1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation Part I: Introduction Part II: Public key infrastructure Part III:Part III: PKI status in IRANPKI status in IRANOutline 2

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation Introduction

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade FacilitationE-CommerceIntranetExtranetInternet CustomerMerchant Merchant and Customer perform a transaction on digital world Security?!Security?! Confidence?!Confidence?! Trust?!Trust?! 4

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation E-Trust …?! Paper report Digital report Trust? 5

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation Solution...? Digital Signature Ensuring Authenticity and Report Integrity in Electronic Transactions 6

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation Digital Certificate There is still a problem linked to the “Real Identity” of the Signer. Why should I trust what the Sender claims to be? Moving towards PKI … Digital Certificate 7

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation CERTIFICATE Issuer Subject Issuer Digital Signature Subject Public Key 8

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation Digital Certificate How are Digital Certificates Issued? How are Digital Certificates Issued? Who is issuing them? Who is issuing them? Why should I Trust the Certificate Issuer? Why should I Trust the Certificate Issuer? How can I check if a Certificate is valid? How can I check if a Certificate is valid? How can I revoke a Certificate? How can I revoke a Certificate? Who is revoking Certificates? Who is revoking Certificates? Challenges: Moving towards PKI … Public key Infrastructure 9

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation Public Key Infrastructure (PKI)

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation PKI is an Infrastructure to support and manage Digital Certificates P K I 11

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation PKI – Technical View Basic Components: Certificate Authority (CA) Certificate Authority (CA) Registration Authority (RA) Registration Authority (RA) Certificate Distribution System Certificate Distribution System PKI enabled applications PKI enabled applications “Consumer” Side “Provider” Side 12

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation PKI – Simple Model CA RA CertificationEntity Directory Application / Relying party End EndEntity Certs,CRLs Cert. Request Signed Certificate Certificate chain and status Certificate chain and status query 13

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation PKI Status In IRAN

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation IRAN Related Regulations E-Commerce Law Certificate Policy Article 32 of e-commerce executive regulation 15

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation Certificate Usages in IRAN Organization Stamp Code Signing Server (SSL/TLS/DC) Authentication (Login) Sign (i.e. Document Signing) Certificate Usages CA operations (i.e. CA,RA, OCSP,TSA,…) (S/MIME) 17

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation IRAN PKI Architecture 18

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation IRAN Root CA Certificate Policies Platinum Gold Silver Bronze 19

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation IRAN PKI Standards

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation PKI Laboratories of IRAN HSM Laboratory: for testing and evaluation of Hardware Security ModulesHSM Laboratory: for testing and evaluation of Hardware Security Modules Smart Card USB Token HSM (internal/External) CA Laboratory: for testing and evaluation of digital certificates issuing and managing productsCA Laboratory: for testing and evaluation of digital certificates issuing and managing products CA, RA, OCSP, TSA, … PKE Laboratory: for testing and evaluation of PK-enabled applicationsPKE Laboratory: for testing and evaluation of PK-enabled applications Web based Applications Stand alone Applications Cryptology Laboratory: for testing and evaluation of Cryptographic AlgorithmsCryptology Laboratory: for testing and evaluation of Cryptographic Algorithms cryptographic algorithms (Symmetric, Asymmetric, …) 21

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation General Intermediate CA Certificate Issuance statistics 22

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation General Intermediate CA Certificate Issuance statistics PKI Interoperability Experiences 23

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation Necessity of PKI Interoperation Usability of legal digital signature in different PKI domains ensuring that the certificates meet assurance requirements and have legal effect as required activate global e-commerce exchanging PKI related information between the different domains 24

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation 26 Recommended Accreditation Scheme Model

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation 25 IRAN Root CA Scheme for PKI Interoperation Cross Recognition + CTL 32

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation Recommended PKI Mutual Recognition Evaluate CPS and operations Against Certificate Policy Applicant CA Certificate Practices Statement (CPS) Confirm CA’s Operation Is In accordance With CPS and List of Accredited CA’s (CTL) Evaluation Report ECO Policy Authority Evaluator Competent Authority Advisory Commitee Advisory Commitee can work on behalf of Evaluator and give advice to Competent Authority CTL will publish only after approval by ECO Policy Authority 27

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation Advisory Committee Tasks Consulting services for Design and establishing of Interoperation Scheme in ECO PKI Domains Provide advice and services to establishing PKI domain for ECO members Consulting services for integrating of PKI Domains Provide Auditing and Evaluation services to Competent Authority Act as an evaluator if there is no auditor in a country Give advice to Competent Authority for policy compliance Auditing, evaluation guidance, criteria and standards. According to I.R.IRAN Root CA recent efforts, it can opraete as Advisory Committee to facilitate Cross-Recognition procedure between ECO countries. 28

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation IRAN Root CA Related Measures Established of Hierarchical PKI Domain with four levels policy Established of PKI Laboratories for Auditing purposes Providing of Internal PKI Standards in order to create of Interoperation Design an optimal scheme for interoperability in PKI Preparation of CP Guidelines in order to providing of a template and guidance for ECO Certificate Policy Edition Preparation of CR Policy in order to propose the Architecture and mechanisms of cross-recognition 29

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation Thanks for your attention