European Signatures versus Global SignaturesRome, 7 April, 2003 EESSI open specifications and interoperability The state of the art in Italy Giovanni Manca.

Slides:

Advertisements

Similar presentations

Universal Electronic Signatures Tarvi Martens ESTONIA.

Advertisements

Public Key Infrastructure and Applications

17 March 2010 Workshop on Efficient and Effective eGovernment FASTeTEN : a Flexible Technology in Different European Administrative Contexts

AFACT eCOO WG interim meeting - Conference Call 1st March of 2011 Mahmood Zargar eCOO Experiences and Standards.

Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.

Telia Research AB György Endersz European Electronic Signature Standardisation Initiative EESSI Workshop Barcelona, György Endersz,

Telia Research AB György Endersz European Electronic Signature Standardisation Initiative EESSI Budapest Seminar at the Hungarian Communication.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

S.1 Using a Global Validation Service to Unite Communities Jon Shamah EMEA Head of Sales, BBS eSecurity.

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.

Summary of ETSI/ESI activities Andrea Caccia ETSI/ESI TB member Note: This document expresses only the views of its author.

Jaroslav Pinkava May 2001 Certification Authority in Praxis. Security Aspects. Conference Security and Protection of Information Ing. Jaroslav Pinkava,

Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.

1 Bridge/Gateway CA Project Status Gzim OCAKOGLU European Commission – DG ENTR / IDABC Reykjavik – 27 May 2005.

PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.

M.Sc. Hrvoje Brzica Boris Herceg, MBA Financial Agency – FINA Ph.D. Hrvoje Stancic, assoc. prof. Faculty of Humanities and Social Sciences Long-term Preservation.

Civil Registry Agency of the Ministry of Justice, Georgia Digital Signature Services in Georgia Mikheil Kapanadze.

Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.

Page 1 Issues in and perspectives on electronic authentication of health professionals Pascal POITEVIN Marketing and Communication manager GIP-CPS e-Health.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

EESSI Overview - 1August 2002 EESSI European Electronic Signature Standardisation Initiative Implementing Electronic Signature.

The OpenEvidence Project Peter Sylvester, EdelWeb IETF - N° 57, Wien PKIX working group.

Principles of Information Security, 2nd edition1 Cryptography.

PKI-enabled e-tax in the Netherlands Ir. E.J. Kuiper Ministry of Finance The Netherlands.

Can PKI be made simple enough to be used by non-experts? Signature formats and context Antonio Lioy ( polito.it ) Politecnico di Torino Dip. Automatica.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

David L. Wasley Office of the President University of California Maybe it’s not PKI … Musings on the business case for PKI EDUCAUSEEDUCAUSE PKI Summit.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

CMS Advanced Electronic Signatures (CAdES) Target Category: Informational Intended to update and replace : RFC 3126 IETF Meeting Paris - August 2005 Denis.

Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

The proof of your digital documents. Copyright Lex Persona – All rights reserved 2 Our approach to paper reduction The current approach –The.

IDA Security Experts Workshop Olivier LIBON Vice President – GlobalSign November 2000.

The proof of your digital documents

Chapter 3 Mohammad Fozlul Haque Bhuiyan Assistant Professor CITI Jahangirnagar University.

Exchange of digitally signed SPSCertificate messages Overview of prototype of digital signature applied to SPSCertificate message between national systems.

Vilnius, October 21st, 2002 © eEurope SmartCards Securing a Telework Infrastructure: Smart.IS - Objectives and Deliverables Dr. Lutz Martiny Co-Chairman,

8 Nob 06 / CEN/ISSS ETSI STF 305: Procedures for Handling Advanced Electronic Signatures on Digital Accounting CEN/ISSS Workshop.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Digital Signatures and e-Identity. Getting the best out of DSS / DSS-X services. Andreas Kuehne – DSS-X member.

TNC2004 Rhodes 1 Authentication and access control in Sympa mailing list manager Serge Aumont & Olivier Salaün May 2004.

Digital Signatures A Brief Overview by Tim Sigmon April, 2001.

OpenEvidence and ESS Peter Sylvester, EdelWeb IETF - N° 57, Wien S/MIME working group.

Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March Electronic Signature infrastructure for Europe Riccardo Genghini Cen/Isss.

Integrating security services with the automatic processing of content TERENA 2001 Antalya, May 2001 Francesco Gennai, Marina Buzzi Istituto.

SWEB SWEB Security and Privacy Technologies – Implementation Aspects Venue:SWEB Day in APV, Novi Sad Author(s):Dr. Milan Marković Organisations:MISANU.

Electronic PostMark (EPM) Project Overview May, 2003 Copyright Postal Technology Centre.

EESSI June 2000Slide 1 European Electronic Signature Standardization Hans Nilsson, iD2 Technologies, Sweden.

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 ICT and E-Business Strategies For Development Geneva, October.

PKI Future Directions 29 November 2001 Russ Housley RSA Laboratories CS – Class of 1981.

IDI Conference The digital signature of InfoCamere a practical and effective means for business Turin, 6 th of June Gabriele DA RIN.

Content Introduction History What is Digital Signature Why Digital Signature Basic Requirements How the Technology Works Approaches.

GRID-FR French CA Alice de Bignicourt.

OASIS Juan Carlos Cruellas – UPC Stefan Drees - DSS-X co-chair Nick Pope – Thales eSecurity OASIS Digital Signature Services and ETSI standards Juan Carlos.

The technology behind the USPS EPM. AND COMPLIANCE March 25, 2004 Adam Hoffman.

EJBCA AT THE HEART OF A TRUST CENTER F.Koray ATSAN Trust Center Project manager F.Koray ATSAN Trust Center Project manager

OASIS Digital Signature Services and ETSI standards Juan Carlos Cruellas – UPC Stefan Drees - DSS-X co-chair Nick Pope – Thales.

Electronic mail security

Training for developers of X-Road interfaces

Formats for long term signatures

S/MIME T ANANDHAN.

Digital Signature.

کاربرد گواهی الکترونیکی در سیستمهای کاربردی (امضای دیجیتال)

Draft ETSI TS Annex C Presented by Michał Tabor for PSD2 Workshop

E-Lock ProSigner ProSigner means “Professional Signer” signifying the software that can apply legally enforceable Advanced electronic signatures to electronic.

Session 1.6a: PRESENTATION

Module 4 System and Application Security

Presentation transcript:

European Signatures versus Global SignaturesRome, 7 April, 2003 EESSI open specifications and interoperability The state of the art in Italy Giovanni Manca Authority for Information Technology in the public administration

European Signatures versus Global SignaturesRome, 7 April, 2003 Digital signature in Italy Why “Interoperability” ? The problems The solutions The future perspective AGENDA

European Signatures versus Global SignaturesRome, 7 April, accredited certificate service providers About qualified certificates About qualified certificates in public administration About non qualified certificates for tax filing and ID cards (5.2 signatures) Digital Signature in Italy

European Signatures versus Global SignaturesRome, 7 April, 2003 The Directive : “...the interoperability of electronic- signatures products should be promoted...” (whereas 5) Interoperability is prerequisite for electronic documents exchange Interoperability in PKI can be achieved  using standards (e.g.: EESSI deliverables)  using specific technical agreements Why “interoperability” ?

European Signatures versus Global SignaturesRome, 7 April, 2003 A signer “subscribes” an object (an electronic document, data in a transaction, a web form, an e- mail message, etc.) A verifier checks the signature in order to ascertain:  who signed  which is the legal effectiveness of the signature (e.g: 5.1 or 5.2)  which are the signature limitations  the signed data integrity and origin What is interoperability - 1

European Signatures versus Global SignaturesRome, 7 April, 2003 A signer might use a SSCD on different clients The signature software can be :  an client  a web browser  a generic software application What is interoperability - 2

European Signatures versus Global SignaturesRome, 7 April, 2003 Documents encoding (DER, B64, XML, etc.) Certificate extensions Enveloping (PKCS#7, S/MIME, ISO , XMLDSIG, XAdES, “Adobe signatures”, etc.) Use of CRL (e.g.: Crl Distribution Point format) messages signatures (constraints on the e- mail environment) The problems - 1

European Signatures versus Global SignaturesRome, 7 April, 2003 Understanding of time stamping (RFC 3161 ?) Definition of the character encoding (codepage) Identify qualified certificates limitations (attributes) Portability of smart cards (e.g. APDU) The problems - 2

European Signatures versus Global SignaturesRome, 7 April, 2003 PKCS#7 Signed Data PKCS#7 Data MIME

European Signatures versus Global SignaturesRome, 7 April, 2003 Encoding agreements (e.g. DER) Harmonized certificate profile (highlighted by TR ) Choice of envelope (e.g. PKCS#7) Test bed for CRL or OCSP. CRLs are critical and this is one of the most important interoperability problems. The solutions - 1

European Signatures versus Global SignaturesRome, 7 April, 2003 EESSI deliverables: - ETSI TS (Qualified certificate profile) - ETSI TS (Time stamping profile) - ETSI TS (Electronic signature formats) - ETSI TS (XML Advanced electronic signatures) RFCs (e.g. 3280, 3369, 3370) ISO (e.g , ) The solutions - 2

European Signatures versus Global SignaturesRome, 7 April, 2003 A minimum profile for signed documents A common set of APDU in smart cards (e.g. : Italian memorandum of understandment with smart card manifacturers) A test bed (official or not official) for the exchange of the signed documents The solutions - 3

European Signatures versus Global SignaturesRome, 7 April, 2003 IDA CA-Bridge is useful for adding trust to inter- government applications (doesn’t solve interoperability) Interoperability rules are mandatory for the market and especially for manufacturers E-Europe projects harmonisation Strong and well defined legal environment The future of interoperability

European Signatures versus Global SignaturesRome, 7 April, 2003 Envelope profile, data and CRL DP format Certificate profile - formats Certificate profile - semantics Signatures format (e.g.:XMLDSIG, etc.) Authentication methods (e.g.: biometrics, etc.) Suggested priorities

European Signatures versus Global SignaturesRome, 7 April, 2003 Thanks for your attention