Mais conteúdo relacionado New opportunities for Trust Services in EU #eIDAS1. New opportunities for
Trust Services in EU
Michał Tabor, CISSP
Expert of PIIT in the identification,
authentication and electronic signature
05.06.2014 © 2014, PIIT & TICons
1
2. 05.06.2014 © 2014, PIIT & TICons
2
Electronic identification and trust services for
electronic transactions in the internal market
European Parliament legislative resolution of 3 April 2014 on the proposal for a
regulation of the European Parliament and of the Council on electronic
identification and trust services for electronic transactions in the internal market
(COM(2012)0238 – C7-0133/2012 – 2012/0146(COD))
3. eIDAS means
05.06.2014 © 2014, PIIT & TICons
3
electronic
identification
electronic
signature
electronic seal
trust service
electronic time
stamp
electronic
registered delivery
service
qualified
certificate for
website
authentication
4. eIDAS Services
05.06.2014 © 2014, PIIT & TICons
4
electronic identification
electronic signature
•Creation
•Verification
•Validation
•Certificate services
electronic seal
•Creation
•Verification
•Validation
•Certificate services
trust service
electronic time stamp
•Creation
•Verification
•Validation
•Certificate services
electronic registered
delivery service
qualified certificate for
website authentication
•Creation
•Verification
•Validation
5. Trust Service definition
(16) 'trust service' means an electronic service normally
provided for remuneration which consists in:
a) the creation, verification, and validation of electronic
signatures, electronic seals or electronic time stamps,
electronic registered delivery services and certificates related
to these services or
b) the creation, verification and validation of certificates for
website authentication or
c) the preservation of electronic signatures, seals or certificates
related to these services;'
05.06.2014 © 2014, PIIT & TICons
5
7. Defining trust services
• (25) Member States should remain free
to define other types of trust services
in addition to those making part of the
closed list of trust services provided for
in this Regulation, for the purpose of
recognition at national level as
qualified trust services
05.06.2014 © 2014, PIIT & TICons
7
10. Cloud of Trust
Evidence
Risk mitigation
User
Commitment
Verification
Authorization
Confirmation
User
Authentication
eSignature
Trust
Security
Workflows
User needs
11. Cloud of Trust
Evidence
Risk mitigation
User
Commitment
Verification
Authorization
Confirmation
User
Authentication
eSignature
Trust
Security
Workflows
User needs
TRUST
SERVICE
WORKFLOW
SIGNATURE
SERVICE
TRUSTED
REPOSITORY
CONTROLS
SERVICE
ATTRIBUTE
SERVICES
CERTIFICATE
AUTHORITY
12. Trust service
05.06.2014 © 2014, PIIT & TICons
12
WORKFLOW
creation
certification
verification
validation
preservation
delivery
Identification
Authentication
Authorization
Atributes
Information
PROOF OF
TRUST
SEAL
13. 05.06.2014 © 2014, PIIT & TICons
13
certification
verification
validation
preservation
delivery
EVIDENCE
EVIDENCE
EVIDENCE
EVIDENCE
EVIDENCE
EVIDENCE
EVIDENCE
WORKFLOW
creation
Trust serviceEvidence gathering
15. Trust Service (Example 1)
05.06.2014 © 2014, PIIT & TICons
15
Identification
Authentication
Authorization
Attributes
Information
DOCUMENT
Sign
17. Trust Service (Example 2)
05.06.2014 © 2014, PIIT & TICons
17
Signature
Signature
Time
Confirmation
DOCUMENT
Sign
SYNCRONIZED
DOCUMENT DELIVERY
EVIDENCE
of
synchronization
SEAL
19. Trust Service (Example 3)
05.06.2014 © 2014, PIIT & TICons
19
Signature
Signature
Time
Authorization
DOCUMENT
Sign
Contract versions
exchange
EVIDENCE
SEAL
20. Business contracts trust service
05.06.2014 © 2014, PIIT & TICons
20
DOCUMENT
Sign
Final
contract
version
EVIDENCE
SEAL
Contract
version…
Contract
version…
Contract
version…
Contract
version…
WORKFLOW
creation
certification
verification
validation
preservation
delivery
21. Trust Service (Example 4)
05.06.2014 © 2014, PIIT & TICons
21
Signature
Document
Time
Identification
DOCUMENT
Sign
VISUALIZA
TION
SEAL
22. Smart Paper
05.06.2014 © 2014, PIIT & TICons
22
DOCUMENT
Sign
VISUALIZA
TION
SEAL
WORKFLOW
creation
certification
verification
validation
preservation
delivery
REPOSITORY
Preservation
Delivery
26. 26
Q&A
Michał Tabor
Trusted Information Consulting Ltd.
michal.tabor@ticons.pl
www.ticons.pl
Twitter: @michal_tabor
05.06.2014 © 2014, PIIT & TICons
Trusted Information Consulting Ltd. is the
member of Polish Chamber of Information
Technology and Telecommunications