TeleTrusT - Competence Association for Applied Cryptography and Biometrics Arno Fiedler (Nimbus Network) TeleTrusT Deutschland e. V.

Slides:

Advertisements

Similar presentations

Universal Electronic Signatures Tarvi Martens ESTONIA.

Advertisements

Chapter 14 Intranets & Extranets. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Introduction Technical Infrastructure Planning an Intranet.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.

Public Key Infrastructure and Applications

OGSA Security Profile 2.0 (a.k.a. Express Authentication Profile) DUANE MERRILL October 18, 2007.

1 Why ETSI is the place to bridge EU and LA initiatives on e-administration Francisco Da Silva Chairman of the Kick Off Meeting Sophia Antipolis,

© Copyright International Telecommunication Union (ITU). All Rights Reserved page - 1 Alexander NTOKO Project Manager, ITU Electronic Commerce.

Fraunhofer Institute Secure Telecooperation Areas of Work.

17 March 2010 Workshop on Efficient and Effective eGovernment FASTeTEN : a Flexible Technology in Different European Administrative Contexts

A global Service layer platform for M2M communications

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May , 2000, Paris, Folie 1/18Klaus J. Keus, BSI Electronic Signatures in Germany,

Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.

Electronic commerce EDI (8 decade) – base of EC – “Netscape” – propose SSL (Secure Sockets Layer) 1995 – “Amazon.com” “eBay.com” 1998 – DSL (Digital.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Cryptography and Network Security

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.

Host of the 13 th ECRF Annual Conference - Budapest 2010.

PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

The Estonian Electronic Signature Legislation and case studies EESSI Seminar Budapest, Taavi Valdlo Estonian Informatics Centre

European Signatures versus Global SignaturesRome, 7 April, 2003 EESSI open specifications and interoperability The state of the art in Italy Giovanni Manca.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.

JVM Tehnologic Company profile & core business Founded: February 1992; –Core business: design and implementation of large software applications mainly.

Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Internet Security for Small & Medium Business Week 6

1 How to overcome Isolated PKI Approaches PKI Forum Munich June 2001 Hubertus SOQUAT German Federal Ministry of Economics and Technology.

IT in the Swedish public sector Britta Johansson

Digital Signatures and e-Identity. Getting the best out of DSS / DSS-X services. Andreas Kuehne – DSS-X member.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

DINI „Electronic Publishing Group“ DINI – Certificate Document and Publication Repositories “Electronic Publishing Group“

Java Security Pingping Ma Nov 2 nd, Overview Platform Security Cryptography Authentication and Access Control Public Key Infrastructure (PKI)

Logo Add Your Company Slogan China Financial Certification Authority Third-party certification authority Team 13 ：吉露露、吴莹莹、潘韦韦（ CFCA ）

Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

Risks of data manipulation and theft Gateway Average route travelled by an sent via the Internet from A to B Washington DC A's provider Paris A.

Digital Signatures A Brief Overview by Tim Sigmon April, 2001.

Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.

1 DCS 835 – Computer Networking and the Internet Digital Certificate and SSL (rev ) Team 1 Rasal Mowla (project leader) Alvaro Restrepo, Carlos.

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian

Higher Education PKI Summit Meeting August 8, 2001 The ABA PAG Rodney J. Petersen, J.D. Director, Policy and Planning Office of Information Technology.

Bridge-CA Initiative, 06/19/01, Seite 1 PKI Forum Holger Reif, TeleTrusT eV David Barcklow, Deutsche Bank AG.

ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) TRUST

On Requirements for Mobile Commerce By Aj.Pongthep Termsnguanwong.

PKI Future Directions 29 November 2001 Russ Housley RSA Laboratories CS – Class of 1981.

TeleTrusT PKI WG Information and Activities PKI-Forum, 19-Jun-2001 Fritz Bauspiess Secorvo Security Consulting GmbH Albert-Nestler-Straße.

1 Public Key Infrastructure Rocky K. C. Chang 6 March 2007.

Identity and Access Management

Secure Connected Infrastructure

Training for developers of X-Road interfaces

TeleTrusT Initiatives for PKI Solutions

SWIM Common PKI and policies & procedures for establishing a Trust Framework Kick-off meeting Patrick MANA Project lead 29 November.

Public Key Infrastructure (PKI)

S/MIME T ANANDHAN.

Public Key Infrastructure from the Most Trusted Name in e-Security

Dashboard eHealth services: actual mockup

Presentation transcript:

TeleTrusT - Competence Association for Applied Cryptography and Biometrics Arno Fiedler (Nimbus Network) TeleTrusT Deutschland e. V. PKI-Forum, Amsterdam, 20 June 2002

Short Presentation for Project: Unified ISIS-MTT-Specifications for Interoperability and Test Systems

TeleTrusT - General Promoting the trustworthiness of information and communication technology Applied Cryptography & Biometrics founded in members: major user sectors, research organisations, developers and manufacturers of security products, government agencies, and test institutes. non-profit, political independent

ISIS-MTT – The Foundation European Bridge-CA ISIS-MTT Common ISIS-MTT Specification for Interoperability and Test Systems E-Business Authentifizierung von Usern und Servern Vertrauliche Kommunikation (SSL) Dateiverschlüsselung Verschlüsselte (S/MIME) Datenauthentizität und -integrität (elektron. Singatur) Zeitstempeldienst VPN Single Sign On weitere PKI-Dienste

TeleTrusT: Working Groups Interoperability, Standards, Appropriate Security Legal aspects of the liability of communications (WG1) Security architecture / IC-Card security (WG2) Applications in health services (WG3) Open e-commerce security (WG4) Promotions (WG5) Biometrics identification (WG6) Public key infrastructure (WG7) MailTrusT (WG8) Chipcard-terminals (Project, MKT, UCTS)

Primary Tasks of TeleTrusT Influence German and European IT-security policy and national legislation. Lobby bills on IT- security. Endorse the establishment of comprehensive standards ensuring interoperability among suppliers [e.g. standards for PKI applications (ISIS-MTT), Bridge-CA]. Promote innovative technologies (e.g. biometric techniques)

TeleTrusT Project - BioTrusT Project started in 1999 and finished in March Internationally unique project. Over 30 partners from Germany, Austria, Sweden, Israel and the US tested multiple biometric systems. The project was accompanied by research institutes, consumer advocats and privacy officer. First implemetation of the BioAPI standard.

European Bridge-CA Initiated in 2000 and put into action in 2001 Unique public-private partnership...to create a bridge of trust between different PKIs world-wide...to enable secure electronic communication between organizations (corporations and administrations)...to establish a mutual basis for the use of digital signatures in processes and applications...to set standards for inter-organizational electronic communication Applied principles: practicality, flexibility, interoperability, safeguarding of investments

Bridge-CA: participating & interested parties BMW Deutsche Telekom Deutsche Bank Sparkassen Informations Zentrum Bundesamt für Sicherheit in der Informationstechnik DaimlerChrysler Siemens Giesecke & Devrient TC TrustCenter Dresdner Bank Émagine Arthur Andersen SAP D-Trust Utimaco Secude

TeleTrusT Project - ISIS-MTT Common ISIS-MTT Specification for Interoperability and Test Systems Joint project of more than 40 leading companies and organizations to create a widely accepted synthesis of existing international standards for electronic signatures, encryption and authentication. The aim is to ensure the unrestricted interoperability between applications including those with different security requirements.

Objectives of the project: Synthesis of already available specifications towards a unified and open standard. This standard should take into account the current technical and legal requirements and should receive active support by the market players. Development of a test specification and a test bench, which allows the applications developers to prove their ISIS-MTT-interoperability Investment protection for users because of exchange- ability of single components.

Involved partner organizations: T7 e. V. i. G. (direct) (ISIS-Spec.) interest group of leading (german) providers of certification services. TeleTrusT e. V. (direct) (MailTrusT-Spec.) competence association of major companies and organizations concerned with trusted digital communication. Additional Bodies comprise (selection): AG INDI (indirect) Bundesverband Deutscher Banken (indirect) (indirect) Arbeitsgemeinschaft Karten im Gesundheitswesen (indirect)

ISIS-MTT document structure: Part 1: Certificate and CRL Profiles, Part 2: PKI Management, Part 3: Message Formats, Part 4: Operational Protocols, Part 5: Certificate Path Validation, Part 6: Cryptographic Algorithms, Part 7: Cryptographic Token Interface, Profile: SigG-conforming Systems and Applications and Profile: Optional Enhancements to the SigG-Profile. CORE-SPECCORE-SPEC OPTIONALOPTIONAL

#ObjectContent of the ISIS-MTT-Core-Profile 1Certificate ProfileStandard X.509 V3; Qualified Certs According ETSI QCP (RFC 3039 ) Attributes allowed in Key Certificates 1.3Attribut CertificateStandard X.509 V2 1.4CRLStandard CRL (including Delta CRL) 2PKI ManagementSimple PKI-Management as in CMC 3S/MIMESubset of S/MIME for mail 4.2LDAPStandard LDAP V.3, no restrictions to DIT 4.3OCSPStandard OCSP Optional extension for positive statement 4.4TSPStandard TSP, no profiling yet 5Certificate Path Validation Standard PKIX procedures 6Algorithms etclook to: 7PKCS#11 Profile ISIS-MTT- behind the cover

CASCAS EMPFÄNGEREMPFÄNGER CAXCAX SENDERSENDER ISIS-MTT and the Infrastructure:

Actions planned for 2002 Development of a usable test bench for realistic test of applications and services. Awarding of a Quality Seal for applications with proven interoperability. Further development of ISIS-MTT specification. Further contribution from the specification to the international standardization. Strengthening of public relations and project management. Development of a XML-Profile.

Benefits of the project Interoperability at application level increases acceptance of signature, encryption and authentication products in E-government and E- commerce. Interoperability is an investment incentive for applications developers and ensures portability of applications. Interoperability provides choices of services and products for the users and could possibly save costs (e.g.

Core theses for ISIS-MTT: ISIS-MTT is a free-of-charge offering to PKI integration to all applications developers. ISIS-MTT is internationally aligned, existing standards are used an extended ISIS-MTT defines a complete security architecture: encryption, authentication and signing. ISIS-MTT provides for different security levels; legal binding according to German signature law is just an option. ISIS-MTT interoperability criteria are publicly defined and provable through a test bench.

Besonderheiten im SigG-Profile Verifikation nach dem Kettenmodell –nicht konform zu PKIX und EESSI –z.Zt. Prüfung auf SigG-Konformität des Schalenmodells OCSP-Positivauskünfte im Kontext SigG –erzwungen durch Anforderungen des deutschen Gesetzgebers (SigG §15) Proprietäre Inhalte in optional Enhancements SigG –RetrieveIfAllowed, CertInDirSince, DateOfCertGen

CUT EE Component CUT CA Component Tester Web-Browser Web-Server LDAP-Server Mail-Server http Test Tools pop3 ldap smtp LDAP-Client ldap smtp CGI-Skripts ocsp http ocsp File Transfer File Transfer File Transfer Web-ClientDNS-Server dns Test Data Testbed Prototype Platform

ISIS-MTT-Serviceprovider: DATEV e. G.D-TRUST GmbH ITSGDeutsche Telekom AG Telesec TC TrustcenterCCI Sema Group Fraunhofer IBTAddtrust AB Medizon AGWV Deutscher Apotheker

ISIS-MTT-Application-Provider: Applied Security GmbHBGS Systemplanung GmbH Curiavant GmbHCV Cryptovision GmbH DATEV e. G.DE-CODA GmbH Microsoft Inc.Secartis GmbH Secrypt GmbHSECUDE GmbH Signcard GmbHTÜV Süddeutschland Utimaco AGFaktum GmbH

ISIS-MTT-actual and potential user: Deutsche Bank AGDresdner Bank AG Daimler-ChryslerBSI Kassenärztliche BVSiemens AG SiemensBMW Sparkassen InformatikBank 24 Cable & WirelessSAP Giesecke & DevrientAthur Andersen

ISIS-MTT-Lessons learned: Don´t discuss the legal aspects too much, you can´t find a 100 percent solution! (not even 80 %) To get a committment for a profile like ISIS-MTT is hard work, lobbying doesn´t work via . Try to understand the needs of the different markets, but take care about specific requirements which are propriatory. Keep the project interesting, the work is never done. (Testbench, XML....

Contacts for the project TeleTrusT: Mr. Prof. Helmut Reimer, TeleTrusT e.V. Mr. Schneider und Herr Giessler (Editor), Fraunhofer SIT Mr. Bauspiess, Secorvo T7 e. V. i. G.: Mr. Bernd Kowalski, DT AG, telesec; Mr. Lindemann, TC Trustcenter Mr. Pfeuffer, Datev Mr. Horvath (Editor), Secunet Ms. Ulrike Korte, Sparkassen Informatik Kooperation Project management and public relations: Mr. Fiedler, Nimbus Network;