Nessun titolo diapositiva

1
Bucharest September 23th
2
Agenda

• ACTALIS
• the company
• product and services
• ACTALIS and Identrus
• The italian banks approach to Identrus
• steps
• goals
• the GUII
• the project
• European Directive and AIPA
• a case study banks will join (CNIPA) AIPA and
  Identrus

3

• December 2001
• ACTALIS was founded by SIA (Società
  Interbancaria per lAutomazione) and SSB (Società
  per i Servizi Bancari)
• March 2002
• ACTALIS has been enrolled in the italian Public
  Register of Certification Authorities for digital
  signatures, assuming the role of Certification
  Authority acting on his own and on behalf of SIA
  and SSB

4

• January 2003
• SECETI Certification Authority branch joins
  ACTALIS for digital signature purposes.SECETI
  being part of the shareholders
• May 2003
• BNL Multiservizi Certification Authority and
  e-security branches merge in ACTALIS that
  increase his capital and the shareholders

5
The company mission
ACTALIS acts both as PKI competence center and
ICT security player in Italy and in foreign
countries. Integrity, confidentiality, non
repudiation, secure transmission over networks
and strong authentication are the key words of
our knowledge Today ACTALIS is also a
full-service provider for the design, the
deployment and the integration with the customer
applications of digital signature systems (PKI -
Public Key Infrastructure) In this specific
area, ACTALIS is operating different
Certification Authorities following the market
requests - electronic signatures customer
tailored - digital signatures under the italian
law - in full outsourcing for Identrus banks
6
Products and Services
Certification services
Digital Signature Products
Consulting and Training
7
The ACTALIS approach to Identrus let banks
focusing on business

• ACTALIS started in 2001 to talk with banks about
  Identrus as following
• make banks have a full understanding the trust
  framework of Identrus (knowledge transfer)
• address specific issues on specific themes via
  working groups (business, legal, organisational,
  technical)
• identify all possible sharing solutions
  (cooperative project )
• providing outsourcing services (as Thirdy Party
  Processor)

8
Agenda

• ACTALIS
• the company
• product and services
• ACTALIS and Identrus
• The italian banks approach to Identrus
• steps
• goals
• the GUII
• the project
• European Directive and AIPA
• a case study banks will join (CNIPA) AIPA and
  Identrus

9
Initiatives of the Identrus italian banks

• The following italian banks participate in
  Identrus in 2002
• Banca di Roma (Capitalia Group) ()
• Banca Intesa ()
• Banca Lombarda
• Banca Monte dei Paschi di Siena ()
• Banca Nazionale del Lavoro
• SanPaolo Imi()
• UniCredit

10
The steps of italian banks

• September-December 2001 - SSB Identrus
  Feasibility study eleven banks involved
• 28th February 2002 seven banks formally signed
  the participation agreement in Identrus
  (Candidate Participant Agreement)
• March 2002 four of these banks implemented
  measures to be operational during 2003 (Project
  goals definition )
• December 2002 the phase of technical
  certification by Identrus LLC (interoperability
  and pre-production test) has been undertaken
• 2003 completion of the on-boarding and
  production process for the first Business
  Application

11
Feasibility study executive summary (dec 2001)

• Identrus is the best solution for those seeking a
  PKI standard with a global international valence
  for corporate services
• Identrus is considered one of the major
  international initiatives for a world-wide
  interoperability of the financial services
• Identrus is designed and evolves in accordance
  with the needs shared by the bank industry
• The dissemination of Identrus with the major
  financial operators of the single european market
  creates the conditions for strong competition
• Identrus can play a major role also in the
  domestic security of on-line services

12
The main working areas
The italian banks have a clear and common
understanding that the main are of work are
strictly related to the rules that Identrus
identify and manage in order to guarantee
interoperability
13
Project goals

• To define and to develope a first Business
  Application which effectively exploits the
  services offered by Identrus
• To manage the on-boarding process (necessary
  phase to obtain Identrus certification with the
  bank in live mode ) in a regime of interbank
  co-operation, to maximise policy sharing and
  project documentation
• The realization of an Identrus compliant PKI
  technological environment, shared among several
  banks and customised for domestic type needs
  (co-existence/interoperability with the AIPA
  framework)
• Identification of ACTALIS as solution provider

14
GUII (Gruppo Utenti Identrus Italia - Identrus
Italy Users Group)

• GUII has the following objectives
• to promote adoption of the Identrus standard
• to co-ordinate all the activities based on
  Identrus-related themes in a domestic
  environment, harmonizing with international
  themes
• to put in place specific workgroups focusing on
  themes of common interest and to verify areas of
  co-operation, if applicable, in the framework of
  business applications
• to identify criteria and methods of representing
  and co-ordinating communications activities, both
  in relation to Identrus and in relation to the
  market

15
GUII relationships
IEWG
ABI (Italian Bankers Association)
Founder members Banca di Roma Banca Intesa Banca
Lombarda Banca MPS BNL Sanpaolo Imi UniCredito
New participants ...
Bank of Italy
GUII
EBA
SWIFT ASSOCERTIFICATORI CIPA
16
The italian project

• The project output includes
• the definition and the realisation of the
  complete infrastructure for issuing and
  validating certificates including test,
  production, disaster recovery environment
• the realisation of the signing and validation
  software for customer (ISIL-ISPI DSMS)
• the definition of deliverable for the Identrus
  on-boarding
• the definition of OBS (organisational breakdown
  structure) in which 4 banks and Actalis work
  together

17
The italian project (...)

• The project output includes
• the definition and respect of the approval
  process for all deliverables
• the relationship with Identrus
• professional services for technical, operational,
  legal aspects
• integration tests of the infrastructure with
  SWIFT TRUSTACT
• the accreditation process to AIPA
• the outsourcing for CA and VA services

18
Project Structure

• Decision-making levels
• Operational levels

19
Up to date Timeschedule
Infrastructure delivery
Certificates issuing SWEEP
Delivery CCAG legal opinion
Identrus RAP
Key ceremony
July
August
September
November
October
20
Agenda

• ACTALIS
• the company
• product and services
• ACTALIS and Identrus
• The italian banks approach to Identrus
• steps
• goals
• the GUII
• the project
• European Directive and AIPA
• a case study banks will join (CNIPA) AIPA and
  Identrus

21
European directive and AIPA

• The italian banks
• will leverage the investments
• will propose their customer with certificate
  spending in differente areas
• will provide a legal opinion compliant with
  italian law
• will be Certification Authority in respect to the
  italian law (AIPA)
• will issue qualified certificates which are the
  highest level of certificate in the italian
  environment. A qualified certificate will be
  legally binding and is the only certificated
  accepted by Public Administration in Italy

22
Use of the Identrus certificate

• the certificate issued by an italian banks to
  their customers will be spent in coherence with
• Identrus, as close circuit (made by banks for
  banks)
• italian law, as it gives legal proof to
  document signed with accredited digital
  signature
• european directive, which represents the trade
  union between the two .. TYPE 5 ! QES and SSCD
  (qualified electronic signature and secure device)

23
Lesson learned

• The key factors are Business , Methodology ,
  Joint Forces
• Business is the driver from which every customer
  starts in the Identrus project banks went
  forward because they were aware of it
• Methodology is the easy approach to permit large
  organisation to focus and gain intra customer
  communication and inter customers communication
• Joint Forces permit to gain common understanding,
  and achieving results (reducing significantly
  cost and identifying easily solutions)