Presentation on theme: "21 mai 2015 Bridges between Certification Authorities."— Presentation transcript:
21 mai 2015 Bridges between Certification Authorities
Content 1.EU Services Directive 2.Interoperability of EU security infrastructures 3.Interoperability of electronic signatures 4.Conclusions 1.EU Services Directive 2.Interoperability of EU security infrastructures 3.Interoperability of electronic signatures 4.Conclusions
Directive 2006/123/EC By the end of 2009, service providers should be able to use, nationally and cross-borders, electronic procedures as set out in Art. 8 of the Services Directive. Main building blocks for the use of e-procedures: e-signatures e-identification and e-documents
Directive 2006/123/EC Steps to be followed to implement the e-procedures: Define interoperability framework between Certificate Service Providers from all the Member States Define common formats for the e-signatures Possible solutions for interoperability Bridge Certification Authorities Trusted Lists
2. Interoperability of EU security infrastructures
21 mai 2015 Bridge Certification Authorities PKIs evolve from organizational islands towards national and international wide networks interconnected via bridging entities. BCA’s provide cryptographic interoperability, policies harmonization and certificate status validation related services. There is not yet a standardized solution for building BCAs but there are already implementation at international and national level.
21 mai 2015 Bridge Certification Authorities Corporate/governmental PKIs may implement different architectures, security policies, and cryptographic suites. A flexible mechanism is needed to link corporate/governmental PKIs and translate their corporate relationship into the electronic world. BCA architecture was designed to address the shortcomings of the two basic PKI architectures, and to link PKIs that implement different architectures.
21 mai 2015 Establish trust relationships User trusts the CA that issued his certificate Trust relationship established hierarchically within the organizational PKI Trust relationship established using cross- certification between each Organizational PKI and Bridge User PKI 1 Org. PKI 1 Bridge CA Org. PKI 2 User PKI 2 Trusts
Trusted Lists “Trusted List”: term used to designate the Supervision/ Accreditation Status List of those services from QCSPs that are supervised/ accredited by a Member State's Supervisory Body that is in charge to establish, securely publish and maintain such a list in the context and requirements of the eSignature Directive (1999/93/EC).
Trusted Lists Trusted List aims to solve the validation problem of QES (Qualified Electronic Signatures) and AdES (Advanced Electronic Signatures) supported by QEC (Qualified Electronic Certificate) in a cross-border context: supports the interoperability and facilitates the cross- border use of e-signatures contains structured information needed for the validation of the electronic signature by the relying party complements the information available in the certificate of the signer and related chain of certification supporting a QES or an AdES supported by a QEC
Interoperability of electronic signatures A reference format for AdES is needed to facilitate the cross-border use of QES Using XAdES (CAdES), signers may incorporate certain properties into the XMLSig (CMS) signature structure before computing the signature value and including them in its computation. Signers or other parties may request and incorporate a time-stamp on the signature, which provides a trusted upper boundary on the generation time. Using XAdES (CAdES), verifiers or third parties may incorporate properties encompassing the long-term lifecycle of the signature, which after their generation includes first verification, storage for several years, and auditing.
Interoperability of electronic signatures ETSI organizes XAdES/CAdES interoperability tests certSIGN the only Romanian company involved in the ETSI interoperability tests developed its own software for implementing XAdES/CAdES signature formats successfully passed the tests
Conclusions Solving interoperability issues is the keystone element of implementing pan-European services Governments, industry and independent organizations shall be involved certSIGN– reliable partner to implement interoperability projects based on: Previous experience in implementing operational Bridging Certification Authorities (Romanian National Defense System) Own developed software modules tested in ETSI interoperability tests Competencies in PKI and information security field
Contact Adrian Floarea Business Development Director certSIGN Phone: 004-021-311.9901 Fax: 004-021-311.9905 Mobil: 004-0726.678.375 e-mail: email@example.com