Presentation is loading. Please wait.

Presentation is loading. Please wait.

Creating Signatures at User Agents Comparing Transport Bindings.

Published byDarrell Wilkerson Modified over 9 years ago

Similar presentations

Presentation on theme: "Creating Signatures at User Agents Comparing Transport Bindings."— Presentation transcript:

1 Creating Signatures at User Agents Comparing Transport Bindings

2 Use Case Assumptions A User-Agent is used as a Signature Creation Device, possibly by means of an SSCD, but cannot perform all verification functions nor all kinds of complex signature creation functions. A User-Agent has limited software & performance capabilities; it cannot manipulate the document itself. A User-Agent always initiates the transaction. A document remains at it’s current location at the Remote-End. A remote Digital Signature Service is used to handle the complexities of the signature creation. As an example, a User-Agent can be a Mobile Device or an Applet in the browser. The OASIS DSS Core is used.

3 Use Case Actor The End-User of the User-Agent. System The User-Agent, communicating with a remote system for document handling and signature creation.

4 Use Case Basic Flow –Actor selects document. –User Agent remembers the selected document at the remote end. –Actor requests a signing operation for the document. –User Agent asks the user for a PIN or Password. –Actor enters the PIN or Password –User Agent calculates the signature using the (Secure) Signature Creation Device and presents the signed document, at the remote end, to the user. –Actor views the signed document.

5 System Aspects The User Agent is capable of creating a raw digital signature; it needs the hash of the document to create the raw signature. The document is at the Remote End. Scenario’s –1: Remote End requests DSS to do the signature creation; DSS delegates the raw signature creation to the User Agent. –2: Remote End calculates the hash, requests the User Agent to create a raw signature and requests DSS to ‘complete’ the signature creation (the request contains the raw signature). –Case 2 requires the User Agent to have a ‘thin’ implemention of the DSS interface. –Both cases require 2 interactions between the User Agent and the Remote End for the signature creation. 12

6 User Agent Remote System Digital Signature Service (S)SCD @ User Agent Select document Sign document Calculate Hash DSS-Request(Complex) DSS-Request(PKCS#1) DSS-Response Prepare request for document Verification, Timestamping, Revocation Info, etc.... Sign Hash Sequence Diagram 1 – Delegated DSS Document signed 1 2

7 User Agent Remote System Digital Signature Service (S)SCD @ User Agent Select document Sign document Calculate Hash DSS-Request(Complex) DSS-Request(PKCS#1) DSS-Response Prepare request for document Verification, Timestamping, Revocation Info, etc.... Sign Hash Sequence Diagram 2 – Composite DSS Document signed 1 2

8 Interaction User Agent Initiate Request –Hash is calculated at the ‘Remote End’ Create signature –Hash is signed at the User Agent In all cases the client (User Agent) initiates the requests to the Remote End. Possible Transport Bindings: PAOS, reverse SOAP. ebMS v3, using the ‘polling’ mode. Two separate SOAP calls.

9 POAS – Sequence 1 (1) Sign document (2) DSS-Request(PKCS#1) (2) DSS-Response (1) Document signed Calculate Hash Sign Hash DSS DSS-Response Digital Signature Service DSS-Request(Complex) Prepare DSS request Different session! Remote System

10 POAS – Sequence 2 (1) Sign document (2) DSS-Request(PKCS#1) (2) DSS-Response (1) Document signed Calculate Hash Sign Hash DSS DSS-Request(Complex) DSS-Response Digital Signature Service Remote System

11 POAS Usage Sequence 1 seems more complex than Sequence 2 –The request/response “(2) DSS- Request(PKCS#1)” is a new session, initiated by the DSS server... –... That request has to be correlated, by the Remote End, to the first POAS R/R, to put the “(2) DSS-Request(PKCS#1)” into the POAS response.

12 (1) Document signed (1) Sign document ebMSv3 – Sequence 1 User Agent Remote System Digital Signature Service (S)SCD @ User Agent PUSH(Request(Sign document)) MSH AMSH BMSH A PULL(Request) (2) DSS-Request(PKCS#1) PUSH(Response) (2) DSS-Response PULL(Response) Calculate Hash DSS-Request(Complex) DSS-Response Verification, Timestamping, Revocation Info, etc.... Sign Hash MSH C

13 (2) DSS-Response (2) DSS-Request(PKCS#1) (1) Document signed (1) Sign document ebMSv3 – Sequence 2 User Agent Remote System Digital Signature Service (S)SCD @ User Agent PUSH(Request(Sign document)) MSH AMSH BMSH A Calculate Hash PULL(Request) PUSH(Response) PULL(Response) DSS-Request(Complex) DSS-Response Verification, Timestamping, Revocation Info, etc. Sign Hash

14 ebMS Usage Sequence 1 –Requires DSS server to use ebMSv3 –Pull Request from User Agent has to be routed via the Remote System. Sequence 2 –Does not require DSS server to use ebMSv3 –No routing issue How does the ebMSv3 ‘client’ compare to the POAS ‘client’ at the User Agent regarding implementation complexity?

Download ppt "Creating Signatures at User Agents Comparing Transport Bindings."

Similar presentations

ProAssist ® complex assistance services management system Global Assistance & INGENIUM Praha.

ProAssist ® complex assistance services management system Global Assistance & INGENIUM Praha.
Use Case Diagrams Damian Gordon.

Use Case Diagrams Damian Gordon.
Practical Digital Signature Issues. Paving the way and new opportunities. www.oasis-open.org Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.

Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.
Copyright Hub Software Engineering Ltd 2010All rights reserved Hub Document Exchange Product Overview Secure Transmission for Transaction-based Documents.

Copyright Hub Software Engineering Ltd 2010All rights reserved Hub Document Exchange Product Overview Secure Transmission for Transaction-based Documents.
Step Up Authentication in SAML (and XACML) Hal Lockhart February 6, 2014.

Step Up Authentication in SAML (and XACML) Hal Lockhart February 6, 2014.
30.04.2015 1 Web Services Architecture Usage Scenarios W3C Working Group Note 11 February 2004 Selected Use Cases & Usage Scenarios Michal Zaremba.

Web Services Architecture Usage Scenarios W3C Working Group Note 11 February 2004 Selected Use Cases & Usage Scenarios Michal Zaremba.
Virtual Ticketing Agents using Web Services and J2EE Advisor: Dr. Chung-E-Wang Date: 05/06/03 Naveen Repala.

Virtual Ticketing Agents using Web Services and J2EE Advisor: Dr. Chung-E-Wang Date: 05/06/03 Naveen Repala.
CSIS0402 System Architecture K.P. Chow University of Hong Kong.

CSIS0402 System Architecture K.P. Chow University of Hong Kong.
28.2 Functionality Application Software Provides Applications supply the high-level services that user access, and determine how users perceive the capabilities.

28.2 Functionality Application Software Provides Applications supply the high-level services that user access, and determine how users perceive the capabilities.
Introduction to Cryptography

Introduction to Cryptography
Modelling Feature Interaction Patterns in Nokia Mobile Phones using Coloured Petri Nets and Design/CPN Louise Lorentsen University of Aarhus Antti-Pekka.

Modelling Feature Interaction Patterns in Nokia Mobile Phones using Coloured Petri Nets and Design/CPN Louise Lorentsen University of Aarhus Antti-Pekka.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Copyright W. Howden1 Lecture 19: Intro to O/O Components.

Copyright W. Howden1 Lecture 19: Intro to O/O Components.
Collaboration Diagrams. Example Building Collaboration Diagrams.

Collaboration Diagrams. Example Building Collaboration Diagrams.
Use cases and requirement specification - 1 Use case diagrams 3 use cases System boundaries Remember: Use case diagramming is a tool, not the requirements.

Use cases and requirement specification - 1 Use case diagrams 3 use cases System boundaries Remember: Use case diagramming is a tool, not the requirements.
DSS and the use of separate (secure) signature creation devices.

DSS and the use of separate (secure) signature creation devices.
Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.

Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.
Prashanth Kumar Muthoju

Prashanth Kumar Muthoju
TrustPort Public Key Infrastructure. WWW.TRUSTPORT.COM Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)

Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)

Similar presentations

Ads by Google