Presentation on theme: "TeleTrusT - Competence Association for Applied Cryptography and Biometrics Arno Fiedler (Nimbus Network) TeleTrusT Deutschland e. V."— Presentation transcript:
TeleTrusT - Competence Association for Applied Cryptography and Biometrics Arno Fiedler (Nimbus Network) TeleTrusT Deutschland e. V. PKI-Forum, Amsterdam, 20 June 2002
Short Presentation for Project: Unified ISIS-MTT-Specifications for Interoperability and Test Systems
TeleTrusT - General Promoting the trustworthiness of information and communication technology Applied Cryptography & Biometrics founded in members: major user sectors, research organisations, developers and manufacturers of security products, government agencies, and test institutes. non-profit, political independent
ISIS-MTT – The Foundation European Bridge-CA ISIS-MTT Common ISIS-MTT Specification for Interoperability and Test Systems E-Business Authentifizierung von Usern und Servern Vertrauliche Kommunikation (SSL) Dateiverschlüsselung Verschlüsselte (S/MIME) Datenauthentizität und -integrität (elektron. Singatur) Zeitstempeldienst VPN Single Sign On weitere PKI-Dienste
TeleTrusT: Working Groups Interoperability, Standards, Appropriate Security Legal aspects of the liability of communications (WG1) Security architecture / IC-Card security (WG2) Applications in health services (WG3) Open e-commerce security (WG4) Promotions (WG5) Biometrics identification (WG6) Public key infrastructure (WG7) MailTrusT (WG8) Chipcard-terminals (Project, MKT, UCTS)
Primary Tasks of TeleTrusT Influence German and European IT-security policy and national legislation. Lobby bills on IT- security. Endorse the establishment of comprehensive standards ensuring interoperability among suppliers [e.g. standards for PKI applications (ISIS-MTT), Bridge-CA]. Promote innovative technologies (e.g. biometric techniques)
TeleTrusT Project - BioTrusT Project started in 1999 and finished in March Internationally unique project. Over 30 partners from Germany, Austria, Sweden, Israel and the US tested multiple biometric systems. The project was accompanied by research institutes, consumer advocats and privacy officer. First implemetation of the BioAPI standard.
European Bridge-CA Initiated in 2000 and put into action in 2001 Unique public-private partnership...to create a bridge of trust between different PKIs world-wide...to enable secure electronic communication between organizations (corporations and administrations)...to establish a mutual basis for the use of digital signatures in processes and applications...to set standards for inter-organizational electronic communication Applied principles: practicality, flexibility, interoperability, safeguarding of investments
Bridge-CA: participating & interested parties BMW Deutsche Telekom Deutsche Bank Sparkassen Informations Zentrum Bundesamt für Sicherheit in der Informationstechnik DaimlerChrysler Siemens Giesecke & Devrient TC TrustCenter Dresdner Bank Émagine Arthur Andersen SAP D-Trust Utimaco Secude
TeleTrusT Project - ISIS-MTT Common ISIS-MTT Specification for Interoperability and Test Systems Joint project of more than 40 leading companies and organizations to create a widely accepted synthesis of existing international standards for electronic signatures, encryption and authentication. The aim is to ensure the unrestricted interoperability between applications including those with different security requirements.
Objectives of the project: Synthesis of already available specifications towards a unified and open standard. This standard should take into account the current technical and legal requirements and should receive active support by the market players. Development of a test specification and a test bench, which allows the applications developers to prove their ISIS-MTT-interoperability Investment protection for users because of exchange- ability of single components.
Involved partner organizations: T7 e. V. i. G. (direct) (ISIS-Spec.) interest group of leading (german) providers of certification services. TeleTrusT e. V. (direct) (MailTrusT-Spec.) competence association of major companies and organizations concerned with trusted digital communication. Additional Bodies comprise (selection): AG INDI (indirect) Bundesverband Deutscher Banken (indirect) (indirect) Arbeitsgemeinschaft Karten im Gesundheitswesen (indirect)
ISIS-MTT document structure: Part 1: Certificate and CRL Profiles, Part 2: PKI Management, Part 3: Message Formats, Part 4: Operational Protocols, Part 5: Certificate Path Validation, Part 6: Cryptographic Algorithms, Part 7: Cryptographic Token Interface, Profile: SigG-conforming Systems and Applications and Profile: Optional Enhancements to the SigG-Profile. CORE-SPECCORE-SPEC OPTIONALOPTIONAL
#ObjectContent of the ISIS-MTT-Core-Profile 1Certificate ProfileStandard X.509 V3; Qualified Certs According ETSI QCP (RFC 3039 ) Attributes allowed in Key Certificates 1.3Attribut CertificateStandard X.509 V2 1.4CRLStandard CRL (including Delta CRL) 2PKI ManagementSimple PKI-Management as in CMC 3S/MIMESubset of S/MIME for mail 4.2LDAPStandard LDAP V.3, no restrictions to DIT 4.3OCSPStandard OCSP Optional extension for positive statement 4.4TSPStandard TSP, no profiling yet 5Certificate Path Validation Standard PKIX procedures 6Algorithms etclook to: 7PKCS#11 Profile ISIS-MTT- behind the cover
CASCAS EMPFÄNGEREMPFÄNGER CAXCAX SENDERSENDER ISIS-MTT and the Infrastructure:
Actions planned for 2002 Development of a usable test bench for realistic test of applications and services. Awarding of a Quality Seal for applications with proven interoperability. Further development of ISIS-MTT specification. Further contribution from the specification to the international standardization. Strengthening of public relations and project management. Development of a XML-Profile.
Benefits of the project Interoperability at application level increases acceptance of signature, encryption and authentication products in E-government and E- commerce. Interoperability is an investment incentive for applications developers and ensures portability of applications. Interoperability provides choices of services and products for the users and could possibly save costs (e.g.
Core theses for ISIS-MTT: ISIS-MTT is a free-of-charge offering to PKI integration to all applications developers. ISIS-MTT is internationally aligned, existing standards are used an extended ISIS-MTT defines a complete security architecture: encryption, authentication and signing. ISIS-MTT provides for different security levels; legal binding according to German signature law is just an option. ISIS-MTT interoperability criteria are publicly defined and provable through a test bench.
Besonderheiten im SigG-Profile Verifikation nach dem Kettenmodell –nicht konform zu PKIX und EESSI –z.Zt. Prüfung auf SigG-Konformität des Schalenmodells OCSP-Positivauskünfte im Kontext SigG –erzwungen durch Anforderungen des deutschen Gesetzgebers (SigG §15) Proprietäre Inhalte in optional Enhancements SigG –RetrieveIfAllowed, CertInDirSince, DateOfCertGen
CUT EE Component CUT CA Component Tester Web-Browser Web-Server LDAP-Server Mail-Server http Test Tools pop3 ldap smtp LDAP-Client ldap smtp CGI-Skripts ocsp http ocsp File Transfer File Transfer File Transfer Web-ClientDNS-Server dns Test Data Testbed Prototype Platform
ISIS-MTT-Serviceprovider: DATEV e. G.D-TRUST GmbH ITSGDeutsche Telekom AG Telesec TC TrustcenterCCI Sema Group Fraunhofer IBTAddtrust AB Medizon AGWV Deutscher Apotheker
ISIS-MTT-actual and potential user: Deutsche Bank AGDresdner Bank AG Daimler-ChryslerBSI Kassenärztliche BVSiemens AG SiemensBMW Sparkassen InformatikBank 24 Cable & WirelessSAP Giesecke & DevrientAthur Andersen
ISIS-MTT-Lessons learned: Don´t discuss the legal aspects too much, you can´t find a 100 percent solution! (not even 80 %) To get a committment for a profile like ISIS-MTT is hard work, lobbying doesn´t work via . Try to understand the needs of the different markets, but take care about specific requirements which are propriatory. Keep the project interesting, the work is never done. (Testbench, XML....
Contacts for the project TeleTrusT: Mr. Prof. Helmut Reimer, TeleTrusT e.V. Mr. Schneider und Herr Giessler (Editor), Fraunhofer SIT Mr. Bauspiess, Secorvo T7 e. V. i. G.: Mr. Bernd Kowalski, DT AG, telesec; Mr. Lindemann, TC Trustcenter Mr. Pfeuffer, Datev Mr. Horvath (Editor), Secunet Ms. Ulrike Korte, Sparkassen Informatik Kooperation Project management and public relations: Mr. Fiedler, Nimbus Network;