TeleTrusT Initiatives for PKI Solutions

Slides:



Advertisements
Similar presentations
U M T S F o r u m © UMTS 2002 UMTS Security aspects UMTS Forum ICTG Chair Bosco Fernandes Siemens AG
Advertisements

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
PKI services in the Public Sector of the EU Member States Objectives and Methodology of the survey Prof. Sokratis K. Katsikas University of the Aegean,
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Secure Communication Architectures.
1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.
Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.
Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.
1 ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region.
Security Controls – What Works
Page 1 ©2000 Bull Major Challenges in e-Government Value System in modern IS’s for Public services Claude Boulle, European Affairs FP 6 Consultation Meeting.
Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
© Julia Wilk (FHÖV NRW) 1 Digital Signatures. © Julia Wilk (FHÖV NRW)2 Structure 1. Introduction 2. Basics 3. Elements of digital signatures 4. Realisation.
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.
A Comparative Study on the e-Commerce Laws of Taiwan and the Philippines September 20, 2006 John C.T. Ko & Regina Rose N. Regidor for Taiwan for the Philippines.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
1 How to overcome Isolated PKI Approaches PKI Forum Munich June 2001 Hubertus SOQUAT German Federal Ministry of Economics and Technology.
IT in the Swedish public sector Britta Johansson
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
PKI Forum Sydney 2000 Members Meeting Stephen Wilson Chair -- Certification Forum of Australia Director -- PricewaterhouseCoopers beTRUSTed PKI in Australia.
Logo Add Your Company Slogan China Financial Certification Authority Third-party certification authority Team 13 :吉露露、吴莹莹、潘韦韦 ( CFCA )
Risks of data manipulation and theft Gateway Average route travelled by an sent via the Internet from A to B Washington DC A's provider Paris A.
The Porvoo Group Tapio Aaltonen Director, CA-services, co- chair Porvoo Group Population Register Centre Finland.
The Value of Common Criteria Evaluations Stuart Katzke, Ph.D. Senior Research Scientist National Institute of Standards & Technology 100 Bureau Drive;
Internet Banking Key Issues Internet Banking Working Group May 14, 1998.
1 European eGovernment Awards 2007 European eGovernment Awards 2007 Workshop for Finalists July, Brussels LIMOSA Belgium Reference project number.
UNECE – SIDA “ SOUTH EAST EUROPE REGULATORY PROJECT” FIRST MEETING OF REGULATORS FROM SOUTH EAST EUROPEAN COUNTRIES PRESENTATIONFROM THE REPUBLIC OF MACEDONIA.
TeleTrusT PKI WG Information and Activities PKI-Forum, 19-Jun-2001 Fritz Bauspiess Secorvo Security Consulting GmbH Albert-Nestler-Straße.
HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.
Future needs for capacity building and recommendations to the OIE Dr Sarah Kahn Consultant to the OIE
Voluntary Standards and Government: Working Together A Positive Collaboration Benefits Both the Public and Private Sectors Presentation by Mary C. McKiel,
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Harmonised use of accreditation for assessing the competence of various Conformity Assessment Bodies Dr Andreas Steinhorst, EA ERA workshop 13 April 2016,
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
TAG Presentation 18th May 2004 Paul Butler
Securing Data in ePassports
Key management issues in PGP
INSPIRE and the role of Spatial Data Interest Communities (SDIC)
Dr. Ir. Yeffry Handoko Putra
Efficient and secure transborder exchange of patient data
TAG Presentation 18th May 2004 Paul Butler
e-Health Platform End 2 End encryption
Module 8: Securing Network Traffic by Using IPSec and Certificates
Gunnar Vaht Head of the Estonian ENIC/NARI Baku, 2017
Public Key Infrastructure (PKI)
Securing Data in ePassports
Digital Signature.
Standards for success in city IT and construction projects
Legal framework for social enterprises
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
PKI Services for the Public Sector of the EU Member States
Public Key Infrastructure from the Most Trusted Name in e-Security
Securing a Connected Transportation System
Dashboard eHealth services: actual mockup
Paul T. Smith, Esq. Partner, Davis Wright Tremaine LLP
Module 8: Securing Network Traffic by Using IPSec and Certificates
THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,
WG 1.5 b Summary Statement: Qualitative e-Government-services and effective front-office are conditioned by a good back-office Presentation of Emmanuel.
Install AD Certificate Services
Prof. Sokratis K. Katsikas University of the Aegean, Greece
Chapter 5 Computer Security
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Towards a frictionless social security
Presentation transcript:

TeleTrusT Initiatives for PKI Solutions PKI Forum meeting ‚PKI in Europe‘ Dublin, June 27st-29nd, 2000 TeleTrusT Initiatives for PKI Solutions Helmut Reimer TeleTrusT Deutschland e. V. E-Mail: teletrust@t-online.de http://www.teletrust.de

TeleTrusT: Association of Competence Promoting the trustworthiness of information and communication technology applied Cryptography & Biometrics founded in 1989 more than 95 members: major user sectors, research organisations, developers and manufacturers of security products, government agencies, and test institutes. non-profit, political independent

TeleTrusT: Working Groups / Projects Interoperability, Standards, Appropriate Security Legal aspects of the liability of communications (WG1) Security architecture / IC-Card security (WG2) Applications in health services (WG3) Open e-commerce security (WG4) Promotions (WG5) Biometrics identification (WG6) Public key infrastructure (WG7) MailTrusT (WG8) Chipcard-terminals (Project, MKT, UCTS) Project BioTrusT

Trustworthy IT Goals: - privacy / confidentiality - integrity - subscribers identification /authentication Conditions: - technology accepted publicly - security as a appropriate component of the business processes - the participant has an acting role - clearly recognisable risk spread

PKI & DS: Expected fields of application Private and business communications over the Internet (in connection with encryption). E-banking (i. e. home banking), e-business, e-commerce with better consumer protection. Public health services. Services of communes and authorities for the citizens. Many (but not all) applications require a legal recognition of the DS

PKI & DS-Regulations: The Pros and Cons/I Advantages The legal and evidence values of DS should be defined. The PKI is functional simple. By a national PKI- policy, the mutual recognition of certificates would be able to be supported The asymmetric crypto-graphy and their algo-rithms obtains acknow-ledgements by law. Providers of compo-nents and services and the customers have dependable conditions for investments.

PKI & DS-Regulations: The Pros and Cons/II Disadvantages The application of DS already requires a complete solution for the start. Business cases are not in view of the regulations. Quite difference views on CSP supervising or accreditation. The governmental-driven applications may be more or less closed shops

PKI, DS and E-Commerce Business to Business Business to Consumer Enterprise and/or Consumer to Authorities or public services Different security policies, different business conditions, different business cases Public key infrastructure: One for all?

CA Services: Business Case? /I E. g. Banking Organisations In house CA services: Cost / benefit relations can be calculated, security policy / business conditions / riscs / assurance conditions can be defined The costs for the customer can be formed marketably How can this concept support other applications?

CA Services: Business Case? /II E. g. CA Service Provider Return of investment? Costs by regulation (SigG: CA, Directory Services, Chipcard-Personalisation, Time Stamping ...) How does the integration of the services occur into the business concepts of the users? (E. g. Distribution of costs between different applications)

E-Commerce Security / I Security by regulation: Evaluation of technical components according to specific criteria (ITSEC, CC, FIPS 140....) Does so practical security result for an application? The same level of security - only a result of an unique security policy?

E-Commerce Security / II Security by business conditions: The practical security of application is the goal Evaluation of components and the business process according to application specific criteria Assurance and liability are components of the security policy Recognition of e. g. other certificates is part of business policy

TeleTrusT: Steps 2000 / I In general: The integration of PKI & DS into applications is much more difficult than expected TTT is included in the development of national specifications and standards: Interoperability at PKI-Level (SigI) Chipcards with DS functionality (DIN-Spec)

TeleTrusT: Steps 2000 / II Multifunctional Office Identity Chipcard Health Professional (Chip-) Card Evaluation of Chipcards ITSEC E4 high Generic PKI security policy Definition of application projects (e. g. Media@Komm) The results should be inserted into international standardization

TeleTrusT: Steps 2000 / III What do we need? Implementations of the DS in applications (reengineering of business processes) Security oriented Work Flow Systems / reliable archiving and more general Application and acceptance experiences

TeleTrusT Experiences 2000 MailTrusT - Sphinx: End-to-end-security with PKI for business communications E-Commerce / E-Business / E-Banking: Different protokolls are in use (e. g. SET, HBCI...) the certification infrastructure establishes itself with application specific certificates The interoperability and mutual recognition of certificates are current questions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.