1999 Conferences

4th CACR Information Security Workshop

Bill Poletti ,MasterCard International

Business Requirements for CA Evaluations

To establish a high level of trust in a globally deployed PKI, it is necessary to make sure all of the supporting infrastructure meets a basic level of security surrounding protection of the private keys and systems operation. MasterCard created and refined security requirements to establish a basic level of security and trust in SET transactions. These requirements are aimed at the critical platforms in SET - the certificate authorities and payment gateways. The presentation reviews both these requirements and the experience in reviewing compliance. The SET specification relies heavily on the X.509 certificate structure. In its deployment, a problem with digital signatures, confirmed by industry leaders deploying other PKIs, that has a long-term impact on the use of the existing structure will also be covered.

Speaker Bio
Bill started his career in data processing in the financial sector. Within a few months, he was named Director of MIS at a St. Louis bank. Bill joined MasterCard in 1987 as Manager of Member Implementation, a technical support group. He later joined the Electronic Commerce group and was directly responsible for creating the specification for secure electronic commerce ultimately resulting in SET. Bill is currently in MasterCard's Information Security group and is responsible for cryptographic support and architecture and support for MasterCard applications, and for reviewing security for SET deployments under the MasterCard and Maestro brands. Bill also is a member of the SETCo Root management team.