signed documents
Signing with different eIDs on the same document
C O M P L E X I T Y
Electronic identification
V A L U E
16
Multi-ID Portal ServicesUtilizing e-IDs in
heterogeneous markets
Complete solutions for electronic ID
Businesses
BBS Value Propositions
Easy
Complete service
High quality
Competence
Easy implementation Low implementation
cost Integrated with standard software Open
standards
Stability Security Integrity
Solves complex customer needs Maintenance and
hosting Offers value added services Enabled for
international use
Leading PKI-competence center in Europe Leading
innovator
ID-solutions
17
Multi-ID Authentication Service

• Identify your customers
• No PKI client integration
• Consistent user interface
• Supports multiple IDs
• Allows service providers to go Nordic easily
• Easy to integrate

Electronic identification Log on to web site
secured pages
Secured content
Non-secured content
Log on
Electronic identification
18
Multi-ID Signing Service
Complete solutions for electronic ID

• Improve business
• processes with signing
• Signature processes are handled by BBS
• No PKI client integration
• Access ID users in the Nordic
• Easy to integrate
• Go Nordic easily

Electronic signing Example of contract signing
Binding agreement
Document
Signing
Electronic signing
19
Rule-Based Signing Service

Combination
Serial
Parallel

• Signing through a set of pre-defined rules
• By defined persons
• With/without notification
• Within defined timeframes
• With defined IDs
• Through defined channels

20
Archive ServicesKeeping signed documents safe

• BBS signed document archive is operational
• Builds on existing system
• 1.5 billion documents in archive
• 30 million documents distributed annually
• Archival challenges for signed documents
• Keys to short, obsolete formats, weak algorithms

21
Archive functionsOverview

• Store and retrieve document
• Signature Validation
• Time stamping
• Seal document
• Document, signature(s), revocation information
  etc.
• Format conversion
• Renew signature

22
BBS eID Services Summary

• Managed eID Services for issuers
• Nation wide/ high end eID services
  internationally available
• Customer and market driven approach
• Value added services for merchants and issuers
• Multi ID authentication
• Multi ID/ multi signature service
• Rule based signing
• Archive for signed documents

23

• ?

24
Contacts

• Marc Christensen
• 45 2924 5464
• marc.christensen_at_bbs.no
• Bjørn Søland
• 47 90188004
• bjorn.soland_at_bbs.no