Creating Signatures at User Agents Comparing Transport Bindings.

Slides:



Advertisements
Similar presentations
ProAssist ® complex assistance services management system Global Assistance & INGENIUM Praha.
Advertisements

Use Case Diagrams Damian Gordon.
Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.
Copyright Hub Software Engineering Ltd 2010All rights reserved Hub Document Exchange Product Overview Secure Transmission for Transaction-based Documents.
Step Up Authentication in SAML (and XACML) Hal Lockhart February 6, 2014.
Web Services Architecture Usage Scenarios W3C Working Group Note 11 February 2004 Selected Use Cases & Usage Scenarios Michal Zaremba.
Virtual Ticketing Agents using Web Services and J2EE Advisor: Dr. Chung-E-Wang Date: 05/06/03 Naveen Repala.
CSIS0402 System Architecture K.P. Chow University of Hong Kong.
28.2 Functionality Application Software Provides Applications supply the high-level services that user access, and determine how users perceive the capabilities.
Introduction to Cryptography
Modelling Feature Interaction Patterns in Nokia Mobile Phones using Coloured Petri Nets and Design/CPN Louise Lorentsen University of Aarhus Antti-Pekka.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Copyright W. Howden1 Lecture 19: Intro to O/O Components.
Collaboration Diagrams. Example Building Collaboration Diagrams.
Use cases and requirement specification - 1 Use case diagrams 3 use cases System boundaries Remember: Use case diagramming is a tool, not the requirements.
DSS and the use of separate (secure) signature creation devices.
Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.
Prashanth Kumar Muthoju
TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)
X-Road (X-tee) A platform-independent secure standard interface between databases and information systems to connect databases and information systems.
Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.
OASIS OASIS Digital Signature Services Juan Carlos Cruellas Juan Carlos Cruellas Andreas Kuehne Stefan Drees Ernst Jan van Nigtevecht.
Requirements Elicitation. Requirement: a feature or constraint that the system must satisfy Requirements Elicitation: specification of the system that.
Databases and the Internet. Lecture Objectives Databases and the Internet Characteristics and Benefits of Internet Server-Side vs. Client-Side Special.
Remotely authenticating against the Service Framework.
Introduction to ebXML Messaging V3 Derived from the OASIS Webinar series on ebXML (June 6, 2007) ‏
GIS technologies and Web Mapping Services
Kris Horn Santhoshi Smitha Thota Uday Chandra Karrotthi.
Lecture 7 Interaction. Topics Implementing data flows An internet solution Transactions in MySQL 4-tier systems – business rule/presentation separation.
Digital Signatures and e-Identity. Getting the best out of DSS / DSS-X services. Andreas Kuehne – DSS-X member.
Enabling Embedded Systems to access Internet Resources.
Risks of data manipulation and theft Gateway Average route travelled by an sent via the Internet from A to B Washington DC A's provider Paris A.
Orbited Scaling Bi-directional web applications A presentation by Michael Carter
IETF - LTANS, March 2004P. Sylvester, Edelweb & A. Jerman Blazic, SETCCE Introduction The following slides were prepared as a result of analysis and discussion.
1 Vigil : Enforcing Security in Ubiquitous Environments Authors : Lalana Kagal, Jeffrey Undercoffer, Anupam Joshi, Tim Finin Presented by : Amit Choudhri.
OOSE Use Case. Requirement Functional: –Features, capabilities, and security Non Functional: –Usability: Human factors, help, and documentation –Reliability:
An XML based Security Assertion Markup Language
Web Services. Abstract  Web Services is a technology applicable for computationally distributed problems, including access to large databases What other.
OTP-ValidationService John Linn, RSA Laboratories 11 May 2005.
Architectural Patterns Support Lecture. Software Architecture l Architecture is OVERLOADED System architecture Application architecture l Architecture.
W3C Web Services Architecture Security Discussion Kick-Off Abbie Barbir, Ph.D. Nortel Networks.
Web Services Presented By : Noam Ben Haim. Agenda Introduction What is a web service Basic Architecture Extended Architecture WS Stacks.
Middleware for Secure Environments Presented by Kemal Altıntaş Hümeyra Topcu-Altıntaş Osman Şen.
What to remember from Chap 13 (Logical architecture)
Use Cases Use Cases are employed to describe the functionality or behavior of a system. Each use case describes a different capability that the system.
Creating Signatures at User Agents Comparing Transport Bindings.
Case Study.  Client needed to build data collection agents for various mobile platform  This needs to be integrated with the existing J2ee server 
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Final Class Diagram for C++ Implementation Clickermatic Software Clicker.
1 G52IWS: Web Services Chris Greenhalgh. 2 Contents The World Wide Web Web Services example scenario Motivations Basic Operational Model Supporting standards.
Web Services Architecture Presentation for ECE8813 Spring 2003 By: Mohamed Mansour.
Long-term Archive Service Requirements November 9, 2004.
WASP Application note #2 1 WASP (Web Activated Signature Protocol) Application Note #2 – Signature container considerations WASP was designed to support.
Gerhard Dueck -- CS3013Analysis 1. Gerhard Dueck -- CS3013Analysis 2 Why analysis?  Yield a more precise specification of the requirements.  Introduce.
Creating Signatures at User Agents Comparing Transport Bindings Version May 29, 2011.
1 6 Chapter 6 Implementing Security for Electronic Commerce.
Title – NwHIN CAQH/CORE X12 support Discussion Date June
#SummitNow Consuming OAuth Services in Alfresco Share Alfresco Summit 2013 Will Abson
# # 0089CB # 00283C HEXRGB # COLOUR PALETTE TEXT COLOUR HEXRGB # FFFFFF 255 # # BFBFBF.
DM Collaboration – OMA & BBF: Deployment Scenarios Group Name: WG5 - MAS Source: Tim Carey, ALU, Meeting Date:
Service-Oriented Architecture for Mobile Applications.
Invoke Image Display (IID)
PDA & Mobile Verification Solution Presentation
EMV® 3-D Secure - High Level Overview
E-Government Government Gateway Overview.
Unified Modeling Language
OAuth Design Team Call 11th February 2013.
Presentation transcript:

Creating Signatures at User Agents Comparing Transport Bindings

Use Case Assumptions A User-Agent is used as a Signature Creation Device, possibly by means of an SSCD, but cannot perform all verification functions nor all kinds of complex signature creation functions. A User-Agent has limited software & performance capabilities; it cannot manipulate the document itself. A User-Agent always initiates the transaction. A document remains at it’s current location at the Remote-End. A remote Digital Signature Service is used to handle the complexities of the signature creation. As an example, a User-Agent can be a Mobile Device or an Applet in the browser. The OASIS DSS Core is used.

Use Case Actor The End-User of the User-Agent. System The User-Agent, communicating with a remote system for document handling and signature creation.

Use Case Basic Flow –Actor selects document. –User Agent remembers the selected document at the remote end. –Actor requests a signing operation for the document. –User Agent asks the user for a PIN or Password. –Actor enters the PIN or Password –User Agent calculates the signature using the (Secure) Signature Creation Device and presents the signed document, at the remote end, to the user. –Actor views the signed document.

System Aspects The User Agent is capable of creating a raw digital signature; it needs the hash of the document to create the raw signature. The document is at the Remote End. Scenario’s –1: Remote End requests DSS to do the signature creation; DSS delegates the raw signature creation to the User Agent. –2: Remote End calculates the hash, requests the User Agent to create a raw signature and requests DSS to ‘complete’ the signature creation (the request contains the raw signature). –Case 2 requires the User Agent to have a ‘thin’ implemention of the DSS interface. –Both cases require 2 interactions between the User Agent and the Remote End for the signature creation. 12

User Agent Remote System Digital Signature Service User Agent Select document Sign document Calculate Hash DSS-Request(Complex) DSS-Request(PKCS#1) DSS-Response Prepare request for document Verification, Timestamping, Revocation Info, etc.... Sign Hash Sequence Diagram 1 – Delegated DSS Document signed 1 2

User Agent Remote System Digital Signature Service User Agent Select document Sign document Calculate Hash DSS-Request(Complex) DSS-Request(PKCS#1) DSS-Response Prepare request for document Verification, Timestamping, Revocation Info, etc.... Sign Hash Sequence Diagram 2 – Composite DSS Document signed 1 2

Interaction User Agent Initiate Request –Hash is calculated at the ‘Remote End’ Create signature –Hash is signed at the User Agent In all cases the client (User Agent) initiates the requests to the Remote End. Possible Transport Bindings: PAOS, reverse SOAP. ebMS v3, using the ‘polling’ mode. Two separate SOAP calls.

POAS – Sequence 1 (1) Sign document (2) DSS-Request(PKCS#1) (2) DSS-Response (1) Document signed Calculate Hash Sign Hash DSS DSS-Response Digital Signature Service DSS-Request(Complex) Prepare DSS request Different session! Remote System

POAS – Sequence 2 (1) Sign document (2) DSS-Request(PKCS#1) (2) DSS-Response (1) Document signed Calculate Hash Sign Hash DSS DSS-Request(Complex) DSS-Response Digital Signature Service Remote System

POAS Usage Sequence 1 seems more complex than Sequence 2 –The request/response “(2) DSS- Request(PKCS#1)” is a new session, initiated by the DSS server... –... That request has to be correlated, by the Remote End, to the first POAS R/R, to put the “(2) DSS-Request(PKCS#1)” into the POAS response.

(1) Document signed (1) Sign document ebMSv3 – Sequence 1 User Agent Remote System Digital Signature Service User Agent PUSH(Request(Sign document)) MSH AMSH BMSH A PULL(Request) (2) DSS-Request(PKCS#1) PUSH(Response) (2) DSS-Response PULL(Response) Calculate Hash DSS-Request(Complex) DSS-Response Verification, Timestamping, Revocation Info, etc.... Sign Hash MSH C

(2) DSS-Response (2) DSS-Request(PKCS#1) (1) Document signed (1) Sign document ebMSv3 – Sequence 2 User Agent Remote System Digital Signature Service User Agent PUSH(Request(Sign document)) MSH AMSH BMSH A Calculate Hash PULL(Request) PUSH(Response) PULL(Response) DSS-Request(Complex) DSS-Response Verification, Timestamping, Revocation Info, etc. Sign Hash

ebMS Usage Sequence 1 –Requires DSS server to use ebMSv3 –Pull Request from User Agent has to be routed via the Remote System. Sequence 2 –Does not require DSS server to use ebMSv3 –No routing issue How does the ebMSv3 ‘client’ compare to the POAS ‘client’ at the User Agent regarding implementation complexity?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.