Presentation is loading. Please wait.

Presentation is loading. Please wait.

EID in EMEA & QuEST Ronny Bjones Security Program Manager Microsoft EMEA.

Published byClifford Hines Modified over 9 years ago

Similar presentations

Presentation on theme: "EID in EMEA & QuEST Ronny Bjones Security Program Manager Microsoft EMEA."— Presentation transcript:

1 eID in EMEA & QuEST Ronny Bjones Security Program Manager Microsoft EMEA

2 Agenda What is happening in Europe Our technology support QuESTConclusions

3 What is driving national smart card projects in Europe? eGovernment - eID Identification of citizens on the portals & counters Austria 60k cards issued to students Scholarships, Tuition fees Italy 1.5M cards produced, 600k distributed, another 2M in production Registration & tax services, e-signing of documents, etc. Estonia 500K cards distributed (50% penetration) Tax services, e-ticketing, etc.

4 What is driving national smart card projects in Europe? Social security Use of smart cards to protect privacy sensitive data Belgium SIS card issued to all citizens Doctors, Pharmacia Norway National office for social assurance All doctors, hospitals PKI-based card, set of projects to simplify social security reporting

5 Norway Public Health cards containing certificates Professional Health cards containing certificates Internet Services - TTP - Payment - Time stamp DC (AD,DCHCP) IAS (Radius) Offline Root CA Enterprise CA Citrix ticket server Citrix farm Application&DBase Secure gateway Municipality : Heath care in institutions and private homes. National databases&services Population database Personal ID number National health security National db on use of drugs Regional health care institutions EPJPACS Offline Root CA Enterprise CA IAS DC Encrypted My health folder Right Mngmnt Server HR Slide with the curtousy of ERGO

6 Impact of the EC Directives EC Directive on Electronic Signatures (1999) Legal framework for electronic signatures Adopted in all EU member states (25) + EEA (3) + Candidates (2) + MEA (2+) EC Directive on e-Invoicing (2001) Acceptance of electronic invoices Security based on AES or Secure EDI Important for the development of the supporting national PKI infrastructures EC Directive on e-Procurement (in development)

7 More numbers Country Qualified Certificates Other Certificates EID Spain2.000.0001.500.000Yes Italy1.000.000250.000Yes Estonia200.000Yes Norway60.000Yes Austria10.000Yes Source: EC DG Information Society 2003

8 Typical Scenarios Secure eGovernment, eBanking, eBusiness requires security services Authentication Data Confidentiality Data Integrity Non-repudiation How are these services facilitated by eID?

9 Authentication Verify the identity of citizens by means of eID TCOS of Identity management is high Organisations can rely on the work done by the governments and enrol users over the Internet

10 Confidentiality Basic algorithms to encrypt information are foreseen in most eID projects Belgian eID does not foresee a certificate for encryption

11 Integrity & Non-repudiation How can we be sure that the data was not altered? How can we have proof in a case of law that a certain individual did this transaction? Typically done by Electronic Signatures which are supported by most eID projects Signing of forms, electronic documents

12 Agenda What is happening in Europe Our technology support QuESTConclusions

13 Microsoft Smart Card Support Windows Logon Standard support for smart cards GINA Custom models Full integration with AD Terminal Server (W2K3) Applications can interface smart cards through CryptoAPI/CAPICOM.Net Framework

14 Microsoft Smart Card Support For vendors PC/SC Plug into CryptoAPI (custom CSP) New smart card base CSP

15 Smart card enabled technologies SSL – Internet Explorer Secure email (S/MIME) – Outlook (Express) VPN – W2K, XP, W2K3 Secure form – InfoPath Document signing (Word, Excel, Powerpoint) Windows Right Management – W2K3 Any third party CryptoAPI-enabled application

16 Agenda What is happening in Europe Our technology support QuESTConclusions

17 QuEST Qualified Electronic Signatures Tutorial Demystify Qualified Electronic signatures Best practice/guidance for designing a Qualified Electronic signature solution

18 Why did we develop QuEST? Demystify the subject General perception: Very complex subject Multidisciplinary: Legal, Technology, Policy A lot of customers will get QES as a requirement in the years to come How to build a QES solution?

19 Approach Provide guidance for customers Project Managers & Architects Design a knowledge base – Blueprints Legal, Technology, Policy Knowledge base for different audiences Project Team Guide Which questions should be answered by a project team to design a QES solution Design process Scenario – Contoso Lottery Based on Norwegian Lottery Show how a QES solution can be implemented on our platform

20 QuEST Background EC Directive on Electronic Signatures 1999 Mandates member states to change their laws Electronic Signatures can be equivalent to handwritten signatures If they are performed under certain conditions European Electronic Signature Standardization Initiative (EESSI) ETSI – CEN standards Other standards

21 EESSI Standards Overview Signature creation process and environment (A III) CWA 14170 Signature validation process & environment (A IV) CWA 14171 Signature format & syntax (Advanced ES) ETSI TS 101733 ETSI TS 101903 (XAdES) Creation device (A III) CWA 14169 Requirements for CSPs (A II) ETSI TS 101456 Trustworthy system (A II.f) CWA 14167-1 CWA 14167-2 Certification Service Provider User/signer Relying party/ verifier CEN E-SIGN ETSI ESI Qualified certificate -A I ETSI 101 862 Time Stamp ETSI TS 101861

22 Electronic Signatures all kinds of substitutes for penned signatures Advance Electronic Signatures security technology based on PKI Qualified Electronic Signatures Advanced Electronic Signature Qualified Certificate Secure Signature Creation Device EC Directive on Electronic Signatures

23 Building a QES Solution Mandatory Requirements Relate to Directive on Electronic Signatures Compliance Additional Requirements Risk management Added-value elements before court

24 Mandatory Requirements Impact of Directive An independent arbiter (Judge/Notary) should follow harmonised criteria to decide whether a signature was valid at a certain moment of time Legal requirements Advanced Electronic Signature (AdES) Qualified Certificate (QC) Secure Signature Creation Device (SSCD) EC Directive on Electronic Signatures

25 Additional Requirements Validation by an independent arbiter How can we facilitate that an independent arbiter can still validate a signature in a period n years? Electronic Signature Format How can we reduce the risk that somebody can easily repudiate the signature? Risk management Standards and technology introduced to increase the overall security of a QES solution.

26 XAdES XML Advanced Electronic Signatures ETSI standard for XML Signatures TS 101 903 Based on W3C XML Signatures W3C adopted XAdES Include signature qualifying properties TS 101 733 Formats for advanced electronic signatures valid over a long period of time Aimed at convincing an independent arbiter of the validity of a signature

27 Conclusion eID is happening all over Europe and will become more and more a requirement in projects We have a lot of technology available that allows you to use eID or to develop eID based applications Download our QuEST guide and get guidance on how to enable signature scenarios in your apps based on eID

28 Resources Register for QuEST ronnybj@microsoft.com Subject: Register QuEST ronnybj@microsoft.com EC Report http://europa.eu.int/information_society/eeurope /2005/all_about/security/electronic_sig_report.p df http://europa.eu.int/information_society/eeurope /2005/all_about/security/electronic_sig_report.p df http://europa.eu.int/information_society/eeurope /2005/all_about/security/electronic_sig_report.p df Microsoft developers info http://msdn.microsoft.com/security/ http://msdn.microsoft.com/security/ Microsoft Smart Card Base CSP http://msdn.microsoft.com/library/default.asp?url =/library/en- us/security/security/microsoft_smart_card_base_ cryptographic_provider.asp http://msdn.microsoft.com/library/default.asp?url =/library/en- us/security/security/microsoft_smart_card_base_ cryptographic_provider.asp http://msdn.microsoft.com/library/default.asp?url =/library/en- us/security/security/microsoft_smart_card_base_ cryptographic_provider.asp

29 © 2003 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Download ppt "EID in EMEA & QuEST Ronny Bjones Security Program Manager Microsoft EMEA."

Similar presentations

Universal Electronic Signatures Tarvi Martens ESTONIA.

Universal Electronic Signatures Tarvi Martens ESTONIA.
1 Proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market (COM(2012 238 final) {SWD(2012)

1 Proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market (COM( final) {SWD(2012)
Practical Digital Signature Issues. Paving the way and new opportunities. www.oasis-open.org Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.

Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Telia Research AB György Endersz 2000-09-26 1 European Electronic Signature Standardisation Initiative EESSI Workshop Barcelona, 2000-09-26 György Endersz,

Telia Research AB György Endersz European Electronic Signature Standardisation Initiative EESSI Workshop Barcelona, György Endersz,
Telia Research AB György Endersz 2001-05-08 1 European Electronic Signature Standardisation Initiative EESSI Budapest Seminar at the Hungarian Communication.

Telia Research AB György Endersz European Electronic Signature Standardisation Initiative EESSI Budapest Seminar at the Hungarian Communication.
The Austrian Governmental eDelivery System Technical Aspects Ankara, March 17th, 2015 Christian Maierhofer, EGIZ The E-Government Innovation Center is.

The Austrian Governmental eDelivery System Technical Aspects Ankara, March 17th, 2015 Christian Maierhofer, EGIZ The E-Government Innovation Center is.
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
European Electronic Identity Practices Country Update of …………… Speaker: Date:

European Electronic Identity Practices Country Update of …………… Speaker: Date:
S.1 Using a Global Validation Service to Unite Communities Jon Shamah EMEA Head of Sales, BBS eSecurity.

S.1 Using a Global Validation Service to Unite Communities Jon Shamah EMEA Head of Sales, BBS eSecurity.
Secure Communication Architectures.

Secure Communication Architectures.
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
August 2004 Providing Industry-wide Security and Identity Management Solutions.

August 2004 Providing Industry-wide Security and Identity Management Solutions.
Jaroslav Pinkava May 2001 Certification Authority in Praxis. Security Aspects. Conference Security and Protection of Information Ing. Jaroslav Pinkava,

Jaroslav Pinkava May 2001 Certification Authority in Praxis. Security Aspects. Conference Security and Protection of Information Ing. Jaroslav Pinkava,
2002 10 21 Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.

Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.
PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.

PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.
Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.

Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.
EESSI Overview - 1August 2002 EESSI European Electronic Signature Standardisation Initiative Implementing Electronic Signature.

EESSI Overview - 1August 2002 EESSI European Electronic Signature Standardisation Initiative Implementing Electronic Signature.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.

Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.

Similar presentations

Ads by Google