Electronic PostMark (EPM) Project Overview May, 2003 Copyright - 2003 - Postal Technology Centre.

Slides:



Advertisements
Similar presentations
HCQ P MEDICARES HEALTH CARE QUALITY IMPROVEMENT PROGRAM QualityNet Exchange Dennis Stricker Director, Information Systems Group Office of Clinical Standards.
Advertisements

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Digital Signatures in State of Tennessee Pam Roberts Finance & Administration Office for Information Resources Planning, Research & Development.
Education applications and the FAST project. Jonathan Gay Co-ordinator for Sheffield.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.
Week 6 Lecture Part 2 Databases in Electronic Commerce Samuel Conn, Asst. Professor.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
August 2004 Providing Industry-wide Security and Identity Management Solutions.
Chapter 13 Paying Via The Net. Agenda Digital Payment Requirements Fraud Detection Online Payment Methods Online Payment Types The Future Payment.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
Encryption and the Law: The need for a legal regulatory framework for PKI Yee Fen Lim Department of Law Macquarie University.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Assuring e-Trust always 1 Guaranteeing Electronic Trust at all times.
Trusted Electronic Transactions.  Why conduct transactions electronically?  Three Characteristics that ensure trust in electronic transactions  How.
E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
In the CA I trust. A look at Certification Authorities James E. Shearer CSEP 590 March 8 th 2006.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy.
The proof of your digital documents. Copyright Lex Persona – All rights reserved 2 Our approach to paper reduction The current approach –The.
Digital Signature Technologies & Applications Ed Jensen Fall 2013.
The 4BF The Four Bridges Forum The SAFE-BioPharma Digital Identity and Signature Standard.
Web Application Authentication with PKI & Other Functions Bill Weems & Mark B. Jones Academic Technology University of Texas Health Science Center at Houston.
Mobile Identity and Mobile Authentication (mobile e-signature) Valdis Janovs Sales Director Lattelecom Technology SIA.
Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.
Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL 1 DATE HERE Julie Grace - NetDox, Inc. Emerging Internet Commerce.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
1 International Forum on Trade Facilitation May 2003 Trade Facilitation, Security Concerns and the Postal Industry Thomas E. Leavey Director General, UPU.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
Internet Security for Small & Medium Business Week 6
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Registration Processing for the Wireless Internet Ian Gordon Director, Market Development Entrust Technologies.
Payment Gateways for e-Government services 24 May 2007
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Electronic Commerce Jeff Campbell, Piyanuch Chuasiripattana, Travis Flood, Matthew Janocko, Kent Woodburn Research on Electronic Commerce.
U.S. General Services Administration Federal Technology Service November 9, 1999 Judith Spencer Director, Center for Governmentwide Security Office of.
Risks of data manipulation and theft Gateway Average route travelled by an sent via the Internet from A to B Washington DC A's provider Paris A.
1 June Richard Guida Stephanie Evans Johnson & Johnson Director, WWIS WWIS SAFE Infrastructure Overview.
Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.
PKI Forum Business Panel March 6, 2000 Dr. Ray Wagner Sr. Director, Technology Research.
Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.
1 UNECE Capacity Building Workshop on Trade Facilitation Implementation: October 2004 Electronic PostMark (EPM) Security & Authentication for eTrade Documents.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.
SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.
Security in ebXML Messaging CPP/CPA Elements. Elements of Security P rivacy –Protect against information being disclosed or revealed to any entity not.
Identity Proofing, Signatures, & Encryption in Direct esMD Author of Record Workgroup John Hall Coordinator, Direct Project June 13, 2012.
DIGITAL SIGNATURE.
Belgian EID Card 15/12/2004 Derette Willy eID program manager.
Copyright © 2003 Jorgen Thelin / Cape Clear Software 1 A Web Services Security Framework Jorgen Thelin Chief Scientist Cape Clear Software Inc.
© UPU 2010 – All rights reserved International e-services Farah Abdallah E-Postal Services Programme UPU.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
1 X.509-style PKI Revolves around the distribution and management of digital identity certificates Invented in 1978 to facilitate message encryption In.
Using Public Key Cryptography Key management and public key infrastructures.
Supports the development & implementation of a IPPC Global ePhyto Hub to: Utilize modern Cloud technology. Ensure there is a secure folder for each countries’
March 04 Slide 1 E-cert Overview T e P o u O r a n g a K a i O A o t e a r o a © Electronic Health Certification of New Zealand Agricultural Products.
General Principles for Phyto Ecert (day 1) Peter Johnston Plant Exports.
The technology behind the USPS EPM. AND COMPLIANCE March 25, 2004 Adam Hoffman.
- POSITIONING PAPER IN DIGITAL WORLD -
Security in ebXML Messaging
E-Lock ProSigner ProSigner means “Professional Signer” signifying the software that can apply legally enforceable Advanced electronic signatures to electronic.
RSA Digital Certificate Solutions RSA Solutions for PKI David Mateju RSA Sales Consultant
Presentation transcript:

Electronic PostMark (EPM) Project Overview May, 2003 Copyright Postal Technology Centre

Posts Facilitating Global Commerce If trust and digital evidentiary services are global, the opportunities for organizations to become more efficient suddenly become possible Ultimately, as organizations become more efficient, whole economies improve Without these services, identity fraud, credit card theft and the cost of processing paper trails will only get worse

Unique Selling Proposition For large organizations that need to automate business processes and transactions, EPM/ID is a Suite of Services that provides a trusted digital equivalent to paper-based signed documents. The EPM/ID solution is a lower cost, shared Identity/Event/Non-Repudiation service that is overseen by trusted international regulated authorities – The Posts.

Key Benefits Entrust electronic data to Posts to: –Reduce information security risks –Accelerate customer adoption of lower cost online transactions –Eliminate costly “last mile” paper trails in mission-critical internal processes

Identity Management To protect an individual’s identity and privacy by providing a trusted electronic credential through the provision of affordable, strongly authenticated, high volume, in person proofed X.509 based digital certificates To federate (bind together) trust between all UPU countries to service general use of certificates (eg. Ensure a document can be trusted when signed by 3 different persons in 3 different countries) To enable applications to interface with and use Identity Management services in a consistent way – for example: standard XML schema and interfaces

Electronic PostMark (EPM)  Fundamentally a non-repudiation service supporting  Digital signature verification  Timestamping of successfully verified signatures  Standalone timestamping  Validation of certificate trust chains  Storage and archival of all non-repudiation evidence data required to support subsequent challenges  Legislative protection (ie. as for physical mail) –Internationally recognized neutral Postal 3 rd party evidence recording, storage and maintenance for non-repudiation (eg. Notary)

Electronic PostMark (EPM) What document was signed When the document was signed Who signed the document Why the document was Signed  E-Sign legislation compliant declaration of intent”  I am signing this document because (pick one): –I Agree with the terms of the document –I Disagree with the terms of the documents –I am the Author of the documents –I am a Reviewer of the document…

Applications and their Effect on the EPM  Web-Form signing  Document signing  Secure Document Delivery  Inter-personal messaging  Embedded Custom Application

Market Segments/Applications overlay EPM Registration Identity Mgmt IPP Digital Signature Services Trust Services Layer Secure Document Delivery Interpersonal Messaging Web-Form Signing Embedded Applications Application Streams Market Segments Examples Non Repudiation Services Transaction Confidentiality Privacy Consent Mgmt Authentication Services Shop floor Activity mgnt Legal Transportation Manufacturing Tax Forms UneDocs Pharmaceutical Government Drug testing Trade Health Care Medical Records Money Orders Posts Document Signing Real Estate Contracts Finance Trade conf. Brokerage Ins. Claims Etc.

A formal UPU international standard for the EPM Interface has now been published (Status 0) and currently being tested for use with (MS Word, Sun StarOffice, Canada’s eGovernment applications) A standard XML interface is required to call the EPM service from an application –MS Word –Adobe Acrobat –Sun StarOffice –web forms –UNeDocs –etc. Web Service Definition Language (WSDL) Standard XML Interface

Customer Applications UNeDocs International Trade is valued at $5500 billion USD Paper based trade documentation usually is estimated to cost between 5% to 10% of the value of the traded goods

Demo

Steve Gray May 15, 2003:08:00:00 EPM Steve Gray May 15, 2003:08:00:00 EPM

Electronic PostMark Verify Electronic PostMark Steve Gray May 15, 2003:08:00:00 EPM Steve Gray May 15, 2003:08:00:00 EPM

Value Propositions Service basics Every day Services Transparency, (Physical –-> Digital) Low cost, transaction-based Pre-requisites for success In-person proofing Global policies PC software ubiquity

Application EPM CA Desktop Interaction CA1 EPM Server EPM Server EPM-enabled Application EPM-enabled Application  Can support multiple CAs where Post is RA only  CRLs published periodically  every 12 or 24 hours  CRL entries loaded into EPM’s OCSP  signatures and certificates verified by EPM without CA involvement  little communications traffic  initial user enrollment and certificate issuance  yearly renewals Document Signing  interaction at the document level  sign document on the desktop  call EPM Server for Signature Verification  interactions occurs at origin and at destination  TimeStamps applied  heavy interaction between desktop(s) and EPM Web Form Signing  interaction at the transaction level  sign HTML form from the browser  HTTP POST to application  Application formats request for EPM  Interaction takes place between Web Application and the EPM  heavy interaction between browser and EPM CA2 CA3 Evidence Database EPM Infrastructure Recipient Verification