Presentation is loading. Please wait.

Presentation is loading. Please wait.

TeleTrusT - Competence Association for Applied Cryptography and Biometrics Arno Fiedler (Nimbus Network) TeleTrusT Deutschland e. V.

Published byHayden Pugh Modified over 10 years ago

Similar presentations

Presentation on theme: "TeleTrusT - Competence Association for Applied Cryptography and Biometrics Arno Fiedler (Nimbus Network) TeleTrusT Deutschland e. V."— Presentation transcript:

1 TeleTrusT - Competence Association for Applied Cryptography and Biometrics Arno Fiedler (Nimbus Network) TeleTrusT Deutschland e. V. E-Mail: arno.fiedler@teletrust.de http://www.teletrust.de PKI-Forum, Amsterdam, 20 June 2002

2 Short Presentation for Project: Unified ISIS-MTT-Specifications for Interoperability and Test Systems

3 TeleTrusT - General Promoting the trustworthiness of information and communication technology Applied Cryptography & Biometrics founded in 1989 110 members: major user sectors, research organisations, developers and manufacturers of security products, government agencies, and test institutes. non-profit, political independent

4 ISIS-MTT – The Foundation European Bridge-CA ISIS-MTT Common ISIS-MTT Specification for Interoperability and Test Systems E-Business Authentifizierung von Usern und Servern Vertrauliche Kommunikation (SSL) Dateiverschlüsselung Verschlüsselte E-Mail (S/MIME) Datenauthentizität und -integrität (elektron. Singatur) Zeitstempeldienst VPN Single Sign On weitere PKI-Dienste

5 TeleTrusT: Working Groups Interoperability, Standards, Appropriate Security Legal aspects of the liability of communications (WG1) Security architecture / IC-Card security (WG2) Applications in health services (WG3) Open e-commerce security (WG4) Promotions (WG5) Biometrics identification (WG6) Public key infrastructure (WG7) MailTrusT (WG8) Chipcard-terminals (Project, MKT, UCTS)

6 Primary Tasks of TeleTrusT Influence German and European IT-security policy and national legislation. Lobby bills on IT- security. Endorse the establishment of comprehensive standards ensuring interoperability among suppliers [e.g. standards for PKI applications (ISIS-MTT), Bridge-CA]. Promote innovative technologies (e.g. biometric techniques)

7 TeleTrusT Project - BioTrusT Project started in 1999 and finished in March 2002. Internationally unique project. Over 30 partners from Germany, Austria, Sweden, Israel and the US tested multiple biometric systems. The project was accompanied by research institutes, consumer advocats and privacy officer. First implemetation of the BioAPI standard.

8 European Bridge-CA Initiated in 2000 and put into action in 2001 Unique public-private partnership...to create a bridge of trust between different PKIs world-wide...to enable secure electronic communication between organizations (corporations and administrations)...to establish a mutual basis for the use of digital signatures in processes and applications...to set standards for inter-organizational electronic communication Applied principles: practicality, flexibility, interoperability, safeguarding of investments

9 Bridge-CA: participating & interested parties BMW Deutsche Telekom Deutsche Bank Sparkassen Informations Zentrum Bundesamt für Sicherheit in der Informationstechnik DaimlerChrysler Siemens Giesecke & Devrient TC TrustCenter Dresdner Bank Émagine Arthur Andersen SAP D-Trust Utimaco Secude

10 TeleTrusT Project - ISIS-MTT Common ISIS-MTT Specification for Interoperability and Test Systems Joint project of more than 40 leading companies and organizations to create a widely accepted synthesis of existing international standards for electronic signatures, encryption and authentication. The aim is to ensure the unrestricted interoperability between applications including those with different security requirements.

11 Objectives of the project: Synthesis of already available specifications towards a unified and open standard. This standard should take into account the current technical and legal requirements and should receive active support by the market players. Development of a test specification and a test bench, which allows the applications developers to prove their ISIS-MTT-interoperability Investment protection for users because of exchange- ability of single components.

12 Involved partner organizations: T7 e. V. i. G. (direct) (ISIS-Spec.) interest group of leading (german) providers of certification services. TeleTrusT e. V. (direct) (MailTrusT-Spec.) competence association of major companies and organizations concerned with trusted digital communication. Additional Bodies comprise (selection): AG INDI (indirect) Bundesverband Deutscher Banken (indirect) Media@kom-Projektpartner (indirect) Arbeitsgemeinschaft Karten im Gesundheitswesen (indirect)

13 ISIS-MTT document structure: Part 1: Certificate and CRL Profiles, Part 2: PKI Management, Part 3: Message Formats, Part 4: Operational Protocols, Part 5: Certificate Path Validation, Part 6: Cryptographic Algorithms, Part 7: Cryptographic Token Interface, Profile: SigG-conforming Systems and Applications and Profile: Optional Enhancements to the SigG-Profile. CORE-SPECCORE-SPEC OPTIONALOPTIONAL

14 #ObjectContent of the ISIS-MTT-Core-Profile 1Certificate ProfileStandard X.509 V3; Qualified Certs According ETSI QCP (RFC 3039 ) Attributes allowed in Key Certificates 1.3Attribut CertificateStandard X.509 V2 1.4CRLStandard CRL (including Delta CRL) 2PKI ManagementSimple PKI-Management as in CMC 3S/MIMESubset of S/MIME for mail 4.2LDAPStandard LDAP V.3, no restrictions to DIT 4.3OCSPStandard OCSP Optional extension for positive statement 4.4TSPStandard TSP, no profiling yet 5Certificate Path Validation Standard PKIX procedures 6Algorithms etclook to: www.teletrust.de 7PKCS#11 Profile ISIS-MTT- behind the cover

15 CASCAS EMPFÄNGEREMPFÄNGER CAXCAX SENDERSENDER ISIS-MTT and the Infrastructure:

16 Actions planned for 2002 Development of a usable test bench for realistic test of applications and services. Awarding of a Quality Seal for applications with proven interoperability. Further development of ISIS-MTT specification. Further contribution from the specification to the international standardization. Strengthening of public relations and project management. Development of a XML-Profile.

17 Benefits of the project Interoperability at application level increases acceptance of signature, encryption and authentication products in E-government and E- commerce. Interoperability is an investment incentive for applications developers and ensures portability of applications. Interoperability provides choices of services and products for the users and could possibly save costs (e.g. Media@Kom)

18 Core theses for ISIS-MTT: ISIS-MTT is a free-of-charge offering to PKI integration to all applications developers. ISIS-MTT is internationally aligned, existing standards are used an extended ISIS-MTT defines a complete security architecture: encryption, authentication and signing. ISIS-MTT provides for different security levels; legal binding according to German signature law is just an option. ISIS-MTT interoperability criteria are publicly defined and provable through a test bench.

19 Besonderheiten im SigG-Profile Verifikation nach dem Kettenmodell –nicht konform zu PKIX und EESSI –z.Zt. Prüfung auf SigG-Konformität des Schalenmodells OCSP-Positivauskünfte im Kontext SigG –erzwungen durch Anforderungen des deutschen Gesetzgebers (SigG §15) Proprietäre Inhalte in optional Enhancements SigG –RetrieveIfAllowed, CertInDirSince, DateOfCertGen

20 CUT EE Component CUT CA Component Tester Web-Browser Web-Server LDAP-Server Mail-Server http Test Tools pop3 ldap smtp LDAP-Client ldap smtp CGI-Skripts ocsp http ocsp File Transfer File Transfer File Transfer Web-ClientDNS-Server dns Test Data Testbed Prototype Platform

21 ISIS-MTT-Serviceprovider: DATEV e. G.D-TRUST GmbH ITSGDeutsche Telekom AG Telesec TC TrustcenterCCI Sema Group Fraunhofer IBTAddtrust AB Medizon AGWV Deutscher Apotheker

22 ISIS-MTT-Application-Provider: Applied Security GmbHBGS Systemplanung GmbH Curiavant GmbHCV Cryptovision GmbH DATEV e. G.DE-CODA GmbH Microsoft Inc.Secartis GmbH Secrypt GmbHSECUDE GmbH Signcard GmbHTÜV Süddeutschland Utimaco AGFaktum GmbH

23 ISIS-MTT-actual and potential user: Deutsche Bank AGDresdner Bank AG Daimler-ChryslerBSI Kassenärztliche BVSiemens AG SiemensBMW Sparkassen InformatikBank 24 Cable & WirelessSAP Giesecke & DevrientAthur Andersen

24 ISIS-MTT-Lessons learned: Don´t discuss the legal aspects too much, you can´t find a 100 percent solution! (not even 80 %) To get a committment for a profile like ISIS-MTT is hard work, lobbying doesn´t work via e-mail. Try to understand the needs of the different markets, but take care about specific requirements which are propriatory. Keep the project interesting, the work is never done. (Testbench, XML....

25 Contacts for the project TeleTrusT: www.teletrust.de Mr. Prof. Helmut Reimer, TeleTrusT e.V. Helmut.Reimer@teletrust.de Mr. Schneider und Herr Giessler (Editor), Fraunhofer SIT Mr. Bauspiess, Secorvo T7 e. V. i. G.: www.t7-isis.de Mr. Bernd Kowalski, DT AG, telesec; bernd.kowalski@t-systems.de Mr. Lindemann, TC Trustcenter Mr. Pfeuffer, Datev Mr. Horvath (Editor), Secunet Ms. Ulrike Korte, Sparkassen Informatik Kooperation Project management and public relations: Mr. Fiedler, Nimbus Network; Arno.Fiedler@teletrust.de

Download ppt "TeleTrusT - Competence Association for Applied Cryptography and Biometrics Arno Fiedler (Nimbus Network) TeleTrusT Deutschland e. V."

Similar presentations

Universal Electronic Signatures Tarvi Martens ESTONIA.

Universal Electronic Signatures Tarvi Martens ESTONIA.
Chapter 14 Intranets & Extranets. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Introduction Technical Infrastructure Planning an Intranet.

Chapter 14 Intranets & Extranets. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Introduction Technical Infrastructure Planning an Intranet.
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.
Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
OGSA Security Profile 2.0 (a.k.a. Express Authentication Profile) DUANE MERRILL October 18, 2007.

OGSA Security Profile 2.0 (a.k.a. Express Authentication Profile) DUANE MERRILL October 18, 2007.
1 Why ETSI is the place to bridge EU and LA initiatives on e-administration Francisco Da Silva Chairman of the Kick Off Meeting Sophia Antipolis,

1 Why ETSI is the place to bridge EU and LA initiatives on e-administration Francisco Da Silva Chairman of the Kick Off Meeting Sophia Antipolis,
© Copyright 1998-2001 International Telecommunication Union (ITU). All Rights Reserved page - 1 Alexander NTOKO Project Manager, ITU Electronic Commerce.

© Copyright International Telecommunication Union (ITU). All Rights Reserved page - 1 Alexander NTOKO Project Manager, ITU Electronic Commerce.
Fraunhofer Institute Secure Telecooperation Areas of Work.

Fraunhofer Institute Secure Telecooperation Areas of Work.
17 March 2010 Workshop on Efficient and Effective eGovernment FASTeTEN : a Flexible Technology in Different European Administrative Contexts

17 March 2010 Workshop on Efficient and Effective eGovernment FASTeTEN : a Flexible Technology in Different European Administrative Contexts
A global Service layer platform for M2M communications

A global Service layer platform for M2M communications
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May 11.-12., 2000, Paris, Folie 1/18Klaus J. Keus, BSI Electronic Signatures in Germany,

Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May , 2000, Paris, Folie 1/18Klaus J. Keus, BSI Electronic Signatures in Germany,
Practical Digital Signature Issues. Paving the way and new opportunities. www.oasis-open.org Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.

Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.
Electronic commerce EDI (8 decade) – base of EC. 1994 – “Netscape” – propose SSL (Secure Sockets Layer) 1995 – “Amazon.com” “eBay.com” 1998 – DSL (Digital.

Electronic commerce EDI (8 decade) – base of EC – “Netscape” – propose SSL (Secure Sockets Layer) 1995 – “Amazon.com” “eBay.com” 1998 – DSL (Digital.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
Cryptography and Network Security

Cryptography and Network Security
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

Similar presentations

Ads by Google