Presentation is loading. Please wait.

Presentation is loading. Please wait.

Civil Registry Agency of the Ministry of Justice, Georgia Digital Signature Services in Georgia Mikheil Kapanadze.

Published byPaul Holland Modified over 9 years ago

Similar presentations

Presentation on theme: "Civil Registry Agency of the Ministry of Justice, Georgia Digital Signature Services in Georgia Mikheil Kapanadze."— Presentation transcript:

1 Civil Registry Agency of the Ministry of Justice, Georgia Digital Signature Services in Georgia Mikheil Kapanadze

2 E-Document and E-Signature Law … and we know that we are late. So, we will have to work hard and fix the gap Adopted in 2008 Some changes are planned There were changes in subsequent years These regulations mainly concern certification authorities Along with the E-Signature law, Georgia adopted the technical regulations The president, other government officials and citizens (about 80 persons) put their signatures using their ID Cards On May 10, 2012 we made a first digital signature on the electronic document

3 E-Signature and Digital Signature according the law Defined as any set of the data, created based on electronic sources, which can be used by the signer to specify his/her association with the document Electronic signature An electronic signature, created using cryptographic manipulation on the data based on the private key, logically associated to the electronic document Associated to the signer only It’s possible to identify the signer The private key is under the sole control of the signer Association with the document allows to detect manipulation on the data Digital Signature

4 ID Card as secure signature creation device (SSCD) Signature key (RSA 2048) is generated on the card The private key never leaves the card The key material can not be extracted from the card Private key security 6 digits Not generated during card personalization. Must be set by the card holder The secure envelope does not contain this PIN The cardholder is supplied with 5-digit transport PIN The transport PIN can used ONLY ONCE to set the digital signature PIN It’s not possible to reset the signature PIN by PUK Digital Signature PIN

5 Additional security measures ID Card’s PKI applet is available on contact interface only No Contactless signatures All card terminals, installed at customer service points MUST support secure PIN entry The terminal must be able to use SPE when it deals with Georgian ID card Organizations are recommended to cooperate with CRA to certify their card terminals before starting operations Regulations against card readers

6 Physical security of the ID Card and PIN It’s not recommended to card holders to write down their signature PIN If the card holder can not memorize the PIN, he/she is recommended to store card and PIN separately Please, memorize your PIN The special regulation will be issued to prohibit leaving the ID card in the entrance of the building to get the pass We understand that it may introduce additional costs to the organizations but we need to minimize risks Leaving the card on the entrance of the organizations

7 Advanced electronic signatures The signature law demands to sign the document using the certificate which is valid during the signing process Thus we need to have revocation information along with the signature Secure timestamp is not mandated by the law yet but we are going to change the law accordingly This means that the signer will have to be online to sign the document Signature type and the demands of the law Signatures of *AdES family of ETSI standards were found to be permitted under the Georgian signature law As the revocation information needs to be stored in the document, the basic profiles of *AdES can not be used ETSI Standards and the signature law

8 The format of the signed documents For the signed text documents, PDF is the only format in Georgia now The format allows to store additional data as attachments Can be created by the wide range of the software “Trusted readers” exist Multiple signatures are allowed PDF/A is not mandated but highly recommended PDF (ISO 32000-1) with signature extensions Currently, signatures can not be made on non-text documents, according the signature law We are working to extend the signature law to support them Non-text documents

9 The signature format This is the only signature format now, suitable to Georgian signature law It uses non-ISO extensions to PDF defined by ETSI It is promised to put these extensions in the next ISO standard PAdES-LTV (ETSI TS 102 778-4) Other profiles are not immediately compatible with the signature law To speed up the signing process in case of multiple signers, it may be possible to use PAdES Basic/BES/EPES profiles and extend the profile to LTV as soon as possible What ASAP means in this case, needs to be defined in the law Other profiles

10 Sign-what-you-see One of the arguments of selecting PDF was that it can be read by the different tools on many platforms So, the signer can verify the document before signing and after signing It’s recommended to use the signed document only when you have reviewed it after signing How we implement the sign-what-you-see concept? ID Card demands typing the signature pin on EACH signature operation The cardholder may have a simple card reader for personal use but it is highly recommended to buy one with SPE even for home use We do not want to introduce regulations on card terminals for home use as it may slow down digital signature adoption among the population Other security measures

11 Signature tools Developed as Java Web Start application Available at https://id.gehttps://id.ge Can be used to sign confidential documents Standalone tool A web portal which allows file upload and signing Uses Java applet to communicate with card Allows document sharing to perform multi signatures Available at https://id.gehttps://id.ge Sign ’em Portal PKCS#11 driver exists for ID Card PKI Adobe Acrobat/Reader X can be configured to use this driver and sign the documents in CRA-independent way This method is not officially supported yet but we are working hard on it Adobe Acrobat X/Adobe Reader X

12 Embedding the signature creation in other software The applet, written for the Sign ‘em portal can be embedded in any web-based solution It uses easy-to-use interfaces to communicate with the outer world We plan to embed it in the unified document management system, used in the Ministry of Justice and all its agencies (CRA, NAPR, DEA, etc) Web Portals We enforce only standards, not tools/libraries/frameworks The organizations are free to use any solution available on the market which allows creation of PAdES-LTV signatures It’s strongly recommended to use tools which participate in ETSI PlugTest events for interoperability Libraries/Frameworks

13 ID.GE – ID Card, Signatures and more

14 Thank You Happy Signing!

Download ppt "Civil Registry Agency of the Ministry of Justice, Georgia Digital Signature Services in Georgia Mikheil Kapanadze."

Similar presentations

Universal Electronic Signatures Tarvi Martens ESTONIA.

Universal Electronic Signatures Tarvi Martens ESTONIA.
Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Practical Digital Signature Issues. Paving the way and new opportunities. www.oasis-open.org Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.

Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
The Austrian Governmental eDelivery System Technical Aspects Ankara, March 17th, 2015 Christian Maierhofer, EGIZ The E-Government Innovation Center is.

The Austrian Governmental eDelivery System Technical Aspects Ankara, March 17th, 2015 Christian Maierhofer, EGIZ The E-Government Innovation Center is.
Identity and Access IDPrime MD 8840 and IDCore 8030 MicroSD cards

Identity and Access IDPrime MD 8840 and IDCore 8030 MicroSD cards
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
2002 10 21 Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.

Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.
Host of the 13 th ECRF Annual Conference - Budapest 2010.

Host of the 13 th ECRF Annual Conference - Budapest 2010.
PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.

PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.
Electronic ID Card and Identification Service Development in Georgia Mikheil Kapanadze.

Electronic ID Card and Identification Service Development in Georgia Mikheil Kapanadze.
M.Sc. Hrvoje Brzica Boris Herceg, MBA Financial Agency – FINA Ph.D. Hrvoje Stancic, assoc. prof. Faculty of Humanities and Social Sciences Long-term Preservation.

M.Sc. Hrvoje Brzica Boris Herceg, MBA Financial Agency – FINA Ph.D. Hrvoje Stancic, assoc. prof. Faculty of Humanities and Social Sciences Long-term Preservation.
Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.

Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.
DIGITAL SIGNATURE AND ELECTRONIC DOCUMENTS IN ITALY Prof. Pierluigi Ridolfi AIPA Authority for Information Technology in the Public Administration V. Solferino,

DIGITAL SIGNATURE AND ELECTRONIC DOCUMENTS IN ITALY Prof. Pierluigi Ridolfi AIPA Authority for Information Technology in the Public Administration V. Solferino,
The Icelandic PKI project Jóhann Gunnarsson Head of Division, Ministry of Finance.

The Icelandic PKI project Jóhann Gunnarsson Head of Division, Ministry of Finance.
The Estonian Electronic Signature Legislation and case studies EESSI Seminar Budapest, 2001-05-08 Taavi Valdlo Estonian Informatics Centre

The Estonian Electronic Signature Legislation and case studies EESSI Seminar Budapest, Taavi Valdlo Estonian Informatics Centre
European Signatures versus Global SignaturesRome, 7 April, 2003 EESSI open specifications and interoperability The state of the art in Italy Giovanni Manca.

European Signatures versus Global SignaturesRome, 7 April, 2003 EESSI open specifications and interoperability The state of the art in Italy Giovanni Manca.
Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.

Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.
EDUCAUSE Fed/Higher ED PKI Coordination Meeting

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

Similar presentations

Ads by Google