21 mai 2015 Bridges between Certification Authorities.

Slides:

Advertisements

Similar presentations

Universal Electronic Signatures Tarvi Martens ESTONIA.

Advertisements

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

AFACT eCOO WG interim meeting - Conference Call 1st March of 2011 Mahmood Zargar eCOO Experiences and Standards.

Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

Telia Research AB György Endersz European Electronic Signature Standardisation Initiative EESSI Workshop Barcelona, György Endersz,

Telia Research AB György Endersz European Electronic Signature Standardisation Initiative EESSI Budapest Seminar at the Hungarian Communication.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Copyright Judith Spencer This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Mountain View 25, 26 Sept 2007 The importance of incorporating XAdES extensions into ongoing XML-Sig work W3C Workshop on Next Steps for XML Signature.

Dematerialization of Organisations’ Key Business Processes Security and e-Invoicing ATHENEE PALACE HILTON, Bucuresti September 21 st 2004 Genovel Iovu.

S.1 Using a Global Validation Service to Unite Communities Jon Shamah EMEA Head of Sales, BBS eSecurity.

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.

Summary of ETSI/ESI activities Andrea Caccia ETSI/ESI TB member Note: This document expresses only the views of its author.

Jaroslav Pinkava May 2001 Certification Authority in Praxis. Security Aspects. Conference Security and Protection of Information Ing. Jaroslav Pinkava,

© ETSI 2012 All rights reserved EUROPEAN UNION MANDATE/460 Kloster Banz Presented by Arno Fiedler, Member of European Telecommunications Standards.

Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.

1 Bridge/Gateway CA Project Status Gzim OCAKOGLU European Commission – DG ENTR / IDABC Reykjavik – 27 May 2005.

1 ESTIO 21/05/2015 Electronic Signature Testsuit for Inter-Operability A project supported by the EU ISIS programme.

M.Sc. Hrvoje Brzica Boris Herceg, MBA Financial Agency – FINA Ph.D. Hrvoje Stancic, assoc. prof. Faculty of Humanities and Social Sciences Long-term Preservation.

Legal Issues on PKI & qualified electronic certificates. THIBAULT VERBIEST Attorney-at-law at the Brussels and Paris Bar Professor at the Universities.

DIGITAL SIGNATURE AND ELECTRONIC DOCUMENTS IN ITALY Prof. Pierluigi Ridolfi AIPA Authority for Information Technology in the Public Administration V. Solferino,

Understanding Active Directory

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Unlinkable Secret Handshakes and Key-Private Group Key Management Schemes Author: Stanislaw Jarecki and Xiaomin Liu University of California, Irvine From:

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.

Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy.

ISA programme: Secure-related initiatives Miguel Alvarez Rodríguez.

IDA Security Experts Workshop Olivier LIBON Vice President – GlobalSign November 2000.

Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

OASIS OASIS Digital Signature Services Juan Carlos Cruellas Juan Carlos Cruellas Andreas Kuehne Stefan Drees Ernst Jan van Nigtevecht.

1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.

8 Nob 06 / CEN/ISSS ETSI STF 305: Procedures for Handling Advanced Electronic Signatures on Digital Accounting CEN/ISSS Workshop.

Selected problems of the e-signature law and of its implementation Doc. RNDr. Daniel Olejár, CSc. Department of computer science Comenius University, Bratislava.

PRESENTATION OF ETSI © ETSI All rights reserved Sophia Antipolis, 22 May 2014 Luis Jorge Romero Director General, ETSI.

Trust Anchor Management Problem Statement 69 th IETF Trust Anchor Management BOF Carl Wallace.

Digital Signatures A Brief Overview by Tim Sigmon August, 2000.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.

Unit 1: Protection and Security for Grid Computing Part 2

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

1 June Richard Guida Stephanie Evans Johnson & Johnson Director, WWIS WWIS SAFE Infrastructure Overview.

Digital Signatures A Brief Overview by Tim Sigmon April, 2001.

Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.

Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.

Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March Electronic Signature infrastructure for Europe Riccardo Genghini Cen/Isss.

Update on PKI Activities in the Spanish Academic Network PKI-COORD November 26, Amsterdam.

PKI and the U.S. Federal E- Authentication Architecture Peter Alterman, Ph.D. Assistant CIO for e-Authentication National Institutes of Health Internet2.

EESSI June 2000Slide 1 European Electronic Signature Standardization Hans Nilsson, iD2 Technologies, Sweden.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Bridge Certification Architecture A Brief Overview by Tim Sigmon May, 2000.

Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

LECTURE – V e-COMMERCE İstanbul Commerce University Vocational School.

1 Public Key Infrastructure Rocky K. C. Chang 6 March 2007.

The Trusted Network · · · LEFIS PKI · · · 2 nd June, 2006 · Sofia by Leonardo Catalinas · May 2006

Cross border electronic signature services Ingmar Vali Head of Court Registers Department Centre of Registers and Information Systems

OASIS Juan Carlos Cruellas – UPC Stefan Drees - DSS-X co-chair Nick Pope – Thales eSecurity OASIS Digital Signature Services and ETSI standards Juan Carlos.

Frank Schipplick Work Package Coordinator WP1 - eSignatures.

TAG Presentation 18th May 2004 Paul Butler

OASIS Digital Signature Services and ETSI standards Juan Carlos Cruellas – UPC Stefan Drees - DSS-X co-chair Nick Pope – Thales.

TAG Presentation 18th May 2004 Paul Butler

ELECTRONIC DOCUMENT: LITHUANIAN EXAMPLE

SPOCS : Simple Procedures Online for Crossborder Services

Public Key Infrastructure (PKI)

Dan Tofan | Expert in NIS 21st Art. 13a WG| LISBON |

David L. Wasley Spring 2006 I2MM

PKI (Public Key Infrastructure)

Presentation transcript:

21 mai 2015 Bridges between Certification Authorities

Content 1.EU Services Directive 2.Interoperability of EU security infrastructures 3.Interoperability of electronic signatures 4.Conclusions 1.EU Services Directive 2.Interoperability of EU security infrastructures 3.Interoperability of electronic signatures 4.Conclusions

1.EU Services Directive

Directive 2006/123/EC By the end of 2009, service providers should be able to use, nationally and cross-borders, electronic procedures as set out in Art. 8 of the Services Directive. Main building blocks for the use of e-procedures: e-signatures e-identification and e-documents

Directive 2006/123/EC Steps to be followed to implement the e-procedures: Define interoperability framework between Certificate Service Providers from all the Member States Define common formats for the e-signatures Possible solutions for interoperability Bridge Certification Authorities Trusted Lists

2. Interoperability of EU security infrastructures

21 mai 2015 Bridge Certification Authorities PKIs evolve from organizational islands towards national and international wide networks interconnected via bridging entities. BCA’s provide cryptographic interoperability, policies harmonization and certificate status validation related services. There is not yet a standardized solution for building BCAs but there are already implementation at international and national level.

21 mai 2015 Bridge Certification Authorities Corporate/governmental PKIs may implement different architectures, security policies, and cryptographic suites. A flexible mechanism is needed to link corporate/governmental PKIs and translate their corporate relationship into the electronic world. BCA architecture was designed to address the shortcomings of the two basic PKI architectures, and to link PKIs that implement different architectures.

21 mai 2015 Bridge Certification Authorities

21 mai 2015 Establish trust relationships User trusts the CA that issued his certificate Trust relationship established hierarchically within the organizational PKI Trust relationship established using cross- certification between each Organizational PKI and Bridge User PKI 1 Org. PKI 1 Bridge CA Org. PKI 2 User PKI 2 Trusts

Trusted Lists “Trusted List”: term used to designate the Supervision/ Accreditation Status List of those services from QCSPs that are supervised/ accredited by a Member State's Supervisory Body that is in charge to establish, securely publish and maintain such a list in the context and requirements of the eSignature Directive (1999/93/EC).

Trusted Lists Trusted List aims to solve the validation problem of QES (Qualified Electronic Signatures) and AdES (Advanced Electronic Signatures) supported by QEC (Qualified Electronic Certificate) in a cross-border context: supports the interoperability and facilitates the cross- border use of e-signatures contains structured information needed for the validation of the electronic signature by the relying party complements the information available in the certificate of the signer and related chain of certification supporting a QES or an AdES supported by a QEC

3. Interoperability of electronic signatures

Interoperability of electronic signatures A reference format for AdES is needed to facilitate the cross-border use of QES Using XAdES (CAdES), signers may incorporate certain properties into the XMLSig (CMS) signature structure before computing the signature value and including them in its computation. Signers or other parties may request and incorporate a time-stamp on the signature, which provides a trusted upper boundary on the generation time. Using XAdES (CAdES), verifiers or third parties may incorporate properties encompassing the long-term lifecycle of the signature, which after their generation includes first verification, storage for several years, and auditing.

Interoperability of electronic signatures ETSI organizes XAdES/CAdES interoperability tests certSIGN the only Romanian company involved in the ETSI interoperability tests developed its own software for implementing XAdES/CAdES signature formats successfully passed the tests

4. Conclusions

Conclusions Solving interoperability issues is the keystone element of implementing pan-European services Governments, industry and independent organizations shall be involved certSIGN– reliable partner to implement interoperability projects based on: Previous experience in implementing operational Bridging Certification Authorities (Romanian National Defense System) Own developed software modules tested in ETSI interoperability tests Competencies in PKI and information security field

Contact Adrian Floarea Business Development Director certSIGN Phone: Fax: Mobil: