Presentation is loading. Please wait.

Presentation is loading. Please wait.

Universal Electronic Signatures Tarvi Martens ESTONIA.

Similar presentations

Presentation on theme: "Universal Electronic Signatures Tarvi Martens ESTONIA."— Presentation transcript:

1 Universal Electronic Signatures Tarvi Martens ESTONIA

2 What if you receive digitally signed document tomorrow? Probably you should accept and handle it !!!

3 Rationale Existing EU Directive does not provide for solid grounds for unified electronic signature deployment in Europe CEN CWA-s and ETSI standards allow for myriad of options UES: Attempt to achieve electronic signature deployment and interoperability from the Best Practice experiences

4 What is UES ? UES stands for Universal Electronic Signature UES is a concept of electronic signature with aim to universally replace handwritten signature UES is going beyond AES (Advanced Electronic Signature as of EU Directive) UES is designed for international interoperability

5 UES provides for… UES = Advanced Electronic Signature based on Qualified Certificates PLUS: electronically signed documents are equivalent to handwritten ones by legal evidence value usage domain and signatory role are not restricted signatory is uniquely identified as a physical person there are means to identify signing time of the electronic document electronically signed documents are maintaining their long-term validity UES are international

6 UES implementation UES implementation requires these components to be adjusted to UES principles: Legislation CA delivering certificates on SSCD Validation services (real-time OCSP) Deployed end-user tools Inter-PKI cooperation

7 UES actors: CA Certification Authority Produces qualified certificates on SSCD to uniquely identifiable physical persons Provides up-to-date certificate validity information to Validation Authority Generates, exchanges and maintains Trust-service Status Lists (TSL) CA details Valid CA and OCSP certificates History of validity XML-profile of ETSI TS 102 231

8 UES Actors: VA Validation Authority Issues validity confirmations using OSCP protocol (RFC 2650) Operates in real-time: acquires validity information from CA-s database Provides precise time information in responses (time-stamping) Logs and archives issued confirmations to provide for long-term validity

9 VA as an e-notary OCSP When I saw this signed document, corresponding certificate was valid CA DB I just signed the document using this certificate (Doc,Cert,time)ok Doc,Cert Secure log

10 UES Actors: Signer and Verifier Signer Generates electronically signed documents using certificate and validity confirmation Verifier Verifies electronic signatures using (cached) TSL Sharing common document format Profile of ETSI TS 101 903 aka XAdES - OpenXAdES

11 UES architecture (1) CA VA Signer Verifier Cert OCSP TSLDoc PKI 2 CA VA Signer Verifier Cert OCSP TSLDoc PKI 1

12 UES architecture (2) CA VA Signer Verifier Cert OCSP TSL Doc PKI 2 CA VA Signer Verifier Cert OCSP TSL Doc PKI 1

13 Trust model Bilateral trust model Every party has a freedom to choose trusted parties CA communicates trust through TSL-s CA 1CA 2 CA 3CA 4

14 UES Organization Currently: Memorandum of Understanding Agreeing with UES principles and model Three initial partners Estonia Belgium Finland Represented typically by Population Registries (CA-s) and incorporating partner companies More formal structure (separate organization – UES Initiative) is considered

15 UES activities General coordination Promotion, info sharing Liaisons with std. bodies Sharing enabling technology TSL distribution Joint work on different aspects: Legal issues CA service provision VA service provision Document format, interop testing

16 UES deployment Sign the MoU Allocate resources for the co-operation effort Start issuing qualified certificates The hardest part – we assume you do it already Set up your OCSP Almost any commercial OCSP Responder will do Start exchanging TSL-s To be developed Distribute and localize end-user apps

17 What is OpenXAdES ? OpenXAdES is a profile of ETSI TS 101 903 aka XAdES OpenXAdES specifications and implementations (C, Java) are available at OpenXAdES is a community driven free software development project OpenXAdES profile specification development is coordinated by CC (and by UES organization in the future)

18 What is DigiDoc ? DigiDoc is a set of software applications based on OpenXAdES spec/library Applications include: DigiDoc client DigiDoc portal DigiDoc webservice (SOAP) Client tested with Estonian, Finnish and Belgium ID-cards Multilingual version available now

19 Digital Signature in Estonia Available for 1.5 years 500 000 potential users 200 000 signatures Client distributed with ID-card starter kit Technology integrated in all major document handling systems and Internet banks Innumerable list of uses DigiDoc library (Win32/Unix) CSP OCSP XML ID card

20 Additional Information ID-card issuinghttp://www.pass.ee PKI & CA ID-card practices Digital signature Contact point: Porvoo V: May 2004 Tallinn, Estonia

Download ppt "Universal Electronic Signatures Tarvi Martens ESTONIA."

Similar presentations

Ads by Google