STORCK 2002 conference IST project :Smart IS Accompanying Measure NAME-ES 20 novembre 2002 Yves Leroux, David Ankri, Fabrice Scemama SISGEM Agenda • Why NAME and NAME-ES ? • Different perspectives about signature • Cryptographic Options • Role of Smart card in this environment • NAME ES Module Specifications • Recommendations for implementation • Document presented to various European Bodies • Next Challenge 1
NAME & NAME-ES • NAME ( N etwork A uthentication M odule for Internet E nd-users) covers only authentication • NAME.ES ( N etwork A uthentication M odule for Internet E nd-users with advanced E lectronic S ignatures functions) covers both Authentication and Signatures INTEROPERABLE SOLUTIONS: Public Key Infrastructure(PKI) Certification Directory Authority Name digital certificate User Services The Global Security Standard for IP Networks 2
SMART IS NAME ES : • USER ID • X509 V3 certificate • Issuer REFERENCE • KS and others • Add. Functions ES, • Options , ... Authentication and signature requirements Table extracted from WG3 Report : Requirements of terminal manufacturers and convergence model for multi-platform access to services 3
Different perspectives about signature Four different perspectives: • Business – How will the electronic signature be unique to the individual? – How will the electronic signature be reliably verified? – How will the electronic document retain integrity over its life cycle to detect alteration from the original intent of the signer? Different perspectives about signature • Legal – Minimalist Approach • US Electronic Signatures in Global and National Commerce Act ("E-SIGN") – Prescriptive Approach • Germany, Malaysia, Argentina – “Two-tier” Approach • EU Digital Signatures Directive 4
Different perspectives about signature • Functional – Signatures as Identification – Signatures as Authentication – Signatures as declaration of knowledge – Signatures as declaration of will Different perspectives about signature • Technical 5
Cryptographic Options • Signature Scheme – Conventional – Special • One-time digital signature • Arbitrated signature • Blind Signature • Infrastructures – Public Key Infrastructure • Repartition of the different functions needed – Web of Trust – Secret Key Infrastructure Role of Smart card in this environment • Current proposed functions splits in the EESSI – CEN/ISSS CWA 14169 and 14170 – CEN/ISSS WS/E-Sign N 0195 – ETSI -ESI WG • Others proposed functions splits – Identrus – WIM – EID – EMV 6
NAME ES Module Specifications • The signature Schema used will be PKCS #1,11 , 15 , compliant with a Public Key Infrastructure. Consequently, the NAME-ES module must be able to handle X509 certificates. • Document hashing inside the module seems to be currently highly time consuming consequently, we have decided to put it optional . • In order to avoid legal discussion and potential usage restrictions, document Encryption/decryption inside the module has been put optional. NAME ES Module Specifications • As proposed in TB1 proposal V 0.14 “requirements for a EID Card”, the NAME-ES module shall contain at least two separate keys and certificates, where one key pair is used for authentication and encryption , and a second separate key pair for the qualified electronic signature (non repudiation). However, a three key pair EID-card is also perfectly valid, and complying applications shall be able to handle such cards. • For security reason, RSA Key pair generation inside the module has been put mandatory 7
Services using electronic signature Secure A ID ES functions: “kernel cardlet” NAME -ES Users Banks and Government Telecom Large Enterprises financial institutions Secure email & file encryption with standard email products Applications Extranet /intranet, VPN, remote access, Single Sign On Internet banking/I-Commerce, workflow PKI products CA system Client side PKI Server side PKI Standards RSA PKCS SSL S/MIME SEIS X.509 LDAP SET RSA PKCS SSL S/MIME SEIS X.509 LDAP SET Next Challenge The challenge with smart card issuance is not only in countering public concerns about security and privacy. Smart cards will take hold, and these concerns will be alleviated, only if there is sufficient incentive for people to use the cards: >AUTHENTICATION and E- SIGN/NAME ES FOR CITIZEN & ENTERPRISES EGOVERNMENT APPLICATIONS 8
SERVICES C to G : forms on line , tele-declarations ,e-services CITIZEN home/ PC KEY MANAGEMENT FILESECURITY Internet Sécurité E-mail Computing Center INCOMES DECLARATION Taxes Office FORMS INCOMES DECL. Site Web / Taxes Office Thank you Name-ES Document is available at http://www.smartis.org/minutes/pdf/NAME-ES_V01-20-06-02.pdf For more details,suggestions and contributions to this document, feel free to contact: David ANKRI dankri@smartismarketing.com Fabrice SCEMAMA fscemama@smartismarketing.com NEXT END USERS CONFERENCE 6 NOV CARTES 2002 9
Recommend
More recommend