PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.

Slides:



Advertisements
Similar presentations
© fedict All rights reserved Legal aspects Belgian electronic identity card Samoera Jacobs – November 2008.
Advertisements

Use of Public-Key Infrastructure (PKI) Erik Andersen Association for the Directory Information and Related Search Industry (EIDQ -
AFACT eCOO WG interim meeting - Conference Call 1st March of 2011 Mahmood Zargar eCOO Experiences and Standards.
Digital Stamps of Companies Tarvi Martens SK, Estonia.
Telia Research AB György Endersz European Electronic Signature Standardisation Initiative EESSI Budapest Seminar at the Hungarian Communication.
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
Dematerialization of Organisations’ Key Business Processes Security and e-Invoicing ATHENEE PALACE HILTON, Bucuresti September 21 st 2004 Genovel Iovu.
S.1 Using a Global Validation Service to Unite Communities Jon Shamah EMEA Head of Sales, BBS eSecurity.
Workshop on registered electronic mail policies and implementations (ETT 57074) Ankara, –
INFORMATION TECHNOLOGY LAW LECTURE 3- ELECTRONIC SIGNATURE Dr. Kadir Bas.
Legal Reflexions concerning Digital Archiving Jos Dumortier K.U.Leuven University – Belgium Interdisciplinary Centre for Law & ICT (ICRI) ECPRD twin seminar.
Jaroslav Pinkava May 2001 Certification Authority in Praxis. Security Aspects. Conference Security and Protection of Information Ing. Jaroslav Pinkava,
Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.
Host of the 13 th ECRF Annual Conference - Budapest 2010.
M.Sc. Hrvoje Brzica Boris Herceg, MBA Financial Agency – FINA Ph.D. Hrvoje Stancic, assoc. prof. Faculty of Humanities and Social Sciences Long-term Preservation.
Civil Registry Agency of the Ministry of Justice, Georgia Digital Signature Services in Georgia Mikheil Kapanadze.
Coping with Electronic Records Setting Standards for Private Sector E-records Retention.
1 Review of the Electronic Transactions Ordinance Information Infrastructure Advisory Committee 9 April 2002.
Legal Issues on PKI & qualified electronic certificates. THIBAULT VERBIEST Attorney-at-law at the Brussels and Paris Bar Professor at the Universities.
Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
DIGITAL SIGNATURE AND ELECTRONIC DOCUMENTS IN ITALY Prof. Pierluigi Ridolfi AIPA Authority for Information Technology in the Public Administration V. Solferino,
E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
First Practice - Information Security Management System Implementation and ISO Certification.
1. 2 ECRF survey - Electronic signature Mr Yves Gonner Luxembourg, June 12, 2009.
Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.
Pay As You Go – Associating Costs with Jini Leases By: Peer Hasselmeyer and Markus Schumacher Presented By: Nathan Balon.
Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy.
National Smartcard Project Work Package 8 – Security Issues Report.
8 Nob 06 / CEN/ISSS ETSI STF 305: Procedures for Handling Advanced Electronic Signatures on Digital Accounting CEN/ISSS Workshop.
MethodGXP The Solution for the Confusion.
"certification service provider" Electronic Signatures
Selected problems of the e-signature law and of its implementation Doc. RNDr. Daniel Olejár, CSc. Department of computer science Comenius University, Bratislava.
IBT- Electronic Commerce The Legal Infrastructure Victor H. Bouganim WCL, American University.
EGov Interop'05 - Feb 23-24, Geneva (Switzerland) OBSERVATORY ON INTEROPERABLE eGOVERNMENT SERVICES eGov-Interop'05 Annual Conference February.
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
A Comparative Study on the e-Commerce Laws of Taiwan and the Philippines September 20, 2006 John C.T. Ko & Regina Rose N. Regidor for Taiwan for the Philippines.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
Transboundary Trust Space September 19, 2012 Development trends of legal acts in forming valid transboundary electronic interaction Alexander Sazonov Regional.
Logo Add Your Company Slogan China Financial Certification Authority Third-party certification authority Team 13 :吉露露、吴莹莹、潘韦韦 ( CFCA )
Risks of data manipulation and theft Gateway Average route travelled by an sent via the Internet from A to B Washington DC A's provider Paris A.
Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.
Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March Electronic Signature infrastructure for Europe Riccardo Genghini Cen/Isss.
Transboundary Trust Space February 16, 2012 Ensuring trust in information exchange – proposal and approaches from Russia and CIS-states (RCC states) National.
EESSI June 2000Slide 1 European Electronic Signature Standardization Hans Nilsson, iD2 Technologies, Sweden.
Features Governmental organization Critically important ICT objects Distributed infrastructure Three levels of confidentiality Dozens of subsidiary organizations.
EBRD Public Procurement Assessment 5 key questions on eProcurement policies Eliza Niewiadomska Legal Transition Programme European Bank for Reconstruction.
© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 ICT and E-Business Strategies For Development Geneva, October.
PKI Future Directions 29 November 2001 Russ Housley RSA Laboratories CS – Class of 1981.
Digitally Signed Records – Friend or Foe? Boris Herceg Hrvoje Brzica Financial Agency – FINA Hrvoje Stančić.
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
LECTURE – V e-COMMERCE İstanbul Commerce University Vocational School.
E-SIGNED DocFlow SYSTEM in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE – E-Business Development Consultant.
Ministry of Finance Compliance assessment of the management and control systems of the managing authorities under the Operational programmes. Conclusions.
Harmonised use of accreditation for assessing the competence of various Conformity Assessment Bodies Dr Andreas Steinhorst, EA ERA workshop 13 April 2016,
OASIS Juan Carlos Cruellas – UPC Stefan Drees - DSS-X co-chair Nick Pope – Thales eSecurity OASIS Digital Signature Services and ETSI standards Juan Carlos.
Statistical Business Register Enterprise Groups in Latvia Sarmite Prole Head of Business Register Section Business Statics Department Central Statistical.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.
OASIS Digital Signature Services and ETSI standards Juan Carlos Cruellas – UPC Stefan Drees - DSS-X co-chair Nick Pope – Thales.
Chapter 5: The Art of Ensuring Integrity
Instructor Materials Chapter 5: The Art of Ensuring Integrity
TRACES Trade Control and Expert System Electronic sanitary certificates using qualified electronic signature Brussels 15th September 2016.
Instructor Materials Chapter 5: The Art of Ensuring Integrity
E-Lock ProSigner ProSigner means “Professional Signer” signifying the software that can apply legally enforceable Advanced electronic signatures to electronic.
Instructor Materials Chapter 5: Ensuring Integrity
Presentation transcript:

PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor

Background Information (1) 2 Conditions precedent: General readiness and maturity for the engagement of Georgian Banking Sector into e-business Banking sector requirements: Increasing general efficiency of concluding deals in reduced time Reducing costs by eliminating paper-based transactions increasing data storage reliability and efficiency __________________________________ Project first stage completion: created an opportunity for full replacement of paper-based transactions in face to face business to e-business

Background Information (2) 3 Essential criteria for Replacement paper based document to e-document: Creation an Electronic Document with Electronic Signature Ensure: Security of the Electronic Signature Integrity of the Electronic Document Possibility to Detect ANY changes in the Electronic Document Signature Nonrepudiation (by signatory ) Environment Possibility to Access Safely the Electronic Document Possibility of Signatory Identification after the signing Possibility to Archiving Securely Electronic D for a long time

Background Information (2) 4 Essential criteria’s for Replacement paper based document to e-document: Describe: Approaches for assessment principles of Trusted Service Providers Methodological basis for development Commercial Bank’s Security Policies Minimum level technical and technological requirements It means to CREATE RELIABLE AND TRUSTWORTHY ENVIRONMENT for Utilizing Electronic Signature

European Regulation 5 Electronic Signatures (ES): Critical feature of E-Business/ E-Commerce, and Essential component in business development considering global trends Directive 1999/93/EC and Regulation 910/2014 IEU) of The European Parliament and of the Council: Provides common framework for ES Covers ES used for authentication, with legal equivalence to hand- written signatures Requirements for the business community the Directive aims to be technology neutral, there is an urgent for at least one standardized technical solution that can meet mass-market requirements; Privacy issues (personal data protection) must be taken into account; Security and quality standards useful for trust assessment of the service providers

Electronic Signature _ innovative approach 6 Signatory _ legal entity In Georgian Banking Sector _ December 2013 The European Parliament and of the Council’s decision _ July 2014 Electronic Stamp In Georgian Banking Sector _ December 2013 The European Parliament and of the Council’s decision _ July 2014 Cryptographic Time-Stamp – mandatory attribute in digital signature In Georgian Banking Sector _ December 2013 The European Parliament and of the Council’s decision _ July 2014

Project participants 7 National Bank of Georgia _ Assess ES service providers (TSP) and approves commercial bank’s security policy Commercial Bank _ Creates reliable and trustworthy environment Electronic Signature Creation Device supplier - TSP Digital Signature Certificate Authority (CA) - TSP Biometric data encription key pare generated body - TSP Time Stamp service provider - TSP Signatory Expertize Bureau

Advanced Electronic Signature in Banking Sector Types of Electronic Signature: Simple Electronic Signature Advanced Electronic Signature Qualified Electronic Signature – Advanced Electronic Signature in Banking Sector: Uses signatory’s biometric data Is based on digital certificate Trusted Time Stamp 8

Signatures and Other Biometrics 9

Handwritten Electronic Signature 10

Minimum Technical Requirements Biometric data _ ISO standard ISO/IEC :2007(E) Minimum X&Y resolution and variation Minimum sample frequency and variation Force Public-key cryptosystem _ RSA Key length _ 2048 bit Cryptographic hash function _ SHA256 Public-Key Certificate _ X.509 Time Stamp protocol _ RFC 3161 (cryptographic time-stamp) PDF A/ - 2a format document _ Long term validation 11

Technical Standards ETSI TS V1.1.1 Electronic Signatures and Infrastructures (ESI); PDF Advanced Electronic Signature Profiles; Part 1: framework for PAdES ETSI TS V1.2.1 Electronic Signatures and Infrastructures (ESI); PDF Advanced Electronic Signature Profiles; Part 2: PAdES Basic - Profile based on ISO ETSI TS V1.1.1 Electronic Signatures and Infrastructures (ESI); PDF Advanced Electronic Signature Profiles; Part 4: PAdES Long Term - PAdES- LTV Profile Time Stamp protocol _ RFC 3161 (cryptographic time-stamp) Biometric data _ ISO standard ISO/IEC :2007(E) 12

Advanced Electronic Signature structure in general 13

Cryptographic Time-Stamp in general 14

Document Structure I _ Customer’s signature: – Client’s encrypted biometric data – Client’s encrypted biometric data is embeded to the document – Integrity of the document is ensured by digital signature certificate ( I certificate) – Cryptographic Time-Stamp is used for first digital signature II _ Bank’s signature _ Signatory – physical entity: – Client’s encrypted biometric data – Client’s encrypted biometric data is embeded to the document – Integrity of the document is ensured by digital signature certificate ( I certificate) – Cryptographic Time-Stamp is used for second digital signature I _ customer’s signature _ Signatory – legal entity: – CA issues Signature digital certificate to the Bank – Integrity of the document (with customer’s signature) is ensured by digital signature ( I certificate) – Cryptographic Time-Stamp is used for second digital signature III _ Electronic Stamp: – CA issues Signature digital certificate to the Bank _ Stamp certificate (II certificate) – Client’s encrypted biometric data is embeded to the document – Integrity of the document is ensured by digital signature certificate – Cryptographic/Local Time-Stamp is used for Electronic Stamp 15

Long term validation Long term validation means: certificate validity evaluating at the moment of signing; biometric data availability and validity for expertise purposes Document format _ PDF A/ - 2a Electronic Document Retime-stamping: Using of Document Time-Stamp, IN CaSE: Trusted TS private key is expiring Technical parameters lose the recommended status Case of compromise is identified Document integrity becomes challengeable 16

Delivery of Electronic Documents 17 ProCredit-Bank electronic documents portal: აიტვირთება დოკუმენტი

Expertise of the electronic document 18 Levan Samkharauli National Forensic Bureau _ Implements expertise of the Advanced electronic signature Any signatory can initiate the process The bureau holds Analyzing Tool of Signature Experts

EXPECTED FINAL RESULTS Increased organizational efficiency and effectiveness, which minimum means: – Automatizing business processes – Improving customer service – Reducing printing, storage and retrieval expense – Increasing information security – Reducing queue time – Ability to outsource data entry – Improving access to records and information – Improving quality of data – Sharing information with external entities – Supporting external processing 19

NBG COMPETITIVE STRENGTH Successful implementation of Advanced ES in banking sector means: – Utilizing ES according The Directive requirements – Favorable legislative environment _ appropriate amendments and methodological guidelines performed by NBG – Ability and readiness to regulate complex technical solution from NBG's side – Availability of expertize (forensic analysis) of handwritten electronic & digital signature – Commensurate readiness among the major commercial banks 20

NEXT STEPS IN FINANCIAL SECTOR – Availability of Distance performing 100% Banking operations – Centralization Electronic Document Management system in Banking Sector 21

Electronic Signature in Banking Sector Thank You 22