© 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information.

Slides:



Advertisements
Similar presentations
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Advertisements

DIGITAL CERTIFICATES Prof. Ravi Sandhu. 2 © Ravi Sandhu PUBLIC-KEY CERTIFICATES reliable distribution of public-keys public-key encryption sender needs.
Public Key Infrastructure and Applications
The vision for Sri Lanka’s Tertiary and Vocational Education
A strategy for a Secure Information Society –
© Copyright International Telecommunication Union (ITU). All Rights Reserved page - 1 Alexander NTOKO Project Manager, ITU Electronic Commerce.
© ITU Telecommunication Development Bureau (BDT) page - 1 Alexander NTOKO Chief, E-Strategy Unit ITU Telecommunication Development Bureau Seminar.
© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Building Confidence in E-government Services ITU-T Workshop on.
International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.
Resource Mobilization Capacity Building OEWG – SIDE EVENT 7 April, 2006.
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Digital Signatures in State of Tennessee Pam Roberts Finance & Administration Office for Information Resources Planning, Research & Development.
UNITED NATIONS COMMISION ON INTERNATIONAL TRADE LAW Enhancing legal certainty for electronic signatures and other authentication methods José Angelo Estrella.
Chapter 14 – Authentication Applications
Kerberos and X.509 Fourth Edition by William Stallings
CSCE 815 Network Security Lecture 10 KerberosX.509 February 13, 2003.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
© ITU Telecommunication Development Bureau (BDT) – E-Strategies Unit.. Page - 1 Building Trust and Security for E-government Dubai, United Arab.
1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
In the CA I trust. A look at Certification Authorities James E. Shearer CSEP 590 March 8 th 2006.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy.
Facilitating Cross Border Trade and Commerce through Mutual Recognition of Digital Signatures/Certifying Authorities Controller of Certifying Authorities(CCA)
© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Building Trust and Confidence for Critical E-government Services.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.
Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.
Logo Add Your Company Slogan China Financial Certification Authority Third-party certification authority Team 13 :吉露露、吴莹莹、潘韦韦 ( CFCA )
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Digital Signatures A Brief Overview by Tim Sigmon April, 2001.
HEPKI-PAG Policy Activities Group David L. Wasley University of California.
1 UNECE Capacity Building Workshop on Trade Facilitation Implementation: October 2004 Electronic PostMark (EPM) Security & Authentication for eTrade Documents.
Transboundary Trust Space February 16, 2012 Ensuring trust in information exchange – proposal and approaches from Russia and CIS-states (RCC states) National.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.
Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.
Jimmy C. Tseng Assistant Professor of Electronic Commerce
“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.
© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 ICT and E-Business Strategies For Development Geneva, October.
Bridge Certification Architecture A Brief Overview by Tim Sigmon May, 2000.
Electronic Security and PKI Richard Guida Chair, Federal PKI Steering Committee Chief Information Officers Council
The Trusted Network · · · LEFIS PKI · · · 2 nd June, 2006 · Sofia by Leonardo Catalinas · May 2006
© ITU Telecommunication Development Bureau (BDT) page - 1 Alexander NTOKO Chief, E-Strategies Unit ITU Telecommunication Development Bureau ITU.
Slide 1 EC-DC © ITU Telecommunication Development Bureau (BDT). All Rights Reserved. AFRINET2000 The Africa Internet Summit & Exhibition Abuja,
Slide 1 EC-DC © ITU Telecommunication Development Bureau (BDT). All Rights Reserved. AFRINET2000 The Africa Internet Summit & Exhibition Abuja,
TAG Presentation 18th May 2004 Paul Butler
In relation to WSIS Plan of Action – Internet Governance
Cryptography and Network Security
TAG Presentation 18th May 2004 Paul Butler
Public Key Infrastructure (PKI)
S/MIME T ANANDHAN.
کاربرد گواهی الکترونیکی در سیستمهای کاربردی (امضای دیجیتال)
Technical Approach Chris Louden Enspier
E-Commerce for Developing Countries (EC-DC)
ITU Telecommunication Development Bureau (BDT)
PKI (Public Key Infrastructure)
Reiniger LLC.
Presentation transcript:

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information Society Tashkent, Uzbekistan 6-8 October 2003 Challenges in Electronic Signatures and Certification Authorities Alexander NTOKO Chief, E-Strategy Unit ITU Telecommunication Development Bureau (BDT)

Overview of Digital Signature Signers Private Key Signed Document Encrypted Digest Hash Algorithm Digest Remember, a digital signature involves services provided by Certificate Authority (CA)

Verifying the Digital Signature for Authentication and Integrity Hash Algorithm Digest ? ? Signers Public Key And so does the process of verifying the validity of a digital signature

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 4 General Overview of Some Digital Signature and Certificate Authority Challenges o Technology and Standards Application and Multi-vendor interoperability Key Length and Encryption algorithms Content Non-Repudiation and Time stamps o Policies and Legislative CA-CA Policy-level Interoperability PKI Domains, Jurisdictions and Accreditation Roles of Public and Private Sector E-signature Legislation and Technology Neutrality – Finding the right balance between being technology neutral and enforcing legislation. o Acquisition, Capacity & Business Models Building Local Capacity Business Case for CA Infrastructure Liabilities and Risk assessment/management

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 5 Challenges for e-Signatures and Certification Authorities are Intricately linked. Focus on: o Acceptance of Digital Signature Across Multi-Jurisdictional PKI Domains. o Policies for Generic Identity Certificates. o Public Key Infrastructure (PKI) Domains. o CA-CA Inter-Domain Interoperability. o Relationship between Attribute Certificates and Generic Identity Certificates.

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 6 Some Initiatives for Addressing CA-CA Inter Domain Interoperability Issues…

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 7 Cross Certification o A CA issues a certificate to another CA. This is applied to Strict Hierarchy (Root CAs) o Establishment of Trust Relationship between CAs (Chain of Trust). o Could result in Trust Cascades (A>B and B>C should not imply A>C). o Trust relationship could be Mutual (Horizontal Trust relationship) or Unilateral (Vertical Trust relationship – Root CAs).

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 8 Bridge Certificate Authority o A CA acts as a bridge between CAs in different PKI domains. o Each CA establishes a Trust Relationship with the Bridge CA. o The absence of direct relationships between CAs avoids overheads related to the establishment of direct trust relationships between co-operating CAs.

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 9 Cross Recognition o No trust relationship on cross certification between CAs. o Requires a mutually trusted and recognized third party. o CA-CA Interoperability is achieved through the licensing or auditing by a mutually agreed authority.

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 10 Accreditation Certificate o A combination of cross-certification and cross recognition. o Involves the creation of an accreditation CA. o Public Key of each CA is signed by accreditation CA. o Used in Australia in the Gatekeeper Accreditation CA. o Requires high level government structure and control to create hierarchy (e.g., government- wide PKI).

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 11 Certificate Policy – Plays an important role in the implementation of some of these initiatives o Certificate Policy (CP) – A Named set of rules that indicate the applicability of a certificate to a particular community and/or class of applications of common security requirements.

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 12 Policy Mappings Extension Allows a certification authority to indicate that certain policies in its own domain can be considered equivalent to certain other policies in the subject certification authority's domain. ITU-T X509: CA-CA Policy Interoperability

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 13 ITU-T X.509: Preventing Trust Cascades Policy Constraints extension Ability for a certification authority to require that explicit certificate policy indications be present in all subsequent certificates in a certification path. Ability for a certification authority to disable policy mapping by subsequent certification authorities in a certification path.

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 14 Possible Strategy for E-Signatures and CAs

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 15 What could be the Role of Governments? o Getting Involved in the Management of Public Internet Resources. Internet Protocol Addresses Domain Names (under ccTLDs) o Elaborating Policies and Legislation for the Management of Digital Identities and CAs. Accreditation of Certification Authorities Control and Enforcement Mechanisms Play central role in the management of generic identities (e.g. digital Ids and Passports).

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 16 What is ITU-D doing in this Domain? o ITU-D IsAP Programme 3 Policies: Addressing National/Regional Policies for e-Trust and public Internet resources (e.g., Azerbaijan, Cameroon, Georgia and Mongolia). Projects: Projects on PKI (CA and RA) and PKI- enabled Applications (Africa, Asia, Latin America and Europe). Training: Building Human Capacity in e-Security (e.g., Latin America and Pakistan). Environment: Assistance in Legal Issues for E- Applications and in establishing an Enabling Regulatory Framework (e.g., Latin America, Cape Verde, Mongolia and Burkina Faso).

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 17 World e-Trust MoU Platform for Partnerships in E-Services Self-Regulatory & Self-Funding Structure Technology Neutral/Independent Environment Multi-Lateral And Inclusive Framework

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 18 Thank You for your attention For further information Web:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.