Leveraging Bermuda's reputation as a home to blue chip international finance and e-commerce companies, QuoVadis Limited has founded the first offshore commercial digital certificate authority.
QuoVadis has already installed a pilot certificate authority and is issuing digital certificates to key customers for test purposes. QuoVadis' technology - called Public Key Infrastructure (PKI) -- is the leading solution to address the security, authentication, and non-repudiation issues associated with e-commerce. PKI operates through the provision of digital certificates that act as 'digital passports' and uniquely identify the parties to any on-line transaction.
QuoVadis co-founder Tony Nagel explains "Bermuda is rapidly evolving as a key international hub for electronic transactions, with its active financial community and excellent telecommunications infrastructure. QuoVadis expects to reinforce Bermuda's longstanding reputation for trust and sensible regulation, and to provide the high security that the business-to-business multinational e-commerce sector requires."
"We recognise that on-line security is an issue for any offshore organisation - and that PKI is the best solution to instill trust in digital business. Indeed, Bermuda's reputation and regulatory framework already differentiate the island from other offshore jurisdictions in the eyes of international clients. An independent Certificate Authority will further enhance Bermuda's e-commerce edge over other jurisdictions."
Bermuda's Minister for Telecommunications and E-Commerce, The Hon. Renee Webb, stated "In 1999, Bermuda was one of the first jurisdictions worldwide to enact legislation dealing with the formation of electronic contracts and the validity of digital signatures. The Bermuda Government is pleased to work with QuoVadis to continue to establish Bermuda as the premiere international platform for electronic transactions."
Primer on Public
Key Infrastructure (PKI)
Trust is central to successful commerce. In the traditional world there are many cues that help us determine if our business partner is trustworthy. It is relatively easy for us to verify who we are dealing with, what they are authorized to do, what constitutes a valid transaction, and where to go if we have a complaint.
Business in cyberspace is different, but the need to establish trust is the same. How do we know with whom we are dealing? How can we be sure that an authentic transaction has taken place that will not subsequently be repudiated by the other side? How can we be sure that an important message will be received by the intended recipient and will not be altered or read by someone else?
PKI is a framework used by businesses and governments to build security and trust into electronic business. PKI can assure:
The data was not read by someone else.
§ Authenticity: The data came from whom it says, not from an imposter.
§ Integrity: The data was not modified in transit or replaced by false data.
§ Nonrepudiability: The sender cannot deny that he sent the data.
PKI is now the clear market consensus for e-security: it is scalable and "network-neutral" across intranets, extranets, the Internet, or even WAP communications. It also provides the basic security so that users who do not know each other, or are widely distributed, can communicate securely through a chain of trust. Some important related terms include:
§ Cryptography: The science of transforming clear, meaningful information into an enciphered, unintelligible form using a mathematical algorithm and a key;
§ Digital Signature: A digital signature is not a literal signature, but a digital code that can be attached to an electronic message to uniquely identify the sender; to link the signer to the content; and to prove that the message was not modified after being signed.
§ Digital Certificate: A data element issued by a Certificate Authority (such as QuoVadis) to vouch for an individual's identity, as well as carry the public key used in their digital signature; and
§ Certificate Authority: The trusted third party (such as QuoVadis) that verifies and registers users, as well as issues, distributes, and revokes digital certificates in a secure environment.
Today, most applications are already PKI enabled: for example, it is very simple to use digital certificates in browsers and e-mail programs to add strong security for both communications and transactions. Now that legislation exists to support online contracting, PKI is the tool that B2B will use to identify their users, protect information, and to enable online signing of agreements. The number of potential new business opportunities or reengineering options is vast, including:
portals featuring electronic content delivery and records retrieval
§ Bill presentment and payment (including electronic funds transfer)
§ Online procurement and contracting solutions
§ Statement and private document delivery
§ Online markets/exchange sites, as well as intermediaries
§ Online financial services (including banking, insurance, and securities trading)
§ E-Government, including tax and regulatory filings, citizen relations, and even online voting
PKI may also be used to secure custom software applications (such as accounting or sensitive HR systems), to protect virtual private networks, and to encrypt desktop and laptop computer hard drives. Indeed, many industry analysts expect digital certificates to virtually replace the common password in just the next few years.
QuoVadis is developing a secure network facility in Bermuda to host its Bermuda operations, and the company already has initiatives underway to enter other offshore jurisdictions. QuoVadis is backed by investment from eVentureCentre, an e-commerce incubator formed by a Bermuda-based member of the Centre Group (part of the Zurich Financial Services Group) and Paragon Bermuda Limited (an IT consultancy).
of Offshore PKI
Since QuoVadis was launched in early 2000, increased attention has shifted towards the use of digital certificate authorities that are actually based offshore. Offshore companies are typical early adopters of digital certificates because they serve as "hubs" of international networks dealing with important information (of both monetary and strategic value).
At the same time, offshore companies wish to strengthen their links to the legislative, regulatory, and fiscal environments of their chosen offshore jurisdiction. Bermuda-registered companies that use QuoVadis certificates have a much stronger claim that the company, its communications, and its transactions belong to the Bermuda jurisdiction.
Government regulations are also an important factor as they encourage the use of encryption and digital signatures to foster online business (as in the case of the Bermuda's Electronic Transactions Act and the US E-SIGN bill), or to protect individuals' personal data (as in the case of the EU Privacy Directive and the US Health Insurance Portability and Accountability Act).
There is also a more controversial reason to use PKI: protecting intellectual property and client information from unauthorized eavesdropping by governmental systems. More is becoming known about surveillance systems like ECHELON and CARNIVORE, and even the European Parliament has claimed that "there is wide-ranging evidence indicating that major governments are routinely utilizing communications intelligence to provide commercial advantage to companies and trade."
QuoVadis has contracted with Baltimore Technologies - a Dublin-based computer security firm and member of the FTSE 100 - to develop its certificate authority. Baltimore Technologies has over 700 employees in more than 20 cities worldwide and supplies the technology behind more than 400 CAs globally.
The software used by QuoVadis - called UniCERT - is the first Certificate Management System in the world to gain ITSEC (Information Technology Security Evaluation Criteria) E3 certification. "With UniCERT's ITSEC E3 certification, we have independent verification that the system provides an unsurpassed level of e-security assurance," said Stephen Davidson, co-founder of QuoVadis. "Increasingly, international organizations mandate that their security products conform to the ITSEC E3 accreditation level. The UniCERT solution used by QuoVadis is now the only solution that can effectively address these needs."
Steve Bradshaw, Global Strategic Development Director at Baltimore Technologies comments "Baltimore Technologies believes that offshore financial centres such as Bermuda will be important focal points for international electronic business. Bermuda, with its solid public/private partnership between government and business, had great foresight in its early adoption of enabling legislation for e-commerce. QuoVadis will be a strong force for e-commerce companies looking to build trust into their international transactions.".
IMPORTANT NOTICE: Wolters Kluwer TAA Limited has taken reasonable care in sourcing and presenting the information contained on this site, but accepts no responsibility for any financial or other loss or damage that may result from its use. In particular, users of the site are advised to take appropriate professional advice before committing themselves to involvement in offshore jurisdictions, offshore trusts or offshore investments.
All rights reserved. © 2013 Wolters Kluwer