Infrastructures for transmission of electronic invoices

Slides:

Advertisements

Similar presentations

Presenter: Mark Elkins Topic: Things not getting done.

Advertisements

AFACT eCOO WG interim meeting - Conference Call 1st March of 2011 Mahmood Zargar eCOO Experiences and Standards.

Digital Stamps of Companies Tarvi Martens SK, Estonia.

CEF Building Blocks Joao RODRIGUES FRADE

Electronic Submission of Medical Documentation (esMD) Face to Face Informational Session esMD Requirements, Priorities and Potential Workgroups – 2:00pm.

DNSSEC & Validation Tiger Team DHS Federal Network Security (FNS) & Information Security and Identity Management Committee (ISIMC) Earl Crane Department.

PEPPOL SMP OASIS BDXR TC July The PEPPOL infrastructure.

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

Electronic Commerce Yong Choi School of Business CSU, Bakersfield.

Telecommunication and Networks

NextGen Interoperability – Leading the Charge Presenter – David Venier DISCLAIMER: The views and opinions expressed in this presentation are those of the.

 *connectedthinking Invoice Data Content Sealing “Electronic Invoicing” FOR DISCUSSION PURPOSES UNECE, MEETING 4 APRIL 2005.

Directive on e-invoicing in public procurement 3rd Annual Conference on Public Procurement Athens, 20 June 2014 Bartosz Dworak DG Internal Market and Services.

Electronic invoicing in the light of the VAT Directive 2001/115/EC Anna Nordén Conference on the Legal Aspects of an E-Commerce Transaction The Hague 27.

Security using Encryption Security Features Message Origin Authentication - verifying that the sender is who he or she says they are Content Integrity.

QAD Pitch Report QAD EDI. Introduction to EDI … the transfer of structured data, by agreed messaging standards, from one computer system to another without.

Research on Non-repudiation service By Yi Zhang. Motivation of Non-repudiation In paper-based business Electronic business transactions Less physical.

Applicability Statement v1.1 Feedback: DirectTrust May 5, 2015.

Secure Data Transmission EDI-INT AS1, AS2, AS3 Kevin Grant.

Electronic Data Interchange Computer readable forms for business documents such as invoices, purchase orders, delivery notes needed in B2B e- commerce.

Wireless and Security CSCI 5857: Encoding and Encryption.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

CEN WS/BII The BII post-award activities and deliverables The path towards more efficient procurement in Europe Paris June 2, Mr. Martin Forsberg.

CEN WS/BII The BII post-award activities and deliverables The path towards more efficient procurement in Europe Stockholm December 2, Mr. Martin.

Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.

Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.

1 UNECE Capacity Building Workshop on Trade Facilitation Implementation: October 2004 Electronic PostMark (EPM) Security & Authentication for eTrade Documents.

INTERCENT-ER Agency A regional prospective on e-invoicing Stockholm - December 2, 2014 Regional Agency for the development of electronic markets.

Secure Systems Research Group - FAU A Pattern for XML Signature Presented by Keiko Hashizume.

PEPPOL is an EU co-funded project CIP-ICT PSP-2007 No PEPPOL Workshop – SMP and Identifiers Martin Forsberg, Ecru Consulting Mikael.

Information Security Systems Cost Effective Authenticity & Integrity in CEN/FISCALIS eInvoicing Good Practice Guidelines Nick Pope – Principal Consultant,

Module 7 – SET SET predecessors iKP, STT, SEPP. iKP Developed by IBM Three parties are involved - Customer, Merchant, and Acquirer Uses public key cryptography,

Technical access point forum Agency for Public Management and eGovernment Steinar Cook, Erlend K. Bergheim, Olav A. Kristiansen Oslo, 11 th November 2015.

Electronic Data Interchange

An electronic phytosanitary certificate. Is NOT a copy of a printed phytosanitary certificate that is ed. Is a secured data set using XML for transmission.

PEPPOL is an EU co-funded project CIP-ICT PSP-2007 No OpenPEPPOL Transport Infrastructure Rome Sven Rasmusen Danish Agency.

Supports the development & implementation of a IPPC Global ePhyto Hub to: Utilize modern Cloud technology. Ensure there is a secure folder for each countries’

 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.

1 Internet data security (HTTPS and SSL) Ruiwu Chen.

 Introduction  History  What is Digital Signature  Why Digital Signature  Basic Requirements  How the Technology Works  Approaches.

Unit 3 Section 6.4: Internet Security

Module 8: Securing Network Traffic by Using IPSec and Certificates

SPOCS : Simple Procedures Online for Crossborder Services

CS 465 Secure Last Updated: Nov 30, 2017.

S/MIME T ANANDHAN.

Digital Signature.

netprem.com Postal Registered Mail – by Electronic Means

By Ian Foster, Jon Larson, Max Masich, Alex C

Digital Signature Certificate Provider Digital Signature Certificate Provider.

PEPPOL the new frontier in EDI

Choosing the Discovery Model Martin Forsberg

Digital Signatures and Forms

Security at the Application Layer: PGP and S/MIME

Pooja programmer,cse department

E-invoicing Training conference

E-invoicing Training conference Towards electronic invoicing in 2020:

Migration to e-invoicing

What is the strategy to consistently implement eDelivery in the Norwegian Public Sector? André Hoddevik Head of e-procurement unit, Department for public.

How will the future European standard (EN) on Electronic Invoicing benefit public entities and service & solution providers? December 1, 2016 Andrea Caccia,

Dashboard eHealth services: actual mockup

E-invoicing Training conference

EPAN eGovernment Working Group Interoperability

e-Invoicing – e-Ordering 20/11/2008

Module 8: Securing Network Traffic by Using IPSec and Certificates

Advanced Computer Networks

Electronic Payment Security Technologies

Slides Credit: Sogand Sadrhaghighi

Support for syntaxes (UBL and UN/CEFACT) Nicosia October 30, 2017

EDI Systems What They Are and Why They Matter

Presentation transcript:

Infrastructures for transmission of electronic invoices E-invoicing Training conference Nicosia, October 30, 2017 Fred van Blommestein This presentation expresses the position of the above mentioned presenter. Not of CEN.

E-mail

E-mail Spammers use fake domain names Phishers send fake invoices E-mail ‘in transit’ can be eavesdropped This happens on a large scale!

E-mail For standard e-mail no guarantee can be given for authenticity and integrity of invoice or invoicer (But can it be given for paper invoices?)

Security is possible DNSSEC, DANE, SPF DKIM and STARTTLS PGP/SMIME (but nobody uses these mechanisms)

The “4-corner” model Sender Receiver Trading Entity Trading Entity ERP / e-invoicing SW/ BSP ERP / e-invoicing SW/ BSP Access Point Invoice Access Point Peppol

Peppol SMP Invoice SML/SMP The “phone book”

Signing Public Private Key Certificate Key Sender Sender Sender ------714A286D976BF3E58D9D671E37CBCF7C Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIIB6gYJKoZIhvcNAQcCoIIB2zCCAdcCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHATGCAbYwggGyAgEBMIGcMIGOMQswCQYDVQQGEwJVUzEOMAwGA1UECBMFVGV4YXMxFDASBgNVBAcTC1NhbiBBbnRvbmlvMQ0wCwYDVQQKEwRVVFNBMQswCQYDVQQLEwJDUzEXMBUGA1UEAxMOYWkuY3MudXRzYS5lZHUxJDAiBgkqhkiG9w0BCQEWFWp1bGlldEBhaS5jcy51dHNhLmVkdQIJAMvyApGmAWbKMAkGBSsOAwIaBQCggbEwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDcwMjEyMjI1ODU4WjAjBgkqhkiG9w0BCQQxFgQUdBfDe/KmnhmYA9DILxfq/zKlvwEwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEBBQAEQFbJ+8cZivvgvrjj8l1QbK2o7gWdWBM9yav6NJR2eBVj3hKGaKQ+7JNbygcqtVcMDIo1jSpsZas33BvhocwGOqs= ------714A286D976BF3E58D9D671E37CBCF7C--

Peppol security MDN MDN https

Peppol security PEPPOL guarantees: Integrity of invoices between access points Including delivery confirmation Plus guarantee on authenticity of the sender

Different countries – different policies Scandinavia, Spain, Belgium, Poland and many other countries implement Peppol (UBL) Many countries implement a central government hub Some countries route all invoices (incl. B2B) through the tax authorities

ZUGFeRD Germany and France implement ZUGFeRD/Factur-X ZUGFeRD/Factur-X is a standard core invoice In the UN/CEFACT syntax Enveloped in a human readable PDF Sent by e-mail Challenge for service providers to create interoperability between ZUGFeRD/Factur-X and PEPPOL Different protocols Different security Different syntax

Questions?