Presentation is loading. Please wait.

Presentation is loading. Please wait.

Universal Electronic Signatures Tarvi Martens ESTONIA.

Similar presentations

Presentation on theme: "Universal Electronic Signatures Tarvi Martens ESTONIA."— Presentation transcript:

1 Universal Electronic Signatures Tarvi Martens ESTONIA

2 What if you receive digitally signed document tomorrow? Probably you should accept and handle it !!!

3 Rationale Existing EU Directive does not provide for solid grounds for unified electronic signature deployment in Europe CEN CWA-s and ETSI standards allow for myriad of options UES: Attempt to achieve electronic signature deployment and interoperability from the Best Practice experiences

4 What is UES ? UES stands for Universal Electronic Signature UES is a concept of electronic signature with aim to universally replace handwritten signature UES is going beyond AES (Advanced Electronic Signature as of EU Directive) UES is designed for international interoperability

5 UES provides for… UES = Advanced Electronic Signature based on Qualified Certificates PLUS: electronically signed documents are equivalent to handwritten ones by legal evidence value usage domain and signatory role are not restricted signatory is uniquely identified as a physical person there are means to identify signing time of the electronic document electronically signed documents are maintaining their long-term validity UES are international

6 UES implementation UES implementation requires these components to be adjusted to UES principles: Legislation CA delivering certificates on SSCD Validation services (real-time OCSP) Deployed end-user tools Inter-PKI cooperation

7 UES actors: CA Certification Authority Produces qualified certificates on SSCD to uniquely identifiable physical persons Provides up-to-date certificate validity information to Validation Authority Generates, exchanges and maintains Trust-service Status Lists (TSL) CA details Valid CA and OCSP certificates History of validity XML-profile of ETSI TS

8 UES Actors: VA Validation Authority Issues validity confirmations using OSCP protocol (RFC 2650) Operates in real-time: acquires validity information from CA-s database Provides precise time information in responses (time-stamping) Logs and archives issued confirmations to provide for long-term validity

9 VA as an e-notary OCSP When I saw this signed document, corresponding certificate was valid CA DB I just signed the document using this certificate (Doc,Cert,time)ok Doc,Cert Secure log

10 UES Actors: Signer and Verifier Signer Generates electronically signed documents using certificate and validity confirmation Verifier Verifies electronic signatures using (cached) TSL Sharing common document format Profile of ETSI TS aka XAdES - OpenXAdES

11 UES architecture (1) CA VA Signer Verifier Cert OCSP TSLDoc PKI 2 CA VA Signer Verifier Cert OCSP TSLDoc PKI 1

12 UES architecture (2) CA VA Signer Verifier Cert OCSP TSL Doc PKI 2 CA VA Signer Verifier Cert OCSP TSL Doc PKI 1

13 Trust model Bilateral trust model Every party has a freedom to choose trusted parties CA communicates trust through TSL-s CA 1CA 2 CA 3CA 4

14 UES Organization Currently: Memorandum of Understanding Agreeing with UES principles and model Three initial partners Estonia Belgium Finland Represented typically by Population Registries (CA-s) and incorporating partner companies More formal structure (separate organization – UES Initiative) is considered

15 UES activities General coordination Promotion, info sharing Liaisons with std. bodies Sharing enabling technology TSL distribution Joint work on different aspects: Legal issues CA service provision VA service provision Document format, interop testing

16 UES deployment Sign the MoU Allocate resources for the co-operation effort Start issuing qualified certificates The hardest part – we assume you do it already Set up your OCSP Almost any commercial OCSP Responder will do Start exchanging TSL-s To be developed Distribute and localize end-user apps

17 What is OpenXAdES ? OpenXAdES is a profile of ETSI TS aka XAdES OpenXAdES specifications and implementations (C, Java) are available at OpenXAdES is a community driven free software development project OpenXAdES profile specification development is coordinated by CC (and by UES organization in the future)

18 What is DigiDoc ? DigiDoc is a set of software applications based on OpenXAdES spec/library Applications include: DigiDoc client DigiDoc portal DigiDoc webservice (SOAP) Client tested with Estonian, Finnish and Belgium ID-cards Multilingual version available now

19 Digital Signature in Estonia Available for 1.5 years potential users signatures Client distributed with ID-card starter kit Technology integrated in all major document handling systems and Internet banks Innumerable list of uses DigiDoc library (Win32/Unix) CSP OCSP XML ID card

20 Additional Information ID-card issuinghttp://www.pass.ee PKI & CA ID-card practices Digital signature Contact point: Porvoo V: May 2004 Tallinn, Estonia

Download ppt "Universal Electronic Signatures Tarvi Martens ESTONIA."

Similar presentations

Ads by Google