Universal Electronic Signatures - PowerPoint PPT Presentation

1 / 20
About This Presentation
Title:

Universal Electronic Signatures

Description:

Represented typically by Population Registries (CA-s) and incorporating partner companies ... PKI & CA http://www.sk.ee. ID-card practices http://www.id.ee ... – PowerPoint PPT presentation

Number of Views:13
Avg rating:3.0/5.0
Slides: 21
Provided by: tarv154
Category:

less

Transcript and Presenter's Notes

Title: Universal Electronic Signatures


1
Universal Electronic Signatures
  • Tarvi Martens
  • ESTONIA

2
What if you receive digitally signed document
tomorrow?
Probably you should accept and handle it !!!
3
Rationale
  • Existing EU Directive does not provide for solid
    grounds for unified electronic signature
    deployment in Europe
  • CEN CWA-s and ETSI standards allow for myriad of
    options
  • UES Attempt to achieve electronic signature
    deployment and interoperability from the Best
    Practice experiences

4
What is UES ?
  • UES stands for Universal Electronic Signature
  • UES is a concept of electronic signature with aim
    to universally replace handwritten signature
  • UES is going beyond AES (Advanced Electronic
    Signature as of EU Directive)
  • UES is designed for international interoperability

5
UES provides for
  • UES Advanced Electronic Signature based on
    Qualified Certificates PLUS
  • electronically signed documents are equivalent to
    handwritten ones by legal evidence value
  • usage domain and signatory role are not
    restricted
  • signatory is uniquely identified as a physical
    person
  • there are means to identify signing time of the
    electronic document
  • electronically signed documents are maintaining
    their long-term validity
  • UES are international

6
UES implementation
  • UES implementation requires these components to
    be adjusted to UES principles
  • Legislation
  • CA delivering certificates on SSCD
  • Validation services (real-time OCSP)
  • Deployed end-user tools
  • Inter-PKI cooperation

7
UES actors CA
  • Certification Authority
  • Produces qualified certificates on SSCD
  • to uniquely identifiable physical persons
  • Provides up-to-date certificate validity
    information to Validation Authority
  • Generates, exchanges and maintains Trust-service
    Status Lists (TSL)
  • CA details
  • Valid CA and OCSP certificates
  • History of validity
  • XML-profile of ETSI TS 102 231

8
UES Actors VA
  • Validation Authority
  • Issues validity confirmations using OSCP protocol
    (RFC 2650)
  • Operates in real-time
  • acquires validity information from CA-s database
  • Provides precise time information in responses
    (time-stamping)
  • Logs and archives issued confirmations to provide
    for long-term validity

9
VA as an e-notary
I just signed the document using this
certificate
Doc,Cert
OCSP
CA DB
(Doc,Cert,time)ok
When I saw this signed document, corresponding
certificate was valid
Secure log
10
UES Actors Signer and Verifier
  • Signer
  • Generates electronically signed documents using
    certificate and validity confirmation
  • Verifier
  • Verifies electronic signatures using (cached) TSL
  • Sharing common document format
  • Profile of ETSI TS 101 903 aka XAdES - OpenXAdES

11
UES architecture (1)
VA
OCSP
Signer
VA
OCSP
CA
Cert
Signer
CA
Cert
TSL
Doc
TSL
Doc
PKI 1
Verifier
PKI 2
Verifier
12
UES architecture (2)
VA
OCSP
Signer
VA
OCSP
CA
Cert
Signer
CA
Cert
TSL
Doc
TSL
Verifier
PKI 1
PKI 2
Verifier
Doc
13
Trust model
  • Bilateral trust model
  • Every party has a freedom to choose trusted
    parties
  • CA communicates trust through TSL-s

CA 1
CA 2
CA 3
CA 4
14
UES Organization
  • Currently Memorandum of Understanding
  • Agreeing with UES principles and model
  • Three initial partners
  • Estonia
  • Belgium
  • Finland
  • Represented typically by Population Registries
    (CA-s) and incorporating partner companies
  • More formal structure (separate organization
    UES Initiative) is considered

15
UES activities
  • General coordination
  • Promotion, info sharing
  • Liaisons with std. bodies
  • Sharing enabling technology
  • TSL distribution
  • Joint work on different aspects
  • Legal issues
  • CA service provision
  • VA service provision
  • Document format, interop testing

16
UES deployment
  • Sign the MoU
  • Allocate resources for the co-operation effort
  • Start issuing qualified certificates
  • The hardest part we assume you do it already
  • Set up your OCSP
  • Almost any commercial OCSP Responder will do
  • Start exchanging TSL-s
  • To be developed
  • Distribute and localize end-user apps
  • www.openxades.org

17
What is OpenXAdES ?
  • OpenXAdES is a profile of ETSI TS 101 903 aka
    XAdES
  • OpenXAdES specifications and implementations (C,
    Java) are available at www.openxades.org
  • OpenXAdES is a community driven free software
    development project
  • OpenXAdES profile specification development is
    coordinated by CC (and by UES organization in the
    future)

18
What is DigiDoc ?
  • DigiDoc is a set of software applications based
    on OpenXAdES spec/library
  • Applications include
  • DigiDoc client
  • DigiDoc portal
  • DigiDoc webservice (SOAP)
  • Client tested with Estonian, Finnish and Belgium
    ID-cards
  • Multilingual version available now

19
Digital Signature in Estonia
  • Available for 1.5 years
  • 500 000 potential users
  • 200 000 signatures
  • Client distributed with ID-card starter kit
  • Technology integrated in all major document
    handling systems and Internet banks
  • Innumerable list of uses

20
Additional Information
  • ID-card issuing http//www.pass.ee
  • PKI CA http//www.sk.ee
  • ID-card practices http//www.id.ee
  • Digital signature software www.openxades.org
  • Contact point
  • tarvi_at_sk.ee
  • www.openxades.org/ues

Porvoo V May 2004 Tallinn, Estonia
Write a Comment
User Comments (0)
About PowerShow.com