http://chita.org/miscdocs/text/agora.htm
Description: CHITA organizations already working together on privacy and electronic security began structured collaboration in June 1999 on an interoperable PKI. Each organization constructs their own security infrastructure, sets their own timeframe, determines vendors, and shares lessons learned about the process of implementation. Organizations are tackling three business problems; Secure FTP, remote application/database access, secure email. They are using the Three State Model as a guide and vision. The end result will be refinements to the Three State Model and community implementation of specific security capabilities including PKI/certificate authority, perimeter security, VPN.
Participants: CHITA, West Sound Community Health Network, WA Group Health Cooperative, WA State Dept. of Health, OR Div. of Health, University of WA Medical Center, OR Health Sciences University, Health Information Institute, Community Health Information Services
Vendors/Advisors: Viaconsulting (http://www.viaconsulting.com), SAIC (http://www.saic.com), Agora Group (a consortium of chief security officers from 350+ corporations, local, state, federal and Canadian agencies in the Pacific Northwest)
Contacts: Bill Campbell, (425) 453-5154, wec3@viaconsulting.com; Peter Summerville, (206) 224-3950 x11, peterb5@chita.org
http://www.llnl.gov
Description: The Lawrence Livermore National Laboratory (LLNL) is in the process of building a Public Key Infrastructure (PKI) to support both its Programmatic and Business operations. An Emergency Access capability is viewed as a critical part of this infrastructure if the full potential of public key encryption technology for privacy is to be realized. LLNL will exercise the Emergency Access capabilities of a commercial software product to ascertain its ability to meet requirements. Their Zephr pilot project revealed that they could deliver engineering prototypes up to 90% sooner and up to 40% cheaper.
Participants: First National Bank of Chicago, Commerce Net's CALS Working Group, McDonald Douglas Aerospace, Loral Space and Range Systems, DOE laboratories, facilities, and vendors
Vendors and Consultants: Netscape (http://www.netscape.com)
Contact: Frank Ploof: ploof1@llnl.gov
Sources: "Department of Energy Lab Tests Secure System for Electronic Business" LLNL Press Release (October 2, 1997); "LLNL Zephr Story" - http://zephyr.llnl.gov/zf03T1-1_ZfrStory.html
http://www.ssa.gov
Description: The Social Security Administration (SSA) and Pitney Bowes Inc. are conducting a proof-of-concept demonstration project with a group of small employers. The project participants securely submit their annual W2/W3 data to SSA over the Internet using public/private key technology. SSA has proposed an expansion of the project to incorporate a test of emergency access to the W2/W3 data. SSA conducted a pilot program in 1996 that allowed individuals to request a form through the Internet and receive a paper form. SSA will begin now to plan, test and evaluate Internet forms delivery and additional SSA Internet services using public key infrastructure, an electronic security technique making use of computer-generated public and private "keys" to assure secure Internet transactions between an individual and an organization offering services online.
Participants: employers and individuals
Vendors and Consultants: Pitney Bowes Inc. (http://www.pitneybowes.com)
Contact: John Sabo, jtsabo@ssa.gov, Gary Hanson, Pitney Bowes, Inc.
http://www.tunitas.com/pages/PKI/pki.htm
The Tunitas Group Healthcare PKI Workshop series builds upon a common understanding of a Healthcare Specific PKI. The goal is to create tools to acquire enterprise commitment of resources to deploy a healthcare appropriate PKI. Deliverables include supporting every Workshop participant with acquiring CA capability, subscriber certificate use for s/MIME applications, and use of SSL and healthcare certificates. The Workshop is vendor neutral. Most Workshop participants are using the knowledge obtained from the workshop to develop internal CA competency. The Workshop convenes on a regular schedule to study, from a healthcare perspective, specific issues regarding an interoperable PKI.
Participants: Blue Shield of California, Catholic Healthcare West, California Medical Association, Hill Physicians Medical Group, Kaiser Permanente, PacifiCare, Sharp Healthcare, Social Security Administration, St. Joseph Health System, State of California, Sutter Health Systems, California Department of Health Services
Facilitator: The Tunitas Group (http://www.tunitas.com)
Contact: Ann Geyer, The Tunitas Group, tunitas@earthlink.net, (925) 631-1244
http://csrc.nist.gov/pki/testing/welcome.html, http://csrc.nist.gov/pki/rootca/welcome.html
NIST is working to develop a conformance test suite for PKI components. Cooperative Research and Development Agreement (CRADA) II partners will assist NIST in the testing and debugging of the test suite. CRADA II participants will also help NIST identify appropriate delivery mechanisms for these tests. NIST is supporting development of structured mechanisms for specification based testing. The Root CA Testbed project is designed to test the interoperability and overall functionality attained using current PKI technology. The project includes PKI components for in-house testing and configuration into different PKI architectures. The next phase of the project will involve implementation of a test plan using the NIST PKI components to link different pilot PKIs.
Participants: VISA,NSA, MasterCard, other industry and academic participants and all vendors and consultants
Vendors and Consultants: Cygnacom Solutions, Certicom , Spyrus, Entrust, BBN, GTE Cybertrust, Verisign, Digital Signature Trust, AT&T, Certco, Motorola, Bancorp, Cylink, IDCertify, Cignicom
Contacts: Nelson Hastings, PhD; Miles Smid, NIST smid@nist.com; Tim Polk, NIST (301) 975-3348 tpolk@nist.com; Scott Vanstone, Certicom; David Crane, Certicom, (510) 780-5420 dkrane@certicom.com; Jennifer VanCini, Certicom (510) 780-5458 jvancini@certicom.com; Skip Hirsh, Certicom (703) 821-2191 shirsh@certicom.com
Source: "U.S. Government Endorses Elliptic Curve Cryptography" Certicom Press Release June 14, 1999
http://www.edisec.org , http://www.wedi.org, http://www.afehct.org
The pilot project is intended to build industry wide consensus in healthcare regarding the selection and use of encryption and digital signature technologies required to satisfy the interoperable implementation of the Health Care Financing Administration’s (HCFA) new security requirements for Internet transactions. The project is organized into the following Work Groups - Batch transfers (FTP + PGP), Real Time transfers (SSL), Web browser transfers (HTTPS), E-mail transfers (S/MIME,EDIINT,PGP), Certification Authority and Authentication, Virtual Private Networks and Pilot evaluation and report. The pilot project will be testing the interoperability of multiple technologies with independent implementations. The technologies are based on open standards and implemented by "off the shelf" products.
Participants: ENVOY Corporation, SMS, HDX, Tunitas Group, Mayo Foundation, several BCBS, CHIME, UHIN, Cigna Healthcare, Palmetto GBA, MedServLink, and several Medicare and Medicaid contractors
Vendors and Consultants: Xcert International, Passport Health, Unisys, Arcanvs, Brady Solutions, and others
Contacts: Kepa Zubeldia, MD, ENVOY Corporation (Kepa.Zubeldia@envoy.com); Tom Gilligan, Afehct (afehct@aol.com); Jim Schuping, WEDI (schups@aol.com)
http://www/defenselink.mil, http://dii-sw.ncr.disa.mil/Del/netlic.html, http://netscape.intdec.com/disa
The DOD is preparing to award multiple contracts for digital certificate management authorities. The Pentagon plans to use PKI technology to authenticate the identity of users on its networks and encrypt electronic information. The Netscape Certificate Management System they are using provides issuing and managing digital certificates, encryption key recovery, support for Federal Information Processing Standard-compliant hardware cryptography, and support for the Digital Signature Standard. The DOD has already employed PKI technology in a pilot program supporting the Defense Travel System, and the department plans additional pilots covering the Global Command and Support System and the Global Combat Support System.
Participants: National Security Agency, Defense Information Systems Agency, U.S. Pentagon
Vendors and Consultants: Netscape Communications Corp. (http://www.netscape.com), Data Interchange Standards Association (DISA) (http://www.disa.org)
Contacts: John Menkart, Netscape; Nick Pizzola, Verisign; John Hamre, DOD (703) 607-5737
Source: Verton, Daniel "DOD, Netscape Ready PKI Rollout" Federal Computer Week (July 19, 1999) dan_verton@fcw.com; "DOD Executes PKI License Option" U.S. Department of Defense Press Release (July 15, 1999)
Arcanvs Inc., Unisys Corp. and GTE CyberTrust Solutions have agreed to develop a generic electronic certificate and to accept each other's certificates. If the effort is successful, it could mean that health care providers transmitting claims and other transactions to payers via the Internet would not have to use different certificate authority services with each payer. The companies are looking for providers, payers and pharmacies to test transmitting claims, prescriptions and eligibility vertification transactions in a secured environment over the Internet.
Vendors and Consultants: Arcanvs Inc., Unisys Corp., GTE CyberTrust Solutions
Source: "Effort to Develop Compatible Security Tools Advances." Health Data Management on-line edition (February 18,1999)
http://www.ustreas.gov
The U.S. Treasury Department piloted the SET (Secure Electronic Transaction) specification, utilizing elliptical curve-public key encryption. The pilot involved electronic commerce using the SET specification. The technology proved successful in the pilot.
Participants: U.S. Treasury Dept., Mellon Bank, Vioms Bank, Bureau of Engraving and Printing, all vendors and consultants
Vendors and Consultants: Certicom Corp., Rainbow Technologies, Inc., MasterCard International, Inc., GlobeSet, Inc., Schlumberger Electronic Transactions, Inc., Digital Signature Trust Co.
Contacts: Gary Grippo, U.S. Treasury Dept., (202) 874-6467 Jennifer VanCini, Certicom (510) 780-5458 jvancini@certicom.com
Source: Kerstetter, Jim. "SET-Ting Up a Curve Ball: Spec Bends Toward Elliptic Curve Cryptography in First Approved Pilot Project." PC Week (July 20, 1998): 23.
http://www.nih.gov
http://www.ncura.edu (PowerPoint presentation)
http://wwwoirm.nih.gov/secconf/t1s1/tsld001.htm
The NIH examined interest in a PKI Pilot that would keep an open client hardware/software environment and focus on PKI authentication. The pilot would incorporate product investigations, evaluations and demonstrations. The NIH utilizes Microsoft Exchange certificates to encrypt mail internally.
Contacts: Robert Malick, NIH Robert.Malick@nih.gov
http://www.chime.org, http://www.chime.org/security/Presentations/PublicKey/index.htm
Description: This pilot involves providing secure communications among healthcare providers and payers statewide. The PKI pilot will establish the facilities, specifications, and policies needed by Chime-Net members to use certificates for security, workflow processing, electronic commerce, secure communications, and e-mail within the CHIME-Net and with other organizations. The pilot is examining standards from the International Standards Organization (ISO), Internet Engineering Task Force (IETF) and the National Institute of Standards and Technology (NIST).
Participants: Connecticut Hospital Association
Vendors and Consultants: Internet Security Advantages (ISA) (http://www.inetsecurity.com), Sprysrus
Contacts: Beth Zonis, Internet Security Advantages, bzonis@inetsecurity.com; Raman Narayanswamy, Internet Security Advantages; Lori Reed-Fourquet; Eric C. Berthel, CHIME (203) 294-7388 berthele@chime.org
Source: "Setting the Stage for a New Way to Practice Medicine: Internet Security Advantages Implements a Public Key Infrastructure at the Connecticut Hospital Association" Internet Security Advantages White Paper
http://www.safetyinsurance.com
Description: Safety Insurance has developed a Web portal for the independent agents who sell the company's insurance. Because the portal uses digital certificates, the agents use one PIN to access numerous resources. Agents' certificates are verified and the correct matching keys are displayed using Lightweight Directory Access Protocol (LDAP); transactions can then be encrypted.
Participants: independent agents and vendors (such as glass suppliers and rental agencies)
Vendors and Consultants: Bell Atlantic, IBM Security Consultants, Entegrity Solutions (http://www.integrity.com)
Contacts: Daniel Loranger, CIO, Safety Insurance
Source: Wolfe, Devin "Insurance Provider Finds Peace of Mind with PKI" Network Magazine