Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information.

Published byJordan Conway Modified over 10 years ago

Similar presentations

Presentation on theme: "© 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information."— Presentation transcript:

1 © 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information Society Tashkent, Uzbekistan 6-8 October 2003 Challenges in Electronic Signatures and Certification Authorities Alexander NTOKO Chief, E-Strategy Unit ITU Telecommunication Development Bureau (BDT)

2 Overview of Digital Signature Signers Private Key Signed Document Encrypted Digest Hash Algorithm Digest Remember, a digital signature involves services provided by Certificate Authority (CA)

3 Verifying the Digital Signature for Authentication and Integrity Hash Algorithm Digest ? ? Signers Public Key And so does the process of verifying the validity of a digital signature

4 © 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 4 General Overview of Some Digital Signature and Certificate Authority Challenges o Technology and Standards Application and Multi-vendor interoperability Key Length and Encryption algorithms Content Non-Repudiation and Time stamps o Policies and Legislative CA-CA Policy-level Interoperability PKI Domains, Jurisdictions and Accreditation Roles of Public and Private Sector E-signature Legislation and Technology Neutrality – Finding the right balance between being technology neutral and enforcing legislation. o Acquisition, Capacity & Business Models Building Local Capacity Business Case for CA Infrastructure Liabilities and Risk assessment/management

5 © 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 5 Challenges for e-Signatures and Certification Authorities are Intricately linked. Focus on: o Acceptance of Digital Signature Across Multi-Jurisdictional PKI Domains. o Policies for Generic Identity Certificates. o Public Key Infrastructure (PKI) Domains. o CA-CA Inter-Domain Interoperability. o Relationship between Attribute Certificates and Generic Identity Certificates.

6 © 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 6 Some Initiatives for Addressing CA-CA Inter Domain Interoperability Issues…

7 © 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 7 Cross Certification o A CA issues a certificate to another CA. This is applied to Strict Hierarchy (Root CAs) o Establishment of Trust Relationship between CAs (Chain of Trust). o Could result in Trust Cascades (A>B and B>C should not imply A>C). o Trust relationship could be Mutual (Horizontal Trust relationship) or Unilateral (Vertical Trust relationship – Root CAs).

8 © 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 8 Bridge Certificate Authority o A CA acts as a bridge between CAs in different PKI domains. o Each CA establishes a Trust Relationship with the Bridge CA. o The absence of direct relationships between CAs avoids overheads related to the establishment of direct trust relationships between co-operating CAs.

9 © 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 9 Cross Recognition o No trust relationship on cross certification between CAs. o Requires a mutually trusted and recognized third party. o CA-CA Interoperability is achieved through the licensing or auditing by a mutually agreed authority.

10 © 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 10 Accreditation Certificate o A combination of cross-certification and cross recognition. o Involves the creation of an accreditation CA. o Public Key of each CA is signed by accreditation CA. o Used in Australia in the Gatekeeper Accreditation CA. o Requires high level government structure and control to create hierarchy (e.g., government- wide PKI).

11 © 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 11 Certificate Policy – Plays an important role in the implementation of some of these initiatives o Certificate Policy (CP) – A Named set of rules that indicate the applicability of a certificate to a particular community and/or class of applications of common security requirements.

12 © 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 12 Policy Mappings Extension Allows a certification authority to indicate that certain policies in its own domain can be considered equivalent to certain other policies in the subject certification authority's domain. ITU-T X509: CA-CA Policy Interoperability

13 © 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 13 ITU-T X.509: Preventing Trust Cascades Policy Constraints extension Ability for a certification authority to require that explicit certificate policy indications be present in all subsequent certificates in a certification path. Ability for a certification authority to disable policy mapping by subsequent certification authorities in a certification path.

14 © 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 14 Possible Strategy for E-Signatures and CAs

15 © 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 15 What could be the Role of Governments? o Getting Involved in the Management of Public Internet Resources. Internet Protocol Addresses Domain Names (under ccTLDs) o Elaborating Policies and Legislation for the Management of Digital Identities and CAs. Accreditation of Certification Authorities Control and Enforcement Mechanisms Play central role in the management of generic identities (e.g. digital Ids and Passports).

16 © 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 16 What is ITU-D doing in this Domain? o ITU-D IsAP Programme 3 Policies: Addressing National/Regional Policies for e-Trust and public Internet resources (e.g., Azerbaijan, Cameroon, Georgia and Mongolia). Projects: Projects on PKI (CA and RA) and PKI- enabled Applications (Africa, Asia, Latin America and Europe). Training: Building Human Capacity in e-Security (e.g., Latin America and Pakistan). Environment: Assistance in Legal Issues for E- Applications and in establishing an Enabling Regulatory Framework (e.g., Latin America, Cape Verde, Mongolia and Burkina Faso).

17 © 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 17 World e-Trust MoU Platform for Partnerships in E-Services Self-Regulatory & Self-Funding Structure Technology Neutral/Independent Environment Multi-Lateral And Inclusive Framework

18 © 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 18 Thank You for your attention For further information Web:http://www.itu.int/ITU-D/e-strategyhttp://www.itu.int/ITU-D Email: e-strategy@itu.int

Download ppt "© 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
DIGITAL CERTIFICATES Prof. Ravi Sandhu. 2 © Ravi Sandhu PUBLIC-KEY CERTIFICATES reliable distribution of public-keys public-key encryption sender needs.

DIGITAL CERTIFICATES Prof. Ravi Sandhu. 2 © Ravi Sandhu PUBLIC-KEY CERTIFICATES reliable distribution of public-keys public-key encryption sender needs.
Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
The vision for Sri Lanka’s Tertiary and Vocational Education

The vision for Sri Lanka’s Tertiary and Vocational Education
A strategy for a Secure Information Society –

A strategy for a Secure Information Society –
© Copyright 1998-2001 International Telecommunication Union (ITU). All Rights Reserved page - 1 Alexander NTOKO Project Manager, ITU Electronic Commerce.

© Copyright International Telecommunication Union (ITU). All Rights Reserved page - 1 Alexander NTOKO Project Manager, ITU Electronic Commerce.
© 1998-2003 ITU Telecommunication Development Bureau (BDT) page - 1 Alexander NTOKO Chief, E-Strategy Unit ITU Telecommunication Development Bureau Seminar.

© ITU Telecommunication Development Bureau (BDT) page - 1 Alexander NTOKO Chief, E-Strategy Unit ITU Telecommunication Development Bureau Seminar.
© 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Building Confidence in E-government Services ITU-T Workshop on.

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Building Confidence in E-government Services ITU-T Workshop on.
International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.

International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.
Resource Mobilization Capacity Building OEWG – SIDE EVENT 7 April, 2006.

Resource Mobilization Capacity Building OEWG – SIDE EVENT 7 April, 2006.
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Digital Signatures in State of Tennessee Pam Roberts Finance & Administration Office for Information Resources Planning, Research & Development.

Digital Signatures in State of Tennessee Pam Roberts Finance & Administration Office for Information Resources Planning, Research & Development.
UNITED NATIONS COMMISION ON INTERNATIONAL TRADE LAW Enhancing legal certainty for electronic signatures and other authentication methods José Angelo Estrella.

UNITED NATIONS COMMISION ON INTERNATIONAL TRADE LAW Enhancing legal certainty for electronic signatures and other authentication methods José Angelo Estrella.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Kerberos and X.509 Fourth Edition by William Stallings

Kerberos and X.509 Fourth Edition by William Stallings
CSCE 815 Network Security Lecture 10 KerberosX.509 February 13, 2003.

CSCE 815 Network Security Lecture 10 KerberosX.509 February 13, 2003.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.

Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.

Similar presentations

Ads by Google