New eIDAS regulation opens discussion about Trust Services

1. New opportunities for
Trust Services in EU
Michał Tabor, CISSP
Expert of PIIT in the identification,
authentication and electronic signature
05.06.2014 © 2014, PIIT & TICons
1

2. 05.06.2014 © 2014, PIIT & TICons
2
Electronic identification and trust services for
electronic transactions in the internal market
European Parliament legislative resolution of 3 April 2014 on the proposal for a
regulation of the European Parliament and of the Council on electronic
identification and trust services for electronic transactions in the internal market
(COM(2012)0238 – C7-0133/2012 – 2012/0146(COD))

3. eIDAS means
05.06.2014 © 2014, PIIT & TICons
3
electronic
identification
electronic
signature
electronic seal
trust service
electronic time
stamp
electronic
registered delivery
service
qualified
certificate for
website
authentication

4. eIDAS Services
05.06.2014 © 2014, PIIT & TICons
4
electronic identification
electronic signature
•Creation
•Verification
•Validation
•Certificate services
electronic seal
•Creation
•Verification
•Validation
•Certificate services
trust service
electronic time stamp
•Creation
•Verification
•Validation
•Certificate services
electronic registered
delivery service
qualified certificate for
website authentication
•Creation
•Verification
•Validation

5. Trust Service definition
(16) 'trust service' means an electronic service normally
provided for remuneration which consists in:
a) the creation, verification, and validation of electronic
signatures, electronic seals or electronic time stamps,
electronic registered delivery services and certificates related
to these services or
b) the creation, verification and validation of certificates for
website authentication or
c) the preservation of electronic signatures, seals or certificates
related to these services;'
05.06.2014 © 2014, PIIT & TICons
5

6. #eIDAS Trust Service
Trust
Service
creation
certification
verification validation
preservation
delivery
05.06.2014 © 2014, PIIT & TICons
6
provided for
remuneration

7. Defining trust services
• (25) Member States should remain free
to define other types of trust services
in addition to those making part of the
closed list of trust services provided for
in this Regulation, for the purpose of
recognition at national level as
qualified trust services
05.06.2014 © 2014, PIIT & TICons
7

8. #eIDAS Trust Service
Trust
Service
creation
certification
verification
validation
preservation
delivery
combination
of trust
servies
05.06.2014 © 2014, PIIT & TICons
8
provided for
remuneration

9. Business process
Securing transactions
Employee - consultant
Employer
Need of
contract
Trustworthy
contractTrust Service

10. Cloud of Trust
Evidence
Risk mitigation
User
Commitment
Verification
Authorization
Confirmation
User
Authentication
eSignature
Trust
Security
Workflows
User needs

11. Cloud of Trust
Evidence
Risk mitigation
User
Commitment
Verification
Authorization
Confirmation
User
Authentication
eSignature
Trust
Security
Workflows
User needs
TRUST
SERVICE
WORKFLOW
SIGNATURE
SERVICE
TRUSTED
REPOSITORY
CONTROLS
SERVICE
ATTRIBUTE
SERVICES
CERTIFICATE
AUTHORITY

12. Trust service
05.06.2014 © 2014, PIIT & TICons
12
WORKFLOW
creation
certification
verification
validation
preservation
delivery
Identification
Authentication
Authorization
Atributes
Information
PROOF OF
TRUST
SEAL

13. 05.06.2014 © 2014, PIIT & TICons
13
certification
verification
validation
preservation
delivery
EVIDENCE
EVIDENCE
EVIDENCE
EVIDENCE
EVIDENCE
EVIDENCE
EVIDENCE
WORKFLOW
creation
Trust serviceEvidence gathering

14. TRUST SERVICES
05.06.2014 © 2014, PIIT & TICons
14

15. Trust Service (Example 1)
05.06.2014 © 2014, PIIT & TICons
15
Identification
Authentication
Authorization
Attributes
Information
DOCUMENT
Sign

16. Signature on demand
Identification
Authentication
Attributes
• Time
• External confirmations
Signed document
05.06.2014 © 2014, PIIT & TICons
16
Bank
account
Cell
phone
Corporate
systems
Insurance …
WORKFLOW
creation
certification
verification
validation
preservation
delivery

17. Trust Service (Example 2)
05.06.2014 © 2014, PIIT & TICons
17
Signature
Signature
Time
Confirmation
DOCUMENT
Sign
SYNCRONIZED
DOCUMENT DELIVERY
EVIDENCE
of
synchronization
SEAL

18. Synchronised signature
Document Synchronization Dissemination
05.06.2014 © 2014, PIIT & TICons
18
Signatory A
Signatory B
WORKFLOW
creation
certification
verification
validation
preservation
delivery

19. Trust Service (Example 3)
05.06.2014 © 2014, PIIT & TICons
19
Signature
Signature
Time
Authorization
DOCUMENT
Sign
Contract versions
exchange
EVIDENCE
SEAL

20. Business contracts trust service
05.06.2014 © 2014, PIIT & TICons
20
DOCUMENT
Sign
Final
contract
version
EVIDENCE
SEAL
Contract
version…
Contract
version…
Contract
version…
Contract
version…
WORKFLOW
creation
certification
verification
validation
preservation
delivery

21. Trust Service (Example 4)
05.06.2014 © 2014, PIIT & TICons
21
Signature
Document
Time
Identification
DOCUMENT
Sign
VISUALIZA
TION
SEAL

22. Smart Paper
05.06.2014 © 2014, PIIT & TICons
22
DOCUMENT
Sign
VISUALIZA
TION
SEAL
WORKFLOW
creation
certification
verification
validation
preservation
delivery
REPOSITORY
Preservation
Delivery

23. Trust Service (Example 5)
05.06.2014 © 2014, PIIT & TICons
23
Time

24. Trust coffee
05.06.2014 © 2014, PIIT & TICons
24

25. Trust coffee
05.06.2014 © 2014, PIIT & TICons
25
Trust Services
Time and money saving services
- Transactions services

26. 26
Q&A
Michał Tabor
Trusted Information Consulting Ltd.
michal.tabor@ticons.pl
www.ticons.pl
Twitter: @michal_tabor
05.06.2014 © 2014, PIIT & TICons
Trusted Information Consulting Ltd. is the
member of Polish Chamber of Information
Technology and Telecommunications