Universal Electronic Signatures Tarvi Martens ESTONIA.

Slides:



Advertisements
Similar presentations
OpenXAdES & DigiDoc Tarvi Martens Estonia.
Advertisements

NeDAP eSecurity Action Line SOIS meeting , Riga Jaak Tepandi, Estonia.
Estonia – The Country With Identification Infrastructure Tarvi Martens SK.
17 March 2010 Workshop on Efficient and Effective eGovernment FASTeTEN : a Flexible Technology in Different European Administrative Contexts
Security standardization for Health Informatics ITU-T eHealth conference Geneva Dr Gunnar O. Klein convenor of ISO/TC 215/WG 4 Security Karolinska.
© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information.
ICAO Seminar on Aeronautical spectrum management (Cairo, 7 – 17 June 2006) SAFIRE Spectrum and Frequency Information Resource (presented by Eurocontrol)
Taxpayers registration and e-services provided by the Estonian Tax and Customs Board Karin Aleksandrov Chief Expert Service Management Department.
European Electronic Identity Practices Country Update of Finland Speaker: Päivi Pösö Date:
PRINCIPLES OF A CALIBRATION MANAGEMENT SYSTEM
Launching Egyptian Root CA and Inaugurating E-Signature Dr. Sherif Hazem Nour El-Din Information Security Systems Consultant Root CA Manager, ITIDA.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.
Digital Stamps of Companies Tarvi Martens SK, Estonia.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Telia Research AB György Endersz European Electronic Signature Standardisation Initiative EESSI Budapest Seminar at the Hungarian Communication.
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
S.1 Using a Global Validation Service to Unite Communities Jon Shamah EMEA Head of Sales, BBS eSecurity.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Summary of ETSI/ESI activities Andrea Caccia ETSI/ESI TB member Note: This document expresses only the views of its author.
TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.
1 Bridge/Gateway CA Project Status Gzim OCAKOGLU European Commission – DG ENTR / IDABC Reykjavik – 27 May 2005.
21 mai 2015 Bridges between Certification Authorities.
Host of the 13 th ECRF Annual Conference - Budapest 2010.
PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.
Electronic ID Card and Identification Service Development in Georgia Mikheil Kapanadze.
M.Sc. Hrvoje Brzica Boris Herceg, MBA Financial Agency – FINA Ph.D. Hrvoje Stancic, assoc. prof. Faculty of Humanities and Social Sciences Long-term Preservation.
Civil Registry Agency of the Ministry of Justice, Georgia Digital Signature Services in Georgia Mikheil Kapanadze.
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
The OpenEvidence Project Peter Sylvester, EdelWeb IETF - N° 57, Wien PKIX working group.
European Signatures versus Global SignaturesRome, 7 April, 2003 EESSI open specifications and interoperability The state of the art in Italy Giovanni Manca.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
ID card – vision in action Tarvi Martens SK, Estonia.
1. 2 ECRF survey - Electronic signature Mr Yves Gonner Luxembourg, June 12, 2009.
Computer Science Public Key Management Lecture 5.
Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)
OASIS OASIS Digital Signature Services Juan Carlos Cruellas Juan Carlos Cruellas Andreas Kuehne Stefan Drees Ernst Jan van Nigtevecht.
8 Nob 06 / CEN/ISSS ETSI STF 305: Procedures for Handling Advanced Electronic Signatures on Digital Accounting CEN/ISSS Workshop.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
Digital Signatures and e-Identity. Getting the best out of DSS / DSS-X services. Andreas Kuehne – DSS-X member.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
X-Road – Estonian Interoperability Platform
Ideas for Today and Tomorrow Riho Oks
Risks of data manipulation and theft Gateway Average route travelled by an sent via the Internet from A to B Washington DC A's provider Paris A.
Digital Signatures A Brief Overview by Tim Sigmon April, 2001.
Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.
SWEB SWEB Security and Privacy Technologies – Implementation Aspects Venue:SWEB Day in APV, Novi Sad Author(s):Dr. Milan Marković Organisations:MISANU.
ESafe Open Modules Overview Open modules implementing the eSafe document exchange protocol.
EESSI June 2000Slide 1 European Electronic Signature Standardization Hans Nilsson, iD2 Technologies, Sweden.
Connect. Communicate. Collaborate The authN and authR infrastructure of perfSONAR MDM Ann Arbor, MI, September 2008.
“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.
PKI Future Directions 29 November 2001 Russ Housley RSA Laboratories CS – Class of 1981.
European Electronic Identity Practices Country Update of Estonia Speaker: Ivar Jung Date:
E-SIGNED DocFlow SYSTEM in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE – E-Business Development Consultant.
Cross border electronic signature services Ingmar Vali Head of Court Registers Department Centre of Registers and Information Systems
Bulding blocks of e- government Ingmar Pappel. Bulding blocks of e-government  Personal Code  Digital Identity  Digital signature  X-Road  Organizations.
OASIS Juan Carlos Cruellas – UPC Stefan Drees - DSS-X co-chair Nick Pope – Thales eSecurity OASIS Digital Signature Services and ETSI standards Juan Carlos.
Presented by : Piero Milani ( InfoCamere - Italy)Piero Milani InfoCamere - Italy VCD Signature & VCD Verification strategy as seen by InfoCamere ( WP1.
Frank Schipplick Work Package Coordinator WP1 - eSignatures.
OASIS Digital Signature Services and ETSI standards Juan Carlos Cruellas – UPC Stefan Drees - DSS-X co-chair Nick Pope – Thales.
Training for developers of X-Road interfaces
e-Health Platform End 2 End encryption
Unique Identification Number Project
کاربرد گواهی الکترونیکی در سیستمهای کاربردی (امضای دیجیتال)
E-Lock ProSigner ProSigner means “Professional Signer” signifying the software that can apply legally enforceable Advanced electronic signatures to electronic.
PKI (Public Key Infrastructure)
Implementing paperless management at local level
Presentation transcript:

Universal Electronic Signatures Tarvi Martens ESTONIA

What if you receive digitally signed document tomorrow? Probably you should accept and handle it !!!

Rationale Existing EU Directive does not provide for solid grounds for unified electronic signature deployment in Europe CEN CWA-s and ETSI standards allow for myriad of options UES: Attempt to achieve electronic signature deployment and interoperability from the Best Practice experiences

What is UES ? UES stands for Universal Electronic Signature UES is a concept of electronic signature with aim to universally replace handwritten signature UES is going beyond AES (Advanced Electronic Signature as of EU Directive) UES is designed for international interoperability

UES provides for… UES = Advanced Electronic Signature based on Qualified Certificates PLUS: electronically signed documents are equivalent to handwritten ones by legal evidence value usage domain and signatory role are not restricted signatory is uniquely identified as a physical person there are means to identify signing time of the electronic document electronically signed documents are maintaining their long-term validity UES are international

UES implementation UES implementation requires these components to be adjusted to UES principles: Legislation CA delivering certificates on SSCD Validation services (real-time OCSP) Deployed end-user tools Inter-PKI cooperation

UES actors: CA Certification Authority Produces qualified certificates on SSCD to uniquely identifiable physical persons Provides up-to-date certificate validity information to Validation Authority Generates, exchanges and maintains Trust-service Status Lists (TSL) CA details Valid CA and OCSP certificates History of validity XML-profile of ETSI TS

UES Actors: VA Validation Authority Issues validity confirmations using OSCP protocol (RFC 2650) Operates in real-time: acquires validity information from CA-s database Provides precise time information in responses (time-stamping) Logs and archives issued confirmations to provide for long-term validity

VA as an e-notary OCSP When I saw this signed document, corresponding certificate was valid CA DB I just signed the document using this certificate (Doc,Cert,time)ok Doc,Cert Secure log

UES Actors: Signer and Verifier Signer Generates electronically signed documents using certificate and validity confirmation Verifier Verifies electronic signatures using (cached) TSL Sharing common document format Profile of ETSI TS aka XAdES - OpenXAdES

UES architecture (1) CA VA Signer Verifier Cert OCSP TSLDoc PKI 2 CA VA Signer Verifier Cert OCSP TSLDoc PKI 1

UES architecture (2) CA VA Signer Verifier Cert OCSP TSL Doc PKI 2 CA VA Signer Verifier Cert OCSP TSL Doc PKI 1

Trust model Bilateral trust model Every party has a freedom to choose trusted parties CA communicates trust through TSL-s CA 1CA 2 CA 3CA 4

UES Organization Currently: Memorandum of Understanding Agreeing with UES principles and model Three initial partners Estonia Belgium Finland Represented typically by Population Registries (CA-s) and incorporating partner companies More formal structure (separate organization – UES Initiative) is considered

UES activities General coordination Promotion, info sharing Liaisons with std. bodies Sharing enabling technology TSL distribution Joint work on different aspects: Legal issues CA service provision VA service provision Document format, interop testing

UES deployment Sign the MoU Allocate resources for the co-operation effort Start issuing qualified certificates The hardest part – we assume you do it already Set up your OCSP Almost any commercial OCSP Responder will do Start exchanging TSL-s To be developed Distribute and localize end-user apps

What is OpenXAdES ? OpenXAdES is a profile of ETSI TS aka XAdES OpenXAdES specifications and implementations (C, Java) are available at OpenXAdES is a community driven free software development project OpenXAdES profile specification development is coordinated by CC (and by UES organization in the future)

What is DigiDoc ? DigiDoc is a set of software applications based on OpenXAdES spec/library Applications include: DigiDoc client DigiDoc portal DigiDoc webservice (SOAP) Client tested with Estonian, Finnish and Belgium ID-cards Multilingual version available now

Digital Signature in Estonia Available for 1.5 years potential users signatures Client distributed with ID-card starter kit Technology integrated in all major document handling systems and Internet banks Innumerable list of uses DigiDoc library (Win32/Unix) CSP OCSP XML ID card

Additional Information ID-card issuinghttp:// PKI & CAhttp:// ID-card practiceshttp:// Digital signature softwarewww.openxades.orgwww.openxades.org Contact point: Porvoo V: May 2004 Tallinn, Estonia