Exchange of digitally signed SPSCertificate messages Overview of prototype of digital signature applied to SPSCertificate message between national systems.

Slides:



Advertisements
Similar presentations
Public Key Infrastructure and Applications
Advertisements

17 March 2010 Workshop on Efficient and Effective eGovernment FASTeTEN : a Flexible Technology in Different European Administrative Contexts
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
S.1 Using a Global Validation Service to Unite Communities Jon Shamah EMEA Head of Sales, BBS eSecurity.
PROJECT ON DIGITAL SIGNATURE Submitted by: Submitted to: NAME: Roll no: Reg.no. :
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Summary of ETSI/ESI activities Andrea Caccia ETSI/ESI TB member Note: This document expresses only the views of its author.
PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.
Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
DIGITAL SIGNATURE AND ELECTRONIC DOCUMENTS IN ITALY Prof. Pierluigi Ridolfi AIPA Authority for Information Technology in the Public Administration V. Solferino,
European Signatures versus Global SignaturesRome, 7 April, 2003 EESSI open specifications and interoperability The state of the art in Italy Giovanni Manca.
NDSU Lunchbytes "Are They Really Who They Say They Are?" Digital or Electronic Signature Information Rick Johnson, Theresa Semmens, Lorna Olsen April 24,
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
Archive Time-Stamps-Syntax Dr. Ulrich Pordesch
Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
UN Economic Commission for Europe 23rd UN/CEFACT FORUM 7-11 April rd UN/CEFACT FORUM – Geneva Tahseen A. Khan Project Proposal : Trusted Third Party.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Security Standards under Review for esMD. Transaction Timeline An esMD transaction begins with the creation of some type of electronic content (e.g. X12.
Digital Signature Technologies & Applications Ed Jensen Fall 2013.
ITPD session on Authentication Wednesday morning April Geneva 23 rd Forum.
Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Multimedia Communication and Information Logistics for AFTER-SALES AND PRODUCT LIFE- CYCLE SUPPORT Click to edit Master title style
AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.
Secure Electronic Transaction (SET)
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
Standards in the world of E-business Harm Jan van Burg Ministry of Finance The Netherlands UN/CEFACT Vice Chair for international cooperation.
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
NDSU Lunchbytes "Are They Really Who They Say They Are?" Digital or Electronic Signature Information Rick Johnson, Theresa Semmens, Lorna Olsen April 24,
Encryption. What is Encryption? Encryption is the process of converting plain text into cipher text, with the goal of making the text unreadable.
Evidence Record Syntax <draft-ietf-ltans-ers-00.txt>
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Lifecycle Metadata for Digital Objects October 18, 2004 Transfer / Authenticity Metadata.
COEN 351 Non-Repudiation. A non-repudiation service provides assurance of the origin or delivery of data in order to protect the sender against false.
Digital Signatures, Message Digest and Authentication Week-9.
Matej Bel University Cascaded signatures Ladislav Huraj Department of Computer Science Faculty of Natural Sciences Matthias Bel University Banska Bystrica.
Identity Proofing, Signatures, & Encryption in Direct esMD Author of Record Workgroup John Hall Coordinator, Direct Project June 13, 2012.
DIGITAL SIGNATURE.
Belgian EID Card 15/12/2004 Derette Willy eID program manager.
Copyright © 2003 Jorgen Thelin / Cape Clear Software 1 A Web Services Security Framework Jorgen Thelin Chief Scientist Cape Clear Software Inc.
1 Session 4 Module 6: Digital signatures. Digital Signatures / Session4 / 2 of 18 Module 4, 5 - Review (1)  Java 2 security model provides a consistent.
LECTURE – V e-COMMERCE İstanbul Commerce University Vocational School.
Lifecycle Metadata for Digital Objects October 9, 2002 Transfer / Authenticity Metadata.
April 20023CSG11 Electronic Commerce Authentication John Wordsworth Department of Computer Science The University of Reading Room.
Encryption and Security Tools for IA Management Nick Hornick COSC 481 Spring 2007.
Frank Schipplick Work Package Coordinator WP1 - eSignatures.
Unit 3 Section 6.4: Internet Security
Digital Signatures Assignment
Computer Communication & Networks
e-Health Platform End 2 End encryption
Public Key Infrastructure (PKI)
S/MIME T ANANDHAN.
Digital Signature.
Class 2 Digital Signature Certificate Noida
BOVEX Electronic bovine passport exchange
Technical Approach Chris Louden Enspier
X-Road as a Platform to Exchange MyData
E-Lock ProSigner ProSigner means “Professional Signer” signifying the software that can apply legally enforceable Advanced electronic signatures to electronic.
Dashboard eHealth services: actual mockup
PKI (Public Key Infrastructure)
Electronic Payment Security Technologies
National Trust Platform
Presentation transcript:

Exchange of digitally signed SPSCertificate messages Overview of prototype of digital signature applied to SPSCertificate message between national systems and TRACES UN/CEFACT Forum Geneve, April

What do we currently have? SPSCertificate based message exchange with TRACES is available New Zealand is getting ready to exchange on large scale: Fishery products Meat of bovine and ovine animals Target is to make exchanges with non- repudiation to enable the paperless exchange Digital signature will enable this

Digital Signature overview Hash Function Message Signature Private Key of sender Encryption Digest Message Decryption Public Key of sender Hash Function DigestAlgorithm DigestAlgorithm Expected Digest Actual Digest Compare

How will we apply digital signature? On the incoming messages (SPSCertificate) Signed by sending authority On the reply (SPSAcknowledge) Signed by TRACES Based on our recommendations made in analysis presented in Geneva in April 2013: Enveloping signature XML-based (XAdES) Timestamp froml trusted time stamp authority (TSA) for archival purposes

Example of signed SPSCertificate message Enveloping Signature SPSCertificate enveloped in the Signature

Architecture Overview ClientTRACES ESSI XMLGate Signed SPSCertificate message Signed SPSCertificate message forwarded Signature validated Certificate data validated, stored SPSAcknowledgement created, signed SPSAcknowledgement returned

First use-case: New Zealand exports to EU Meat products, fishery products – documents per year Digitally signed health certificates for export to the EU from NZ eCert system Digitally signed acknowledge messages from TRACES Machine-to-machine signature (eCert / TRACES)

Certificates to use TRACES will use certificate provided by ESSI (Commission as Legal Entity) New Zealand certificate provider (probably) not on EU trusted list No global solution in sight for this problem: Bilateral agreement on technologies and profiles Both sides must test each other's signed messages for interoperability We may need to define a "SANCO TLS" to add the CSP used in New Zealand to ESSI infrastructure

The steps ahead Agree on CSP on both sides Agree on technical details for interoperability (XAdES level, profile…) If necessary, define a "SANCO TLS" Off-line verification of signed messages from both sides Integrate to trust services on both sides Start the exchange Electronic "vault" needed – legal requirements?