Civil Registry Agency of the Ministry of Justice, Georgia Digital Signature Services in Georgia Mikheil Kapanadze.

Slides:

Advertisements

Similar presentations

Universal Electronic Signatures Tarvi Martens ESTONIA.

Advertisements

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

The Austrian Governmental eDelivery System Technical Aspects Ankara, March 17th, 2015 Christian Maierhofer, EGIZ The E-Government Innovation Center is.

Identity and Access IDPrime MD 8840 and IDCore 8030 MicroSD cards

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.

Host of the 13 th ECRF Annual Conference - Budapest 2010.

PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.

Electronic ID Card and Identification Service Development in Georgia Mikheil Kapanadze.

M.Sc. Hrvoje Brzica Boris Herceg, MBA Financial Agency – FINA Ph.D. Hrvoje Stancic, assoc. prof. Faculty of Humanities and Social Sciences Long-term Preservation.

Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.

DIGITAL SIGNATURE AND ELECTRONIC DOCUMENTS IN ITALY Prof. Pierluigi Ridolfi AIPA Authority for Information Technology in the Public Administration V. Solferino,

The Icelandic PKI project Jóhann Gunnarsson Head of Division, Ministry of Finance.

The Estonian Electronic Signature Legislation and case studies EESSI Seminar Budapest, Taavi Valdlo Estonian Informatics Centre

European Signatures versus Global SignaturesRome, 7 April, 2003 EESSI open specifications and interoperability The state of the art in Italy Giovanni Manca.

Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

Can PKI be made simple enough to be used by non-experts? Signature formats and context Antonio Lioy ( polito.it ) Politecnico di Torino Dip. Automatica.

Designing and Implementing Secure ID Management Systems: BELGIUM’s Experience Washington - September 27 th, 2010 Frank LEYMAN © fedict All rights.

Proposal for an achievable, cost effective Security Concept for EOBRs C. Hardinge / A. Lindinger.

Brooks Evans – CISSP-ISSEP, Security+ IT Security Officer Arkansas Department of Human Services.

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.

Civil Registry Agency of the Ministry of Justice, Georgia Georgian ID card Mikheil Kapanadze.

Electronic Archive Services in Lithuania Dr. Arūnas Stočkus Vilnius University Faculty of Mathematics and Informatics Lithuania EBNA,

Pay As You Go – Associating Costs with Jini Leases By: Peer Hasselmeyer and Markus Schumacher Presented By: Nathan Balon.

Ministry of Transport, Information Technology and Communications Technological base: Interoperability Tsvetanka Kirilova Ministry of TITC Bulgaria.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

Use of Electronic Digital Signature in the Russian Federation.

The proof of your digital documents. Copyright Lex Persona – All rights reserved 2 Our approach to paper reduction The current approach –The.

Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

11-01: Get Started with SCP Supply Chain Platform Training Presentation Updated April 2009.

Vilnius, October 21st, 2002 © eEurope SmartCards Securing a Telework Infrastructure: Smart.IS - Objectives and Deliverables Dr. Lutz Martiny Co-Chairman,

8 Nob 06 / CEN/ISSS ETSI STF 305: Procedures for Handling Advanced Electronic Signatures on Digital Accounting CEN/ISSS Workshop.

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

PRESENTATION OF ETSI © ETSI All rights reserved Sophia Antipolis, 22 May 2014 Luis Jorge Romero Director General, ETSI.

BTA Online system Financial portal for business customers.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Digital Signatures and e-Identity. Getting the best out of DSS / DSS-X services. Andreas Kuehne – DSS-X member.

How can the SMART card help in new channels?

E-Lock Go Paperless. Go Secure Digitally Sign & PDF files like Form16’s/16a in Bulk E-Lock PDFeSigner.

HEPKI-TAG UPDATE Jim Jokl University of Virginia

X-Road – Estonian Interoperability Platform

Java Security Pingping Ma Nov 2 nd, Overview Platform Security Cryptography Authentication and Access Control Public Key Infrastructure (PKI)

What Agencies Should Know About PDF/A-1 April 6, 2006 Mark Giguere

1 7 th CACR Information Workshop Vulnerabilities of Multi- Application Systems April 25, 2001 MAXIMUS.

SWEB SWEB Security and Privacy Technologies – Implementation Aspects Venue:SWEB Day in APV, Novi Sad Author(s):Dr. Milan Marković Organisations:MISANU.

© 2003 The MITRE Corporation. All rights reserved For Internal MITRE Use Addressing ISO-RTO e-MARC Concerns: Clarifications and Ramifications Response.

Role of E-Registration and E-Cadastre – Case of Georgia Ekaterina Meskhidze Head of International Relations Division National Agency of Public Registry,

IDI Conference The digital signature of InfoCamere a practical and effective means for business Turin, 6 th of June Gabriele DA RIN.

Public Service Development Agency. Free ID card promotion – Electronic ID Card Number of eID Cards Issued in

Digital Signatures and Digital Certificates Monil Adhikari.

E-SIGNED DocFlow SYSTEM in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE – E-Business Development Consultant.

The Trusted Network · · · LEFIS PKI · · · 2 nd June, 2006 · Sofia by Leonardo Catalinas · May 2006

Directive 123 / 2006 / CE on Services in the Internal Market Point of Single Contact Directive 123 / 2006 / CE on Services in the Internal Market Point.

Bulding blocks of e- government Ingmar Pappel. Bulding blocks of e-government  Personal Code  Digital Identity  Digital signature  X-Road  Organizations.

#SummitNow Introducing CounterSign Nathan McMinn Technical Consultant - Alfresco.

1 Digital Signatures – A Global Challenge Joachim Lingner Software Engineer Sun Microsystems 1.

© Software602 a.s. SOFTWARE Zdenek Metodej Zalis Martin Vondrous Ondrej Malek.

ESign Aashutosh.

DIGITAL SIGNATURE SERVICE

Basic Web-based Emissions Inventory Reporting (Web-EI)

ELECTRONIC DOCUMENT: LITHUANIAN EXAMPLE

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

E-Lock ProSigner ProSigner means “Professional Signer” signifying the software that can apply legally enforceable Advanced electronic signatures to electronic.

PLANNING A SECURE BASELINE INSTALLATION

Presentation transcript:

Civil Registry Agency of the Ministry of Justice, Georgia Digital Signature Services in Georgia Mikheil Kapanadze

E-Document and E-Signature Law … and we know that we are late. So, we will have to work hard and fix the gap Adopted in 2008 Some changes are planned There were changes in subsequent years These regulations mainly concern certification authorities Along with the E-Signature law, Georgia adopted the technical regulations The president, other government officials and citizens (about 80 persons) put their signatures using their ID Cards On May 10, 2012 we made a first digital signature on the electronic document

E-Signature and Digital Signature according the law Defined as any set of the data, created based on electronic sources, which can be used by the signer to specify his/her association with the document Electronic signature An electronic signature, created using cryptographic manipulation on the data based on the private key, logically associated to the electronic document Associated to the signer only It’s possible to identify the signer The private key is under the sole control of the signer Association with the document allows to detect manipulation on the data Digital Signature

ID Card as secure signature creation device (SSCD) Signature key (RSA 2048) is generated on the card The private key never leaves the card The key material can not be extracted from the card Private key security 6 digits Not generated during card personalization. Must be set by the card holder The secure envelope does not contain this PIN The cardholder is supplied with 5-digit transport PIN The transport PIN can used ONLY ONCE to set the digital signature PIN It’s not possible to reset the signature PIN by PUK Digital Signature PIN

Additional security measures ID Card’s PKI applet is available on contact interface only No Contactless signatures All card terminals, installed at customer service points MUST support secure PIN entry The terminal must be able to use SPE when it deals with Georgian ID card Organizations are recommended to cooperate with CRA to certify their card terminals before starting operations Regulations against card readers

Physical security of the ID Card and PIN It’s not recommended to card holders to write down their signature PIN If the card holder can not memorize the PIN, he/she is recommended to store card and PIN separately Please, memorize your PIN The special regulation will be issued to prohibit leaving the ID card in the entrance of the building to get the pass We understand that it may introduce additional costs to the organizations but we need to minimize risks Leaving the card on the entrance of the organizations

Advanced electronic signatures The signature law demands to sign the document using the certificate which is valid during the signing process Thus we need to have revocation information along with the signature Secure timestamp is not mandated by the law yet but we are going to change the law accordingly This means that the signer will have to be online to sign the document Signature type and the demands of the law Signatures of *AdES family of ETSI standards were found to be permitted under the Georgian signature law As the revocation information needs to be stored in the document, the basic profiles of *AdES can not be used ETSI Standards and the signature law

The format of the signed documents For the signed text documents, PDF is the only format in Georgia now The format allows to store additional data as attachments Can be created by the wide range of the software “Trusted readers” exist Multiple signatures are allowed PDF/A is not mandated but highly recommended PDF (ISO ) with signature extensions Currently, signatures can not be made on non-text documents, according the signature law We are working to extend the signature law to support them Non-text documents

The signature format This is the only signature format now, suitable to Georgian signature law It uses non-ISO extensions to PDF defined by ETSI It is promised to put these extensions in the next ISO standard PAdES-LTV (ETSI TS ) Other profiles are not immediately compatible with the signature law To speed up the signing process in case of multiple signers, it may be possible to use PAdES Basic/BES/EPES profiles and extend the profile to LTV as soon as possible What ASAP means in this case, needs to be defined in the law Other profiles

Sign-what-you-see One of the arguments of selecting PDF was that it can be read by the different tools on many platforms So, the signer can verify the document before signing and after signing It’s recommended to use the signed document only when you have reviewed it after signing How we implement the sign-what-you-see concept? ID Card demands typing the signature pin on EACH signature operation The cardholder may have a simple card reader for personal use but it is highly recommended to buy one with SPE even for home use We do not want to introduce regulations on card terminals for home use as it may slow down digital signature adoption among the population Other security measures

Signature tools Developed as Java Web Start application Available at Can be used to sign confidential documents Standalone tool A web portal which allows file upload and signing Uses Java applet to communicate with card Allows document sharing to perform multi signatures Available at Sign ’em Portal PKCS#11 driver exists for ID Card PKI Adobe Acrobat/Reader X can be configured to use this driver and sign the documents in CRA-independent way This method is not officially supported yet but we are working hard on it Adobe Acrobat X/Adobe Reader X

Embedding the signature creation in other software The applet, written for the Sign ‘em portal can be embedded in any web-based solution It uses easy-to-use interfaces to communicate with the outer world We plan to embed it in the unified document management system, used in the Ministry of Justice and all its agencies (CRA, NAPR, DEA, etc) Web Portals We enforce only standards, not tools/libraries/frameworks The organizations are free to use any solution available on the market which allows creation of PAdES-LTV signatures It’s strongly recommended to use tools which participate in ETSI PlugTest events for interoperability Libraries/Frameworks

ID.GE – ID Card, Signatures and more

Thank You Happy Signing!