Evaluating trusted electronic documents Petr Švéda Security and Protection of Information ‘03 © 2003 Petr Švéda, FI MU.

Slides:

Advertisements

Similar presentations

PKI Strategy PKI Requirements Standard –Based on e-MARC or other Certificate Policy Statements –Specify key aspects that must be met by CA Cert format.

Advertisements

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

AFACT eCOO WG interim meeting - Conference Call 1st March of 2011 Mahmood Zargar eCOO Experiences and Standards.

Digital Stamps of Companies Tarvi Martens SK, Estonia.

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

Archiving for legal purposes How to implement the new Belgian legislation to destroy physical invoices and use an electronic archive.

OAISYS Public Safety Solutions Safeguarding Mission-Critical Communications.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Workshop on registered electronic mail policies and implementations (ETT 57074) Ankara, –

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

M.Sc. Hrvoje Brzica Boris Herceg, MBA Financial Agency – FINA Ph.D. Hrvoje Stancic, assoc. prof. Faculty of Humanities and Social Sciences Long-term Preservation.

Opening Presentation of Notary Reqs 8/5/2004 Tobias Gondrom.

The OpenEvidence Project Peter Sylvester, EdelWeb IETF - N° 57, Wien PKIX working group.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Producer-Archive Workflow Network (PAWN) Goals Consistent with the Open Archival Information System (OAIS) model Use of web/grid technologies and platform.

In the CA I trust. A look at Certification Authorities James E. Shearer CSEP 590 March 8 th 2006.

Legal Archiving & Records management, existing technologies and solutions Marc Vandeveken - I.R.I.S.

Brooks Evans – CISSP-ISSEP, Security+ IT Security Officer Arkansas Department of Human Services.

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

First Practice - Information Security Management System Implementation and ISO Certification.

DMS in Universities, Colleges and School Infocrew Solutions Pvt.Ltd.

Archive Time-Stamps-Syntax Dr. Ulrich Pordesch

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.

By Garland Land NAPHSIS Consultant. Importance of Birth Certificates Needed for: Social Security Card School Enrollment Driver’s License Passport.

UN Economic Commission for Europe 23rd UN/CEFACT FORUM 7-11 April rd UN/CEFACT FORUM – Geneva Tahseen A. Khan Project Proposal : Trusted Third Party.

Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy.

8 Nob 06 / CEN/ISSS ETSI STF 305: Procedures for Handling Advanced Electronic Signatures on Digital Accounting CEN/ISSS Workshop.

October 12, :30 am 1. Goals Provide an update on upcoming changes to INOW including implementation dates Provide a forum to discuss experiences.

Chinese-European Workshop on Digital Preservation, Beijing July 14 – Network of Expertise in Digital Preservation 1 Trusted Digital Repositories,

Trust Anchor Management Problem Statement 69 th IETF Trust Anchor Management BOF Carl Wallace.

Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Digital Signatures and e-Identity. Getting the best out of DSS / DSS-X services. Andreas Kuehne – DSS-X member.

Using SCVP to Convey Evidence Records Carl Wallace Orion Security Solutions.

DINI „Electronic Publishing Group“ DINI – Certificate Document and Publication Repositories “Electronic Publishing Group“

Electronic Records Management: A Checklist for Success Jesse Wilkins April 15, 2009.

Secure Credential Manager Claes Nilsson - Sony Ericsson

EDRMS & business information systems and digital longevity Cassie Findlay State Records NSW.

HEPKI-PAG Policy Activities Group David L. Wasley University of California.

IETF - LTANS, March 2004P. Sylvester, Edelweb & A. Jerman Blazic, SETCCE Introduction The following slides were prepared as a result of analysis and discussion.

Integrating security services with the automatic processing of content TERENA 2001 Antalya, May 2001 Francesco Gennai, Marina Buzzi Istituto.

Security Engineering Assurance & Control Objectives Priyanka Vanjani ASU Id #

Infrastructure for qualified electronic Signatures in Germany Jürgen Schwemmer Moscow, 17th April 2014.

Matej Bel University Cascaded signatures Ladislav Huraj Department of Computer Science Faculty of Natural Sciences Matthias Bel University Banska Bystrica.

DIGITAL SIGNATURE.

“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.

E-Business Law in China By Chris Hartnett. Signatures in China Function of a signature is to provide evidence of Function of a signature is to provide.

Digitally Signed Records – Friend or Foe? Boris Herceg Hrvoje Brzica Financial Agency – FINA Hrvoje Stančić.

Part V Electronic Commerce Security Online Security Issues Overview Managing Risk Computer Security Classifications. Security.

A Security Framework with Trust Management for Sensor Networks Zhiying Yao, Daeyoung Kim, Insun Lee Information and Communication University (ICU) Kiyoung.

Copyright BRISA 2001ITU —Multimidia in the 21st CenturyJun 5, 2001 Security Requirements for Business Communication HENRIQUE DE CONTI.

ICC eTerms Repository Supporting the PKI infrastructure and secure electronic commerce Janjaap Bos Dublin, June 2000.

DATA COLLECTION AND RECORD MANAGEMENT PRESENTED BY: MRS OLUWAFOLAKEMI A. AJAYI DEPUTY BURSAR UNIVERSITY OF IBADAN 5 TH APRIL 2016.

FIA MOBILITY & TOURISM Gerd Preuss, FIA Representative at UNECE, WP 29 Protection Against Mileage Fraud Current Status in ITS-AD 110 th GRSG Meeting Geneva,

The technology behind the USPS EPM. AND COMPLIANCE March 25, 2004 Adam Hoffman.

TAG Presentation 18th May 2004 Paul Butler

Key management issues in PGP

Cyber Security Means Locking the Front Door Too: Use High-Assurance Identity Management to Control Access to the Federal Bridge.

Hannes Kulovits, Andreas Rauber Vienna University of Technology

Trust Anchor Management Problem Statement

Trustworthiness of Preservation Systems

TAG Presentation 18th May 2004 Paul Butler

ELECTRONIC DOCUMENT: LITHUANIAN EXAMPLE

Public Key Infrastructure (PKI)

Security in ebXML Messaging

جايگاه گواهی ديجيتالی در ايران

David L. Wasley Spring 2006 I2MM

E-Lock ProSigner ProSigner means “Professional Signer” signifying the software that can apply legally enforceable Advanced electronic signatures to electronic.

Remote ATtestation ProcedureS (RATS)

Presentation transcript:

Evaluating trusted electronic documents Petr Švéda Security and Protection of Information ‘03 © 2003 Petr Švéda, FI MU.

Reliable and authentic document … data/information can be trusted only in context content – information included in a document, signature may be considered also as a part of the content context – additional evidence data to support reliability and authenticity of a document (trust path, time stamp …) structure – physical and logical format of a document, integrity is important Security and Protection of Information ‘03 © 2003 Petr Švéda, FI MU.

Signature validation … also need of contextual and structural information (certificates, cert. policy, cert. practice statements, CRL, trust paths, trust verification records) initial – soon after signature creation usual – any time after initial verification, signature creation primitives are valid archival – verification against information that were valid in past but are not secure/valid yet Security and Protection of Information ‘03 © 2003 Petr Švéda, FI MU.

Evaluation concept

Summary lack of standards and lot of proprietary solutions wide spread combined file and data formats (e.g. MS Word) cannot be trusted => need of evaluation criteria proposed evaluation concept can be extended via + notation (level 1+ = some but not all level 2 req.) Security and Protection of Information ‘03 © 2003 Petr Švéda, FI MU.

Questions? Thank you for your attention … Security and Protection of Information ‘03 © 2003 Petr Švéda, FI MU.