+1 386-243-9402 MON – FRI : 09:00 AM – 05:00 PM

Internet Insurance: Property, Contents, and Commerce

A White Paper
Steven B. Adler ([email][email protected][/email])
Richard A. Sand ([email][email protected][/email])
(c) Copyright Internation Business Machines Corp. 1996 – All rights reserved

1) Introduction

For centuries, insurance companies have played a pivotal role in determining the insurability of products. Building construction materials, car parts, planes, trains, ships, consumer goods; almost every product used for commercial purposes today has been sanctioned, in one way or another, by an insurance company. In many cases, insurance companies have worked with state and local governments, with consumer safety organizations, and directly with companies to establish building codes, auto safety features, and consumer protection legislation.

The goal for insurers has been to reduce risk. Consumers have been the main beneficiaries, but companies also benefit. Insurable safety standards level the commercial playing field, creating a stable and secure marketplace.

On the Internet today, there are no insured, or sanctioned, standards for security. Business on the Internet today is like gold-panning in the Wild West – all the risks are borne by the adventurers. In the real-world, no businessman would open a new enterprise if an insurer said, “swim at your own risk.” But today, millions of businessmen are Web’ing up to do just that.

Internet Insurance can change that. By assessing commercial risk on the Internet, insurers can make that environment stable and secure. They can establish Internet security construction codes, transaction encryption standards, and let market forces – premiums and losses – dictate the winners and losers in the battle to secure the Internet for commerce.

But to offer insurance for Internet commerce, insurers will have to become intimate with the Internet. They have to learn to speak the Internet language, in all its strange and foreign dialects. That is where IBM can help. As the world’s foremost network computing company, with more than 30 years of network security experience, IBM knows the Internet fluently. IBM can help insurers understand how to identify Internet risks, reduce loss exposures, and underwrite the Internet as a profitable new line of business.

In the process, IBM can take the entire discussion of the Internet and Insurance out of the basement – where we sell firewalls, servers, and web services to IT – to the boardroom, where corporate decisions are made. This service initiative will empower insurers to influence the growth of Internet commerce, allow companies to insure their business on the Internet, and IBM owns the patents, skills, and resources to do it today!

This White Paper will demonstrate how insurers can secure Internet commerce, using the analogy of an on-line merchant building an Internet business. We will show how the merchant can build an Internet warehouse to effectively deter hackers, protect valued inventory, and deliver products securely. And, we will demonstrate how a combination of software and services from the Insurance ISU, Systems Integration, Infomarket, and the Consulting Group can help insurers turn the analogy into reality.

Along the way we will explore some fundamental relationships of commerce, as well as some of the underlying technologies of the Internet. We will focus on three areas of insurance: property (the building), contents (the inventory), and commerce (delivery). We will then turn to the insurer’s perspective, demonstrate their business opportunities, and highlight IBM solutions.

1.1) Building a Warehouse on Main Street

A retail book merchant wants to expand her business and open a direct-mail channel in another city. She studies the new city’s demographics, locates shopping malls, and identifies traffic patterns. Based on an analysis of available building sites, the merchant chooses a large plot at the end of a shopping mall, near a major road. The site is large enough for a warehouse, has accessible parking, and is visible on the road. Additionally, the neighborhood is in a low-crime zone, has good police and fire protection, and a local security firm watches over the shopping mall.

After hiring an architect, the merchant prepares for construction. A foundation must be laid, boilers installed, plumbing pipes routed, electrical lines put in. Walls, floors, ceilings, doors, windows, fixtures, and equipment will be installed. Door locks, sprinklers, a fire escape, a ramp for wheelchair access, burglar and fire alarms, security cameras, and other devices will secure the exterior against break-in or damage.

When the warehouse is complete, the merchant will purchase inventory from a variety of publishers, advertise a grand opening, and begin business. Orders will arrive via post or telephone, and books will be shipped out the same day via UPS.

Should a DC-10 crash into the building the next day and destroy everything, the merchant will be heartbroken but not out of business. Her walls, floors, ceilings, doors, windows, fixtures, equipment, and inventory are all insured. If the DC-10 also destroys the UPS delivery truck being loaded outside, all the parcels are insured against loss or damage in transit.

1.2) Building an Electronic Storefront on the Internet

Instead, if the merchant chooses to open an on-line book warehouse on the Internet, and a HackerC-10 breaks through his firewall and formats his data warehouse, the merchant will be heartbroken and penniless. If the HackerC-10 also manages to intercept a stream of outgoing book orders, crack the credit card codes and steal all the documents, the merchant may also be subject to liability suits from his customers.

To protect against this type of damage, the merchant needs to have her Internet Warehouse insured. To meet the insurer’s underwriting standards, she must build a very secure electronic warehouse. From the foundation to the roof, she needs to consider every facet of the building’s architecture. If there is any flaw – sloppy mortar between the foundation stones, loose panels in the walls, poor fitting window joints, or bad plumbing – a hacker will discover it and use it to his advantage. So the building has to be top-to-bottom secure, and that standard demands an architect with world-class credentials.

But before we draw up the blueprints, lets first examine the warehouse and its special needs.

2) The Building

The most important qualities of a well-built Internet warehouse are the same as a real-world warehouse:

1) The warehouse is built properly. The computers must be highly stable and fault tolerant, and the software (operating system, network software, and applications) must be rock-solid secure.

2) The warehouse is monitored properly. A comprehensive systems management solution monitors for attacks and other faults, alerts administrators, and reports on activity.

3) The warehouse is enforced properly. The network is programmed to actively defend, and identify and deter aggressors. It must shut itself down if it detects a security breach, and provide a detailed audit trail.

Let’s examine the design of the book merchant’s electronic warehouse, keeping these three qualities in mind.

2.1) Structural Integrity

When describing the structural integrity of the electronic warehouse, we must identify what makes an electronic presence on the Internet structurally sound. We use the phrase structural integrity loosely, for we are in fact discussing the entire planning phase of the warehouse. This includes choosing the location, the design of the building, and the planning of business operations.

2.1.1) Warehouse Architecture

A building must have a solid foundation. In computer terms, this means running on a good hardware platform. Computers that provide service to the Internet are typically high-end machines, such as IBM S/390, SP2, RS/6000 or AS/400s. These machines are designed to process large volumes of data, and are built to be highly resistant to failure. Machines of this nature are prerequisite for a properly designed electronic warehouse.

An Internet warehouse performs many different tasks, so multiple computers are needed to perform specialized functions. Specialization enhances security. The firewall divides the network into three areas – the internal (intranet), the external (Internet), and the demilitarized zone (DMZ) – and secures communication between them. The database server, the heart of the company, resides in the internal network. The web server sits in the DMZ processing requests from users on the Internet. And the transaction gateway handles the interaction between the web server and the database server.

Each server requires the most sophisticated design for high-availability. This means having a parallel machine as a “hot-standby”, storage technologies such as mirroring or R.A.I.D, and multiple links to the internal network.

2.1.2) The Warehouse Location

Just as important as the strength of the building, is the location of the building. A well-designed warehouse must have a well-selected location. In Internet terms, this means selecting a quality Internet Service Provider.

A good Internet Service Provider (ISP) can provide good access to the Internet (called bandwidth), has reliable technical support, and has sufficient resources to offer high availability. Selecting a poor ISP is like building the warehouse in the inner city: road access is poor, and the local police can’t deter crime. The poor ISP gives low-quality or sporadic bandwidth, and cannot adequately prevent hackers from hacking in the ISP’s network territory.

2.1.3) Warehouse Operations

In the electronic warehouse, the jobs involving operations are done by software such as IBM’s Net.Commerce. The software manages inventory, processes orders, checks credit-card authorization, records transactions, and handles delivery.

The electronic warehouse and the “real world” warehouse overlap strongly at this point, because these functions of the business are computerized for both. Orders, inventory, and invoices are all stored electronically on computers with special databases . For the “real world” warehouse, a person must check the computer database for the order, and print out the invoice. In the electronic warehouse, the warehouse software checks the database directly.

2.1.4) The Firewall

A firewall is a special computer that sits between the company’s internal network (intranet), and the Internet. The firewall is the front door to the network. Because the Internet is public, any Internet user can send information to your network. On the Internet, information is broken down into small messages called packets. The firewall uses packet filtering to decide what packets are allowed in and out of the firewall.

The network administrator decides what packet filters to use, to allow only the desired traffic. If an Internet user tries to issue a command to your web server, using a standard program such as rexec (stands for remote execution), a properly configured firewall will refuse to deliver the command. But if the Internet user tries to connect to the web server with his Internet browser, then the firewall allows this connection.

The firewall also hides the company’s intranet topology from the Internet. If a hacker doesn’t know that a database server exists, then there is nothing to hack. Technologies like Network Address Translation and SOCKS allow the company’s employees to safely use the Internet from behind the firewall, without revealing information about the company’s intranet. The firewall acts as a go-between, called a proxy. It receives requests from the intranet, and forwards them to the Internet. From the Internet’s perspective, your company’s network consists of only two machines: your web server and your firewall.

Today’s firewalls also provide a service called secure tunneling, which allow sensitive transactions to take place over the In ternet. A secure tunnel is a special connection, over which all data flowing between two machines is encrypted. The protocol for establishing secure tunnels has been standardized, so any vendor’s firewall can set up such a tunnel with any other’s. Secure tunneling allows the intranet database server to verify a customer’s credit limit, or allows network administrators to work with the web serv er remotely. If someone on the Internet tries to eavesdrop on the secure tunnel, all they will hear is static.

2.1.5) The Web Server

The web server distributes queries and replies between servers on the intranet and clients on the Internet. A web server relies on encryption algorithms to secure the data flowing through it. Encrypted client requests from the Internet pass through the firewall and are brokered by the web server. Reply messages are also encrypted out to the Internet.

The web server allows access to an intranet database server. The web server processes queries , and using a technology known as Common Gateway Interface (CGI), passes it to the database. The web server then passes the reply back to the customer. At no time has the client directly accessed the database computer.

Encryption algorithms today are based upon a mathematical function using two large prime numbers, which serve as keys. The first key, called the public key, is used by the web browser to encrypt the information so it is unrecognizable.

The encrypted data is then sent through a web server to the transaction system. This secure internal machine has the second key, called the private key, which it uses to decrypt the information. Even if a hacker gets the encrypted information and the public key, he still cannot decrypt the information without the private key. This provides the entire mechanism of secure electronic transactions for the public Internet. It enables electronic warehouses, home banking, and other sensitive transfers to occur safely over the Internet.

2.2) Protection and Enforcement

The second point addresses the protection of the warehouse and the third addresses protection. They are combined here because the go hand-in-hand. A good protection system must be backed by a good enforcement system. A security alarm without police, or a smoke alarm without a fire department, is a useless alarm.

Protection and enforcement of a network are achieved by Systems Management. System management means keeping operators and net work managers informed on the state of the managed machine (the firewall, and the other machines that comprise the company’s Internet presence).. This is carried out in three ways:

1) remote monitoring- allowing a centralized management system (one or more) to watch the managed machine and query it for status information.

2) automatic alerting- enables the managed machine to send unsolicited messages to the central management system, usually to indicate a problem or warn against a possible problem.

3) reporting- allowing the centralized management system to generate meaningful activity reports continuously, so the health a nd security of the managed machines can be evaluated.

One of IBM’s greatest advantages in the Internet world is our ability to provide robust system management of and through a firewall. Secured Network Gateway (IBM’s firewall product) and AIX (the IBM operating system that SNG runs on), in conjunction with IBM’s system management offerings (TME10), provide powerful systems management facilities.

2.2.1) Remote Monitoring

Monitoring starts with checking that all of the systems are up and running OK. We begin by monitor for the health of the hardware an d software (with products such as SystemView Systems Monitor or Tivoli Sentry). Additionally, we must also monitor for intruder attacks (with offerings such as Firewall System Management Package and Web Server Security Package). And if an intruder attack occurs, we must decide how our network will react.

The facilities of AIX and SNG provide a detailed audit trail of all system activity. This audit trail is then studied by special analysis programs, which are the equivalent to security cameras. Any irregular findings in the audit trail are reported.

Some examples: a critical system configuration file is altered (a hacker, or even an employee, has broken in and is trying to achieve a higher security clearance by changing the configuration). A user tries to log in with the wrong password too many times (a hacker is trying to guess a password). A machine on the outside is using an address that is reserved for the internal network (this form of attack is called IP-spoofing). Someone on the outside probes the firewall with disallowed “unsecured” network services ( remote login attempts, remote execute commands, or special hacker software such as Satan 1.1).

2.2.2) Automatic Alerting

After a system management program detects a problem or an intruder attack, the network can react in a variety of ways. It can create a report of the problem, send an administrator mail, generate an alert to a central management system, execute a program to take automatic corrective action, or any combination thereof.

Lets say that a hacker has tapped into the network cable running between the two of our electronic book merchant’s corporate offices. This hacker then sets up his own computer on the cable tap, and tricks the network into believing he is part of company. First he listens to the information flowing across the line, to hear which systems are talking. He then begins to mimic them, carefully probing through the network. Finally, he discovers our electronic warehouse system. But since he has tapped directly into the internal n etwork, he has bypassed the firewall! He sees a golden opportunity to steal valuable information (books or software). So, he logs onto the computer holding the electronic warehouse…

Elsewhere in our network, a computer running systems management applications is monitoring the electronic warehouse, and the firewall . And it sees someone accessing the electronic warehouse. But this access is coming from the secure network, and the particular source address on the internal network is not supposed to be using the warehouse! And it is the middle of the night, when nobody is supposed to be doing administration! The managing computer reacts. The following happens:

1) The managing computer picks up its modem, and dials the network administrator’s pager. It sends the pager a message “Warning ! Unauthorized use of the electronic warehouse!”

2) The managing computer sends a message to the electronic warehouse, telling it to shut itself down due to an emergency situation.

3) The electronic warehouse is shut down.

2.2.3) Reporting

We have already benefited by having a powerful systems management solution installed on our network. The hacker has been thwarted. But was any damage done before the electronic storefront was shut down? How did the intruder get in? Auditing and reporting will tell all. Let’s continue our example:

4) The administrator rushes to the office (or accesses the network by remote, using a special, encrypted access mechanism such as SecureNet ID Cards) and analyses the audit trail.

5) He determines that someone tapped into a cable somewhere and spoofed the identity of another machine. An investigation reveals that the hacker had broken into the cable switch box between the two buildings (yes, this does happen!) and had done his work from there with a powerful laptop computer, and a home-built interface.

6) The administrator corrects any damage done (again using the audit trail) and adds additional security to prevent this type of attack from happening again. (For example, programming the hard-coded addresses of all of the network interfaces into his network devices, so that they ignore any information from a machine that doesn’t have a proper hardwired 12-digit address).

7) He thanks himself for implementing an IBM systems management solution.

3) The Inventory

As a technology leader, at IBM we see the Internet as an evolving technological phenomenon, a paradigm shift that is happening all ar ound us. But inside the shift, one paradigm of commerce remains undefined: property. Without an universally accepted definition of Internet property, it is hard to insure Internet Commerce.

Lets go back to the book merchant and her real-world mail order business. An order for a book from a foreign customer arrives. The book is packaged and sent via a global delivery service. The package is insured against loss or damage. If the package is lost in delivery, the insurance company will indemnify the merchant for the book’s full value. The merchant, informed of the book’s loss, wil l purchase a new book from the publisher and re-send it to the customer.

This is a commonly understood commercial relationship. When a customer purchases a book, she purchases a physical entity for which there is an agreed upon value. Upon receipt, the customer owns the book and requires no further proof of ownership. Ownership is con veyed in the purchase agreement. The book can be lent to a friend, given to relatives, or sold to a secondhand bookstore. It is a real-world, physical entity with commonly accepted real-world benefits, and limitations, of ownership.

In the cyberworld, digitalization blurs commonly accepted commercial relationships. A document sent by a merchant to a customer via Internet electronic mail can easily be duplicated and resent if the original is lost in transmission.

A digital object that can easily be duplicated and transmitted en masse has no intrinsic value. A dollar has an internationally accepted value based largely on the aggregate supply of the currency in circulation. A dramatic surge of dollar production will inflate circulation and devalue the currency. Severe overproduction of any currency leads to worthlessness. On the Internet, duplication has the same effect, rendering digital property ubiquitous and relatively worthless.

An object that can be easily duplicated, has no value. If the object has no value, ownership is ephemeral, and insurance can’t be applied. Thus, today on the Internet, transactions involving unrestricted digital content can’t be insured.

3.1) Securing The Inventory

Cryptolopes can change that. Cryptolopes are containers that encase digital information, software, or products with a protective, encrypted shell. Like a delivery package, the encrypted object has an envelope jacket that describes the contents, and identifies the sender and recipient. Also on the jacket is a purchase form. When filled-in and transmitted to the owner, the owner sends back a return-receipt with an encryption key, which unlocks the encrypted container and permits access to the contents. If the buyer sends th e cryptolope to a friend, the friend will not be able to access the contents unless she fills-out the purchase form and obtains a key from the owner.

In use today on InfoMarket, cryptolopes are already a commercial success. Widely hailed throughout the publishing industry, they wer e created by IBM to form the foundation of a new copyright protection system for content distribution. If an author wishes to publish a document on InfoMarket, he can use a cryptolope container to specify the transaction properties of the document. Readers can the n purchase the document, and royalty payments are transmitted back to the author, via InfoMarket, depending on the distribution rights assigned to the cryptolope.

The unique properties of cryptolopes endow them with the ability to preserve value and persistent ownership rights. By enumerating distribution rights on the object’s “envelope,” and protecting against unauthorized access, cryptolopes endow digital content with the same properties as their real-world counterparts – thus they can be insured.

3.2) The Cryptolope Container

Basically, a cryptolope is an encrypted file. If a browser wants to buy a book from the merchant, a click on a link downloads the cr yptolope file to the browser’s computer. She has the object but can’t get at the contents without first completing the purchase form stored on the cryptolope. Once completed, transmitted back to the merchant, and approved, she now has access to the contents of the file, as enumerated in the distribution rights. If she wants to send the book to a friend, she sends the cryptolope file and the friend has to complete the same process.

Cryptolopes are like bulletproof, microchip encoded, glass object containers with some very special capabilities:

3.2.1) Encryption

The cryptolope uses layers of encryption that prevent unauthorized users from gaining access to the document. An abstract of the object’s contents is viewable from the container’s jacket, and the encrypted object can be disseminated freely.

3.2.2) Distribution Rights

An author can assign the object with properties governing access permission, costs, document restrictions, print and reproduction control, modification rights, depreciating value, resale conditions, notarization rights, and payment privileges that are persistent for the life of the object. Ultimately, even the life span of the cryptolope protection can be assigned to the object.

3.2.3) Fingerprinting

Touch the object, and your digital fingerprint is permanently recorded. That means that the e-mail address, and perhaps the mail server and IP address, of anyone who downloads or receives the cryptolope is stored in a data container on the container object.

3.2.4) Watermarking

In a paper document, a watermark is a translucent design embossed or pressed into the paper that can only be seen when the page is held before a light. In a digital document, it is a faint background image superimposed on the document that preserves the document’s copyright.

3.2.5) Metering

Information contained in the cryptolope object can contain pointers to different financial clearing houses. A browser on an online l ibrary may wish to read several pages of a naval document. Reading the pages costs 2. The cryptolope contacts a credit-card-authorization clearing house and received authorization for the 2 payment. A royalty is then paid to the author of the document, and tran saction fees are split between the library, credit card company, and, perhaps, IBM.

Metering can be used to depreciate the value of access rights to an object’s contents over time. To assess the value, the cryptolope has time rights embedded in it as an object property. The cryptolope then has the ability to “phone home” to the author to check the object’s present value after a period of time.

To ensure scalability, the system won’t actually “phone home” with each new object, but will maintain credit authorizations , digital cash certificates, or stored money in various protected purses on the customer’s desktop computer. The system will “phone home” principally when these purses are exhausted and more credit or money is required.

When “phoning home”, the rights management system will also report usage information, such as the number of times the conta iner was opened, the number of pages printed, and so on. The clearinghouses will convey usage information to rights holders along with their share of the royalty information. To protect the privacy of individuals or the confidentiality of enterprise information, the usage data can be aggregated or made anonymous before it reaches rights holders.

3.3) Insuring a Cryptolope

When an Author uses Cryptolope technology to transmit his documents, the Cryptolope can be easily reproduced, but the contents can only be read after a purchase contract is filled-out, payment has been made, and a return-receipt has been received. The Cryptolope preserves the intrinsic value, assigned by the author, of the original document.

Cryptolopes can be used to “contain” anything. With secure contents, enumerated transaction rights, and insurance, cryptolopes could become the arbiters of value on the Internet.

If our online book merchant has purchased his books as digital cryptolope objects from a variety of publishers at wholesale, the merchant has stocked his warehouse with non-replicable digital objects with persistent value – he has an inventory. The inventory has a value that is insurable, just like a real store. If the merchant is robbed, an inventory list can be produced to assess the value of the loss, verified by the publishers, and an insurance company can make an accurate claim assessment report

3.4) Cryptolope Inventory

With cryptolopes deployed to secure inventory contents, new commercial distribution opportunities can be employed. The IBM Infomarket division has written extensively on the economies of Super Distribution, and more information on that subject can be found at http://www.infomarket.ibm.com. We will cover some distribution topics in the next chapter, but will focus here on some of the item s that could be insured in inventory using IBM Cryptolope technology.

3.4.1) Books

An author publishes an online book. He sells a publisher a cryptolope with the right to make 20,000 copies in the first run. The publisher distributes book objects to retailers, and each object can be reproduced 20 times. At each stage of reproduction, the object has a value that can be insured.

3.4.2) Compact Disks

Every time a song is played on the radio, in an elevator, at an aerobic studio, or in a store, there is a royalty paid to its author. Copyright protection agencies such as ASCAP and BMI market this privilege aggressively across the world, ensuring that music authors are not robbed of their royalties when people use their work for commercial gain.

Internet bandwidth is growing daily, and online CD sales are not far away. With more bandwidth, a music CD could be downloaded and burned into a PC CD-drive in minutes.

Cryptolopes can help extend the royalty collection efforts of played music into the digital realm of distributed music. If every digitally transmitted CD is encrypted in a cryptolope container, each music publishing company can choose its own distribution methods. A digital CD object may be granted reader access only. Or the publisher may allow the owner to copy the object and send it to someone else, who in turn pays a royalty to the publisher. The music CD objects sitting in a distributor’s Internet warehouse will be fully insurable.

3.4.3) Gift Certificates and Rebates

Online stores may entice browsers to become shoppers with digital giveaways, rebates, and gift certificates redeemable at point-of-electronic-purchase. These certificates would essentially be pointers to a database, forms of electronic cash, or online gifts. The issuing merchant has a lot to lose if they are stolen, so he issues several hundred and wraps them in cryptolope containers. Since the certificates have a value, they should be insured.

3.4.4) Confidential Information

Medical records, X-rays, CAT Scans, MRI Images, pharmaceutical prescriptions, corporate financial records, pending patents, contracts, titles of ownership, and deeds are all examples of objects of value that can be protected by Cryptolopes. And if they can be protected, and their value can be ascertained, they can be insured. So, for the first time, companies, institutions, and individuals can lock up their digital information in transportable, encrypted, object containers and have the containers insured as if they were steel containers waiting in a dockyard to be shipped across the ocean.

4) Commerce

Commerce on the Internet involves transmission. To send something across a continent on the Internet, packets get funneled through t elephone lines, cables, and microwaves, and zigzag across hundreds of routers in-between. Like the Pony Express, the packet may have to pass through some dangerous territory, stop at deserted way-stations, and fight off some bandits to make its journey and deliver the goods.

Cryptolopes can be insured not only as static inventory, but also to deliver Internet products to consumers. Just like in the real world, the delivery of the electronic products is insurable. Stocks and Bonds

4.1) Airline Tickets

IBM’s Travel and Transportation Industry Solution Unit is currently working with American Airlines to use cryptolopes to transmit air line tickets to smartcards, a microchip-encoded credit-card. The “tickets” will be pointers to an airline database and travelers will use the card to check-in whey they fly. Since airplane tickets are items of considerable value – prone to fraud and abuse – they will be insured in transit.

This example demonstrates not only the flexibility of cryptolopes but also their portability into the real-world.

4.2) Electronic Cash

Electronic Cash (eCash) is a pointer to a bank account that frees funds for transfer. Verification software authenticates the owner. When our book merchant sells his book objects on the Internet, payment may be made using eCash stored in a cryptolope (possibly with additional assistance from the Secure Electronic Transaction protocol).

The denomination of the eCash would be visible from the Object container, but only the merchant could gain access to the pointer and deposit the sum. The merchant chooses to deposit his eCash containers en masse into his bank account at the end of each business day. As the sales roll in, the eCash passes through his Firewall, bounces past the web-site, and gets deposited in a safe server. The transmission should be insured because the eCash could be lost or stolen en route.

4.3) Stocks and Bonds

Using cryptolopes, online brokerage houses could issue stock certificates – notarized with watermarks and digital signatures – to traders. The stock, being an item of considerable value, would be insured in transmission. The cryptolopes’ special metering function could be utilized to keep the owner informed of stock splits, and could be used at the point of sale to update the latest traded price. Conceivably, the cryptolope could even be programmed to update its own value at regular intervals.

With high value items such as digital stock and bond certificates stored in cryptolope containers, banks could even establish Internet bank vaults to store them for depositors concerned about security and hardware failures. The banks will have their vaults insured .

5) Insurance Opportunities

Now that we have demonstrated how an Internet warehouse can be built, its Inventory protected, and its commerce secured, its time to turn the picture and look at it from an insurer’s perspective. An insurance company sees the Internet as fraught with risk, largely because the Internet itself is abstract and insurers don’t know much about it.

We have demonstrated that individual risks are identifiable and manageable. But what about aggregate risks? In the real world, comm ercial property is subject to natural forces and catastrophic loss. Recently, hurricane Fran wreaked havoc on North Carolina and ill ustrated this point tragically. The catastrophic losses are estimated in the billions of dollars. What about the Internet? Can the same thing happen to Internet property on an catastrophic basis?

5.1) Catastrophic Losses on the Internet

Fortunately, the Internet, designed by the US Defense Department to withstand nuclear war, is impervious to catastrophic loss. It can’t be shut down or destroyed. But parts of it can be taken off-line, as was recently demonstrated by America Online (AOL), when its servers went down for 19 hours and its 3 million subscribers were left in the dark.

Currently, businesses and individuals access the Internet through Internet Service Providers (ISP). ISPs can be telephone companies, cable operators, online service providers such as Compuserve, Prodigy, or AOL, private networks such as the IBM Global Network, or government departments such as the US Department of Energy. Each one of these ISPs connects pools of servers to the public Internet backbone, and protects their servers with firewalls, secure gateways, and routers.

Since an ISP has the responsibility to provide service to a diverse group of companies and individuals, insurers should see ISPs as Special Risks. Special Risks need to be insured independently. Insuring the ISPs separately allows insurers to spread their risks according to size, geography, and Internet topology. This “Risk Spread” mimics the way insurers pool risks in the real world, and will, in a carefully managed risk portfolio, eliminate the threat of catastrophic losses.

5.2) Managed Risks

If our merchant decides to build a real-world warehouse and house an Internet book store in the same location, she will have four implicit layers of insurance protection. The first layer will cover her physical location, equipment, and inventory against fire, damage, vandalism, and theft in a traditional P&C insurance policy. The second layer will cover her Internet location, the firewall, web-server, and inventory against damage, vandalism, or break-in. The third layer covers her Internet Service Provider against losses due to server downtime, hacker vandalism, etc. And the last layer covers her commercial transactions, deliveries, and communications encased in cryptolopes.

The combination of these four layers provides the merchant with a fully insured business. It also provides her insurer with multiple layers of risk protection. And the sum of the four layers make Internet risks fully manageable.

5.3) Market Size

The Internet is growing at over 100% each year. But an insurer that is selling auto insurance on the Internet might discover that on ly a small percentage of customers are even on the Internet. Even with 200% growth, it may take 5 to 10 years before all the real-world customers of an insurer sign up for Internet service. That makes selling traditional insurance on the Internet a frustrating experience.

But the market for Internet Insurance is the Internet, and the customers are already on the Internet. 50 million of them at last poll. So who could an insurance company sell Internet Insurance to?

They could start with their traditional P&C portfolio and perform a census to determine how many of them have web-sites, intranets, etc. After mining that resource, they could turn to the customers of their competitors in their home market. In Europe, the EU’s 3rd Directive specifically allows companies to sell insurance policies to anyone in the EU. And with the Internet totally unregulated today, any insurance company in the world could underwrite Internet Insurance risks anywhere in the world. In short, the market is new, totally untapped, enormous, and growing very fast. For the first pioneers of this new insurance Line of Business, the opportunities are staggering.

6) IBM Solutions

IBM can help insurers get up to speed with the Internet today, stay on top of Internet developments, and manage Internet Insurance risks in the long term. To do so, the Insurance ISU has – with the assistance of ICG, SI, and the Danish Education Center – prepared a 6 part service and solution offering. Top to bottom, this offering includes the following components:

6.1) Internet Insurance Education

Before insurers can reap the benefits of online insurance, they have to grapple with the nuts and bolts of the Internet, Internet Security, and the threats posed by hackers. To prepare insurers for this brave new world, we have designed the following education curriculum.

6.1.1) Internet Boot Camp

A one week training course for insurance underwriters, claims adjusters, and risk managers, Internet Boot Camp is designed to introduce the insurers to the Internet from A to Z. Topics covered will include the origins of the Internet, technology and terms, growth patterns, demographics, legal issues, Internet Commerce, and communications. Attendees will be introduced to the public Internet, private intranets, and commercial exranets.

6.1.2) Internet Security

An in depth look at Firewalls, Secure Servers, Web-Sites, Cryptolopes, SET, Lotus Notes Encryption, Netscape, Sun, Microsoft and other offerings; attendees, perhaps here including members of IT, will get elbow deep into the bowels of Internet Security. They will install and setup a working Firewall, Web-Server, and will be instructed in network monitoring, security alerts, and system management.

6.1.3) Rent-A-Hacker-You-Can-Trust

A one-day trip into the mind of a hacker, demonstrating how hackers get access to user ids, passwords, servers, and databases. Hacker vandalism, server destruction, and SYN flooding will be demonstrated and attendees will get a full picture of the kind of claims th at could be reported; as well as steps to be taken to avoid them.

6.2) Internet Insurance Product Consulting

After the education, IBM will work with an insurer to help design Internet Insurance underwriting guidelines, claims report formats, product administration applications, and risk management seminars. In collaboration with ICG – using the IBM Internet Security Consulting Methodology – the Insurance ISU will help insurers lay the foundations for a full-fledged Internet Insurance software solution, taking into account issues of globalization, Internet marketing, and legal ramifications. The consulting will encompass the following components:

6.2.1) Underwriting

Insurance applications need to be designed to discover the Internet hardware, software, and security standards employed by an insurance applicant. Guidelines need to be created to assess each component and make base rate calculations. Unacceptable risks will be defined as well as rejection criteria.

6.2.2) Claims

Claims adjusters need to consider defining how to prove a claim on the Internet, how to file an Internet Insurance claim report, and what steps are needed to assess the damage and value of lost goods or downtime.

6.2.3) Product Administration

Administrators need to consider Internet payment collection, policy delivery, and claims compensation. Digital signatures, watermarking, and digital fingerprinting need to be evaluated for their effect on insurance policies.

6.2.4) Risk Management

Insurers will want to keep up with the latest developments in Internet Security technology and inform their insured of the changes. Risk management information collection services will be needed, and companies will want to design RM newsletters, web-sites, seminars and conferences.

6.3) Net.Insurance

The result of steps 1 and 2 above will be an insurance team ready to underwrite Internet Insurance risks. But to market, sell, adjust, and administer those risks to the commercial Internet community, the insurer will need powerful online software. Using Lotus Notes, and Domino, IBM can provide a comprehensive Internet Insurance software solution to embody the business rules developed in step 2 above. The product will be called Net.Insurance and will contain the following online components:

Web-Site Insurance Marketing
End-to-End Sales
Claims Reporting
Risk Management
Internet Technology news gathering
Policy and Payment Administration

6.4) Risk Assessment

Few insurers today have the international presence necessary to underwrite Internet Insurance risks with global dimensions. Large multinational companies, such as IBM, General Motors, Mercedes Benz, etc, have hundreds of locations around the world, perhaps employing different Internet Security technologies in each location. To underwrite global risks, insurers may need to outsource the risk ass essment to a company with global reach. IBM can uniquely fulfill that need.

Today, the IBM Internet Security Consulting Practice can provide risk assessment on an international basis for large insurance risks. This service is currently performed for companies who wish to hire an external auditor to examine their Internet risk exposure. ICG is ready to extend this service to insurers.

6.5) Risk Management

After an insurer underwrites a risk, collects the premiums, and waits for claims, risk managers step in and try to help insureds reduce their exposure. While online information published through Net.Insurance can go a long way to publicize Internet Security exposures, there is no substitute for face-to-face Risk Management seminars and conferences.

In coordination with ICG, the Insurance ISU can coordinate and organize these Seminars and Conferences for large and small insured al ike.

7) Conclusion

The conclusion to this white paper simple. Bullets tell it best:

Insurers stand to gain a lot from this initiative. Access to new markets and new products top the list. But there is also the elem ent of public prestige. Insurers entering this market will be identified as leaders in their industry, standard bearers for the others. And they will be seen by an appreciative business community as helping to make the Internet a safe and profitable arena in which to do business. They will be helping to make their name synonomous with secure Internet commerce.