Home About Gamma Tour our Web Site Events White Papers Services Visitors' Book How to contact us
        IMS Internal Control ISMS Smart Cards Common Criteria
                 

A Taxonomic Model of Trusted Third Party Services

An important finding of the study is a generic taxonomic model of trusted third party services. There are three axes.

Axis 1 - Type of Services

The first dimension of the model distinguishes between the types of services which can be offered as being Primary-Value (PV) and Added-Value (AV) services. Primary-Value TTPSs could be, inter alia, any or all of the following services:

  • Key Generation
  • Registration Authority
  • Certification Authority
  • Directory Agent (Certificates and Revocations)
  • Key Recovery
  • Key Escrow.

This list is not intended to be exhaustive: its primary purpose is to illustrate the infrastructure-related TTP services. PV TTPs provide the basic mechanisms to create and use public-key technology - they are the enabling elements within a Public Key Infrastructure (PKI) or a general Key Management Infrastructure (KMI), but they generally do not provide any direct services which deliver business / commercial services. These are provided by Added-Value TTPSs. Added-Value Services could include:

  • Independent Time-stamping
  • Secure repository / registry for e.g. shared documents
  • IPR Handling and dealing in negotiable instruments (e.g. Bills of Lading)
  • Commercial Insurance
  • Notary Public Information (NOT Key) Escrow
  • Prescription dispensing.

Axis 2 - Scope of Supply

This aspect of the taxonomy distinguishes between the scope of supply of the services offered. There are three classes:

  • Private - The provision of 'trusted electronic' services solely for users within the same overall organisation (distinguished by there being a central CEO) irrespective of which national jurisdictions individual components of the business may potentially operate. These services are used only for internal business purposes
  • Syndicated - Extends the user-group of a Private service to enable the additional provision of services to selected suppliers / associates / clients of the providing organisation, but still only for business exchanges between (i.e. within) that group. These other organisations may potentially operate from a variety of national jurisdictions, as may the principal corporate
  • Public - Provision of any TTP services to any interested parties who wish to exchange information etc. using some kind of public-key technology / general infrastructure, potentially available to users in any national jurisdiction.

The Classification of a service can now be considered as the combination of provision of PV and AV service elements. Since both PV and AV services could, in theory, be provided under any of the scopes of supply, nine classifications are possible. That is not to say that all combinations are meaningful, and we consider that from the results of the survey, the following four classifications are the most realistic. Other combinations seem at the moment to be esoteric rather than practical. The classifications considered to be realistic are:

  • Class 1 - Private PV and Private AV
  • Class 2 - Syndicated PV and Syndicated AV
  • Class 3 - Public PV supporting Syndicated AV
  • Class 4 - Public PV and Public AV

and these can be represented in two dimensions as:

  Private AV Syndicated AV Public AV
Private PV Class 1 possible unlikely
Syndicated PV possible Class 2 unlikely
Public PV possible Class 3 Class 4

Axis 3 - Jurisdiction

This aspect is necessary because actions possible or undertaken in one national jurisdiction might not be binding or even permissible in another. This fact inhibits the uniform availability of all Classes and Types of TTPSs across national boundaries. This circumstance is actually a brake on the free development of commercial TTPSs, across Europe and beyond. In terms of the model, it may limit the types of classifications which are permitted to exist, i.e. certain types of trading relationships and supporting systems may not be allowed to operate. The third axis is therefore, commercially at least, an undesirable part of the model, and the removal of it represents the reduction if not removal of a barrier to the effective operation of pan-European and International TTPSs. It is unlikely that this axis shall ever be completely absent, but diminution of the variances between jurisdictions is a necessary target for trade facilitation.

SPONSORSHIP & PROJECT TEAM

The project was sponsored by the UK Department of Industry, and intended to solicit a European-facing UK perspective on the issue of trust in TTPSs. The project was led by the Zygma Partnership (UK) with Gamma Secure Systems Limited (UK), Needham & Grant (UK), Industrieanlagen-Betriebsgesellschaft mbH (DE) and PSTI-Evaluation (FR). All five companies are highly experienced international information security consultancies or lawyers, with wide experience in matters concerning the development of TTPSs, business risk management, trust, third-party security accreditation and the law.

             
             
             
 
Gamma is an ISO/IEC 27001:2005 and BS EN ISO 9001: 2000 registered company, certified for the provision of information security consultancy.  BSI certificate numbers IS 85916 and FS  30710.  Please send comments to webmaster@gammassl.co.uk or complete our Visitors'Book. Gamma Secure Systems, Diamond House, Frimley Road, Camberley, Surrey, GU15 2PS, UK Tel: +44 1276 702500 - Fax: +44 1276 692903Copyright © Gamma Secure Systems Limited 1998-2003
 
 
Page last updated: 14 January, 2003