Verisign seal copy

1
CrossCert(??????)
Course Name E-Commerce Prof. Lee, Jae-Kyu
Team E-team
Techno. MBA Kang jungsoo MIS MBA Chung
jiyon MIS MBA Sohn Moonbae (presenter)
2
Agenda

• Issues Recommendation
• 1. Company Issues
• 2. Recommendation
• 2-1. Our Strategy
• 2-2. New Revenue model
• 2-3. Strategic Positioning
• 2-4. New Vision

• On-line Security Digital Cert.
• 1. Why needs security on-line?
• 2. Digital Certificate
• 3. Certificate Authority
• 4. Applicable Area of Digital cert.
• 3C Analysis
• 1. Company overall VeriSign Inc.
• 2. Customer (market analysis)
• 3. Competitor
• 4. SWOT for CrossCert

3
On-line Security Digital Certificate 1.
Why needs security on-line? 2. Digital
Certificate 3. Certificate Authority 4.
Applicable Area of Digital cert.
4
Why do we need security on-line?

• On-line security must be protected from false
  identification, leakage of secret information and
  unwanted information change by hostile outsider.

Authentication
Integrity
Send a message
No identification
Fake sender
Message Fraud
Security
Confidentiality
Non-repudiation
Confidential Information
Shipment Info.
Industry Spy takes the info.
Trading Partner
Deny message received
5
How can you secure information on-line?

• To achieve our security goals on-line
  Authentication,
  Confidentiality, Integrity, Non-repudiation
• Needs authentication service (using PKI
  infrastructure)
• Needs authorized certificate to assure on-line
  information security

Digital Certificate, Digital Signature
6
Digital Certificate Digital Signature

• Digital Certificate is used for identifying the
  ownership of information while
• digital signature is to make sure an
  information was sent by actual sender and
• unchanged on-line.

Digital Certificate
Digital Signature
PKI

• Encrypted form of Message digest by private key

Message digest
Message exchange
message
Source ETRI
7
Digital Certificate
Expiration date
Name of a certificate holder
certificate holder's public key
digital signature of C.A
SourceCrosscert.com
8
Authentication Procedure using Digital Signature
Sender
Source CrossCert.com
9
Certificate Authority(CA)
- Digital Certificate issued by a trusted
third-party, Certificate Authority (CA)

• Trustworthy public key guarantees reliable
  digital signature
• Should prevent false representation of anothers
  identity
• ? need a trusted third-party certificate
  authority
• to guarantee info. Security on-line

• Roles
• -Issue and verify digital certificate
• -Store and maintain digital certificate
• -Notify revocation or suspension of digital
  certificate
• -Store certificate-related data as a
  third-party evidence
• in case of legal dispute

10
Applicable Areas of Digital Certificate
Financial Institution Internet banking Cyber
Stock Trading Electronic Payment E-settlement
Corporate Electronic E-mail E-Payment
Electronic Receipt Electronic Contract
Digital Certificate
Government E- Voting, E-Bidding, Civil Service
Healthcare Institution Electronic- (medical)
Prescription Remote treatment
11
3C Analysis 1. Company overview VeriSign
Inc. 2. Customer (market analysis) 3.
Competitors 4. SWOT for CrossCert
12
Company Overview (CrossCert. ??????)
3C Analysis (Company)
- CrossCert is the first company to be a
Certificate Authority in Korea.

• CEO Dr. Shin, Hong-Sik
• Capital 8.900 mil won - 2000.7
• No. of Employees 47

Major Investor
Major Customer
B2C
Interpark.co.kr, Auction.co.kr, Freechal.com

NICE, KGI Securities, Kyubo Life Insurance, BC
card, kebcard, lgcard
Financial

• Softbank korea, HIT,Naver,
• Dacom, Hanhwa Securities,
• Hankyung, WAW TV

Enterprise
POSCO (Enterprise Trust Service), Unitel (VPN)
13
Company History
3C Analysis (Company)
Becomes an official C.A
November, 2001
C.A Agreement with Unitel, Samsung Electronics
August, 2001
Submitted application for official C.A
July, 2001

• Found Paymon (Secure Payment Company)
• Sole affiliate agreement with Phoenix Tech.
  (Device Certificate)

June, 2001
Financed on iTrustChina
April, 2001
July, 2000
Major Investment from Softbank Korea, HIT
C.A Agreement with POSCO, Hanwha securities,
Dongbu Insurance
Started Business as the first C.A in Korea
March, 2000
March, 1999
July, 1999
Sept. 1999
Electronic Signature Law passed
Strategic partnership with VeriSign Inc.
14
Operational Architecture
2.Generate a pair of keys automatically On Web
browser (public key and private key)
3.1 Registration Authority does registrar
services on behalf of C.A
1. Request registration for a Digital
Certificate (Offline or online)
Customer
8. Customer installs digital certificate
according to specified Instructions.
3. Customer sends Payment to R.A.
1.1 Approval
R.A
4. R.A requests the issue of digital certificate
to C.A
7. C.A notifies where to get digital certificate
and Pin no. thru. e-mail to customer.
Financial Institution
C.A Web Server
Directory Server
5. C.A issues digital certificate
6. Archive public key and digital certificate
Source CrossCert.com
15
3C Analysis (Company)
Companys Core Offerings

• CrossCert provides trust services for Web Sites
  and individuals, including SSL Server IDs for Web
  site authentication and encryption thru. its Web
  site
• as well as Enterprise Trust Services

Enterprise Trust Services
Digital Certificate Service

• Establish a customized Public Key
  infrastructure(PKI) and Certificate Authority
  (CA) system for issuing and managing digital
  certificates to secure intranet, extranet,
  Virtual Private Network (VPN), and e-commerce
  applications throughout your enterprise

Source CrossCert.com
16
Strategic Partner-VeriSign Inc.
3C Analysis (Company)
- VeriSign Inc. has 90 of Worlds Digital Trust
Market (DNS, Authentication service)

• Major shareholders Morgan Stanley, Visa,
  Softbank , ATT, HP
• CEO Stratton Sclavos in July 1995
• Total Revenue (2000) 474.7 million
• Operating income (3th QR,2001) 59.7 million
  (17.1 operating margin)
• Stock Price  253 (2000/02) -gt  40.02
  (2001/11/23)

Source Nasdaq.com
17
VeriSign global network
3C Analysis (Company)
Source CrossCert.com
18
Authentication Service Market Trend
3C Analysis (Customers)

• Korean market for authentication service is
  worth 29 Billion Won in 2000, but expected to
  be fast-growing up to 219 billion won by 2003.
• 
  

Source Itchosun.com

• Law for Digital Signature passed in July, 1999.
  KISA( ????????) Designated Root C.A.
• Authentication Market started to boom in 2001.
• Expected to have 10 million users by the year
  2002.

Booming Year Declared by Government

• CrossCert is a private C.A, but
• Authentication market reoriented by Official
  C.As

Official C.A Driven Market Trend

• Confrontation between Foreign C.A partners
• vs. Korea C.As
• Foreign C.A such as Entrust, Baltimore,
  VeriSign Inc. partnered with NetTrack,
  Variancy, CrossCert

Korean C.A vs. Foreign partners

• Wireless PKI authentication market is the
  hottest issue this year.

Wireless PKI Market
19
Korean Authentication Service Market
3C Analysis (Customers)

• Korean Authentication service market expecting
  to grow about 10 times
• in 5 years
• 
  

SourceInformation and Computer
Communication(?????????) 2001.1
20
3C Analysis (Competitor1)
Yessign.or.kr ?????
SignKorea.com ??????

• Positioning advantage
• in Korean Securities,
• Financial Business area
• Strength in B2G Digital Bidding
• Service Including Public
• Procurement Service (???)

• No. 1 in authentication
• market (Claimed 80 of
• Official C.A Market )
• - Competitive advantage in
• Koreas Internet banking and
• other financial institutions

Key Benefit
Limited to the financial Market
Limited to the financial Market and B2G sector
Key Shortfall

• 10.4 million Users

• 2.6 million users

No. of Users
Future

• Expecting sales of
• 200 Billion won

• Expecting Big Pie in B2G
• Digital Bidding Service

21
3C Analysis (Competitor2)
SignGate.com ??????
ktnet.co.kr ??????

• Koreas first Official C.A
• with joint investment of
• Koreas Biggest companies
• (KT, SDS, SKT, LGE )
• Strength in e-commerce
• and corporate market

• A subsidiary of KITA
• (??????)
• - If certified by government,
• Expecting a positioning
• advantage in International trade
• related companines and
• Strength in Global market

Key Benefit
Key Shortfall

• Limitation in Service Offerings
• and lack of solution
• except digital certificate

• Limitation to international
• Trade related companies
• Using EDI

• 2 million user

• No significant sales

No. of Users
Market approach to e-commerce and corporate C.A
as well as Digital Bidding Service for Public
Procurement Service (???)
Future

• Sole Provider to EDI related
• Market (web enabled EDI)

22
SWOT Analysis for CrossCert
3C Analysis (SWOT)
W
S

• - Strong Brand Power
• as a partner of VeriSign Inc.
• Web browser compatibility
• Global interoperability
• - Strength in Server certificate
• for B2C and financial sectors
• Has customized enterprise
• service using OnSite

• Underdog to Government Certified
• Official C.A
• -gt Needs market penetration to
• B2G and other sector ( Post Office,
• Health care )

• Fierce Competition Due to
• Foreign CAs Partners and new
• competitors
• - Declining trend of e-commerce

• Fast growing market in overall
• Security segment
• Growing needs of
• PKI Enterprise Service
• Increasing needs of authentication
• for Wireless e-commerce e-money

O
T
23
Issues Team Recommendation 1. Company
Issues 2. Team Recommendation 2-1. Our
Strategy 2-2. New Revenue model 2-3.
Strategic Positioning 2-4. New Vision
24
Company Issues
1. Being an official C.A will be a turning
point for the company. -gt Needs strategy
for new market 2. Expansion strategy with
existing service -gt Needs to expand
existing authentication market 3.
Penetration Strategy to undeveloped field
-gt Certificate for Wireless PKI and Smart Card
25
Our Strategy

• CrossCert should stick to its main role as a
  Service Provider, but needs to
• expand its applicable market scope and penetrate
  into undeveloped field.

Our Strategy
Company issues
Targeting on Government and Financial sector
1. Strategy as an official C.A
Targeting on Market Education
2. Expansion strategy with existing service
3. Strategy for Undeveloped field
Market Penetration with Strategic Alliance
26
Targeting on Government and Financial sector

• Organize dedicated Sales Force to government
  sector and
• take advantage of it as an official C.A.

Things to do
Applicable Area

• Organize dedicated Sales Force
• to government sectors
• Advertise its competence
• as an official C.A to customers
• Get more investment
• from financial institutions

Government
E-Bidding
Civil Service
Internet banking Cyber Stock Trading Electronic
Payment
Financial
27
Targeting on Market Education

• Pushing Corporate and B2C to have C.A
  authentication service
• by aggressive marketing efforts and reinforcing
  internal capability.

Things to do
Applicable Area

• Aggressive marketing on
• Enterprise Trust Service (OnSite)
• Test Marketing

Corporate (VPN,OnSite)
Electronic E-mail

• Improve its web site for
• customer service
• ( Ease of Use, Detailed info. )
• Promotion about VeriSigns
• OnSite and their success stories

Electronic Contract
E-Payment Electronic Receipt
B2C (SSL server)
28
Market Penetration with Strategic Alliance

• CrossCert must struggle to be the leader in
  extensive fields like
• wireless PKI authentication and E-payment
  authentication by appropriate
• Strategic alliance.

Undeveloped Fields
Things to do

• Needs to prepare for WPKI as a official CA
• Needs strategic alliance with wireless PKI
  solution provider such as SoftForum, Initech,
  K-sign

Wireless PKI authentication
Device Authentication

• Strong Marketing efforts to high-level security
• required facilities such as Internet Data Center

• Strategic Alliance with e-payment service
  providers (smartcard) such as Mondex, Visacash,
  K-cash

E-payment authentication
29
Revenue Model Core Competence
? Take advantage of being an official C.A ?
Building Customer Trust with VeriSign Brand Value
and strategic alliance
Core Competence
Financial Area

• - No.1 in Server Authentication
• - Competitive Advantage in
• Enterprise Trust Service with
• proven VeriSign solution
• ( OnSite )
• - Official C.A to government and
• financial market
• - Strong strategic Alliance In
• related E-payment provider and
• Wireless PKI solution provider

Personal Authentication
ExistingService
B2C
Server Authentication
Government
Enterprise Trust Service
Device Authentication
NewService
Wireless Authentication
Wireless PKI
Corporate
E-payment
30
Strategic Positioning

• CrossCert will be providing one-stop service
  regarding authentication.

H
Total Authentication Service Provider
Value-Added
E-payment authentication
Device Authentication
Wireless PKI authentication
Enterprise Trust Service
Personal, Server authentication
L
Time
Current
Future
31
New Vision

• CrossCert will be Koreas No 1, one-stop
  authentication Service Provider.

Leading Private Authentication Service Provider
Current Status
No.1 Total Authentication Service Provider
New Vision
32
Q A
33
Supplementary
Official C.A Architecture
Ministry of Information Communication (?????)
KISA(?????????)
(Root CA)
CrossCert
(CA)
??????
??????
?????
?????
??????
(RA)
BANK
Shopping Mall
Corporate
Insurance
Securities
Government
??? Customers ???
34
Supplementary
Official Certificate Issues

• No. of Issued Certificate

(July, 2001)

• Usage

• Internet Banking 6.4 million certificates
  (61.5)
• Digital Bidding 3.4 million certificates
  (32.6)
• Cyber Stock Trading, Shopping mall, e-mail 0.6
  million (5.9)

• For User Segment

• Personal 6.6 million
• Corporate 3.8 million

35
OnSite Configuration
Supplementary

• End-User
• - Apply for Certificate and get it
• From Web Browser
• - Certificate update or expiration
• OnSite Administrator
• - Connection to web site by admin certificate
• - Approval or denial of digital certificate
• by end user
• CrossCert Issuing Center
• - H/W, S/W or equipment to issue certificate
• - Digital Certificate issues here when
• Admin approves end-users request

36
Go Secure! for VPN
Supplementary

• VPN Configuration Using Digital Certificate
• Compatible with CheckPoint, Nortel, Cisco

37
Web Browser incompatibility
38
Supplementary
CrossCert Sales Volume
Last year, CrossCert had 2 billion won in sales,
and latest news forecasted sales would be 5
billion won this year and 15 billion won next
year. Source Financial news,2001.11.14