Presentation is loading. Please wait.

Presentation is loading. Please wait.

Universal Electronic Signatures Tarvi Martens ESTONIA.

Published byIsabella Glass Modified over 11 years ago

Similar presentations

Presentation on theme: "Universal Electronic Signatures Tarvi Martens ESTONIA."— Presentation transcript:

1 Universal Electronic Signatures Tarvi Martens ESTONIA

2 What if you receive digitally signed document tomorrow? Probably you should accept and handle it !!!

3 Rationale Existing EU Directive does not provide for solid grounds for unified electronic signature deployment in Europe CEN CWA-s and ETSI standards allow for myriad of options UES: Attempt to achieve electronic signature deployment and interoperability from the Best Practice experiences

4 What is UES ? UES stands for Universal Electronic Signature UES is a concept of electronic signature with aim to universally replace handwritten signature UES is going beyond AES (Advanced Electronic Signature as of EU Directive) UES is designed for international interoperability

5 UES provides for… UES = Advanced Electronic Signature based on Qualified Certificates PLUS: electronically signed documents are equivalent to handwritten ones by legal evidence value usage domain and signatory role are not restricted signatory is uniquely identified as a physical person there are means to identify signing time of the electronic document electronically signed documents are maintaining their long-term validity UES are international

6 UES implementation UES implementation requires these components to be adjusted to UES principles: Legislation CA delivering certificates on SSCD Validation services (real-time OCSP) Deployed end-user tools Inter-PKI cooperation

7 UES actors: CA Certification Authority Produces qualified certificates on SSCD to uniquely identifiable physical persons Provides up-to-date certificate validity information to Validation Authority Generates, exchanges and maintains Trust-service Status Lists (TSL) CA details Valid CA and OCSP certificates History of validity XML-profile of ETSI TS 102 231

8 UES Actors: VA Validation Authority Issues validity confirmations using OSCP protocol (RFC 2650) Operates in real-time: acquires validity information from CA-s database Provides precise time information in responses (time-stamping) Logs and archives issued confirmations to provide for long-term validity

9 VA as an e-notary OCSP When I saw this signed document, corresponding certificate was valid CA DB I just signed the document using this certificate (Doc,Cert,time)ok Doc,Cert Secure log

10 UES Actors: Signer and Verifier Signer Generates electronically signed documents using certificate and validity confirmation Verifier Verifies electronic signatures using (cached) TSL Sharing common document format Profile of ETSI TS 101 903 aka XAdES - OpenXAdES

11 UES architecture (1) CA VA Signer Verifier Cert OCSP TSLDoc PKI 2 CA VA Signer Verifier Cert OCSP TSLDoc PKI 1

12 UES architecture (2) CA VA Signer Verifier Cert OCSP TSL Doc PKI 2 CA VA Signer Verifier Cert OCSP TSL Doc PKI 1

13 Trust model Bilateral trust model Every party has a freedom to choose trusted parties CA communicates trust through TSL-s CA 1CA 2 CA 3CA 4

14 UES Organization Currently: Memorandum of Understanding Agreeing with UES principles and model Three initial partners Estonia Belgium Finland Represented typically by Population Registries (CA-s) and incorporating partner companies More formal structure (separate organization – UES Initiative) is considered

15 UES activities General coordination Promotion, info sharing Liaisons with std. bodies Sharing enabling technology TSL distribution Joint work on different aspects: Legal issues CA service provision VA service provision Document format, interop testing

16 UES deployment Sign the MoU Allocate resources for the co-operation effort Start issuing qualified certificates The hardest part – we assume you do it already Set up your OCSP Almost any commercial OCSP Responder will do Start exchanging TSL-s To be developed Distribute and localize end-user apps www.openxades.org

17 What is OpenXAdES ? OpenXAdES is a profile of ETSI TS 101 903 aka XAdES OpenXAdES specifications and implementations (C, Java) are available at www.openxades.org OpenXAdES is a community driven free software development project OpenXAdES profile specification development is coordinated by CC (and by UES organization in the future)

18 What is DigiDoc ? DigiDoc is a set of software applications based on OpenXAdES spec/library Applications include: DigiDoc client DigiDoc portal DigiDoc webservice (SOAP) Client tested with Estonian, Finnish and Belgium ID-cards Multilingual version available now

19 Digital Signature in Estonia Available for 1.5 years 500 000 potential users 200 000 signatures Client distributed with ID-card starter kit Technology integrated in all major document handling systems and Internet banks Innumerable list of uses DigiDoc library (Win32/Unix) CSP OCSP XML ID card

20 Additional Information ID-card issuinghttp://www.pass.eehttp://www.pass.ee PKI & CAhttp://www.sk.eehttp://www.sk.ee ID-card practiceshttp://www.id.eehttp://www.id.ee Digital signature softwarewww.openxades.orgwww.openxades.org Contact point: tarvi@sk.ee www.openxades.org/ues Porvoo V: May 2004 Tallinn, Estonia

Download ppt "Universal Electronic Signatures Tarvi Martens ESTONIA."

Similar presentations

OpenXAdES & DigiDoc Tarvi Martens Estonia.

OpenXAdES & DigiDoc Tarvi Martens Estonia.
NeDAP eSecurity Action Line SOIS meeting 7.04.2006, Riga Jaak Tepandi, Estonia.

NeDAP eSecurity Action Line SOIS meeting , Riga Jaak Tepandi, Estonia.
Estonia – The Country With Identification Infrastructure Tarvi Martens SK.

Estonia – The Country With Identification Infrastructure Tarvi Martens SK.
17 March 2010 Workshop on Efficient and Effective eGovernment FASTeTEN : a Flexible Technology in Different European Administrative Contexts

17 March 2010 Workshop on Efficient and Effective eGovernment FASTeTEN : a Flexible Technology in Different European Administrative Contexts
Security standardization for Health Informatics ITU-T eHealth conference Geneva 2003-05-23 Dr Gunnar O. Klein convenor of ISO/TC 215/WG 4 Security Karolinska.

Security standardization for Health Informatics ITU-T eHealth conference Geneva Dr Gunnar O. Klein convenor of ISO/TC 215/WG 4 Security Karolinska.
© 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information.

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information.
ICAO Seminar on Aeronautical spectrum management (Cairo, 7 – 17 June 2006) SAFIRE Spectrum and Frequency Information Resource (presented by Eurocontrol)

ICAO Seminar on Aeronautical spectrum management (Cairo, 7 – 17 June 2006) SAFIRE Spectrum and Frequency Information Resource (presented by Eurocontrol)
Taxpayers registration and e-services provided by the Estonian Tax and Customs Board Karin Aleksandrov Chief Expert Service Management Department.

Taxpayers registration and e-services provided by the Estonian Tax and Customs Board Karin Aleksandrov Chief Expert Service Management Department.
European Electronic Identity Practices Country Update of Finland Speaker: Päivi Pösö Date: 26.5.2005.

European Electronic Identity Practices Country Update of Finland Speaker: Päivi Pösö Date:
PRINCIPLES OF A CALIBRATION MANAGEMENT SYSTEM

PRINCIPLES OF A CALIBRATION MANAGEMENT SYSTEM
Launching Egyptian Root CA and Inaugurating E-Signature Dr. Sherif Hazem Nour El-Din Information Security Systems Consultant Root CA Manager, ITIDA.

Launching Egyptian Root CA and Inaugurating E-Signature Dr. Sherif Hazem Nour El-Din Information Security Systems Consultant Root CA Manager, ITIDA.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Practical Digital Signature Issues. Paving the way and new opportunities. www.oasis-open.org Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.

Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.
Digital Stamps of Companies Tarvi Martens SK, Estonia.

Digital Stamps of Companies Tarvi Martens SK, Estonia.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Telia Research AB György Endersz 2001-05-08 1 European Electronic Signature Standardisation Initiative EESSI Budapest Seminar at the Hungarian Communication.

Telia Research AB György Endersz European Electronic Signature Standardisation Initiative EESSI Budapest Seminar at the Hungarian Communication.
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
S.1 Using a Global Validation Service to Unite Communities Jon Shamah EMEA Head of Sales, BBS eSecurity.

S.1 Using a Global Validation Service to Unite Communities Jon Shamah EMEA Head of Sales, BBS eSecurity.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Similar presentations

Ads by Google