Electronic Signatures in Poland market, tools and new trends

Electronic Signatures in Poland market, tools and new trends

Daniel WachnikElectronic Signature Laboratory

Agenda

• About IMM• Electronic signatures market in Poland

– Private & public sector• Electronic signature tools

– Qualified signatures– Trusted profile

• New trends in electronic signatures– Biometric signatures– Mediated signatures– Forgery evident signatures

• Q&A

About Institute of Mathematical Machines

Institute of Mathematical Machines – history

• Public Research Body• Established in 1957• Operates under auspices of Ministry of Economy• Mathematical Machine – computer (old

fashioned wording)

• Areas of interest– Electronic Signature– Modeling and simulation techniques– Biometric devices and security systems– E-learnig

Electronic Signature Laboratory

• Established in 2009• Main achievements

– Electronic Signature’s Interoperability Tests (2011, 2012)

– SCVA application– Biometric signatures project with

BioTrustis

Electronic Signatures market in Poland

Statistics - access to the computer

73%

27%

Households

with computerwithout computer

with computer 9 238 668

without computer 3 353 619

total 12 592 287

Source: Polish Central Statistical Office

ICT in 2012

Statistics - Internet usage

Number of people (aged 16 - 74) 30 419 262 Internet users 19 814 148 People not using Internet 10 605 114 Internet users not using PA portals 10 205 928 Public administration's portals users 9 608 220 Users not sending forms to PA portals 6 385 490 Users sending forms to PA portals 3 222 730 Users sending tax declarations 2 049 089 Users potentially using electronic signature 1 173 641 Internet users not using electronic signature 18 640 507 People not using PA portals 29 245 621

People not using Internet

Internet users not using PA portals

Users not sending forms to PA portals

Users sending tax declarations via Internet

Users senidng forms to PA , but not tax declarations

Internet usage

Source: Polish Central Statistical Office

ICT in 2012

Electronic signatures market - drivers

EU level law regulations

Cross-border recognition

Electronic signature

National level law

regulations

Recognition on national

level


Electronic adminstration Identification Electronic

signature

eID systemsLarge

number of users


Electronic signatures market

18,5 mln

potential users

Services

Tools

Devices

Electronic signature tools in Poland

Electronic signature tools and services

Public Administration’s

systems

Qualified Signatures

Trusted profile

E-delivery (skrzynka podawcza)

Validation services

Signatures – trust platform in Poland

http://www.nccert.pl/podmiotyE.htm

Qproducts

QServices

RootCANCCert

QCA

QCert

QTSA

QTSP

Q…

Signatures – Trust platform in Poland

Qproducts

QServices

(root level)TSL

QCA

QCert

QTSA

QTSP

Q…

http://www.nccert.pl/tslE.htm

Qualified certificates in Poland

• 263 781

Valid qualified certificates number

• 754 613

Overall number of issued certificates

• 19 814 148

Internet users number

Source: Ministry of EconomyFeb. 2013

Trusted Profile – what is it?Trusted Profile-based

signatur

eValidated account (trusted profile)

User’s account

ePUAP

ePUAP - concept

CRDePUAP

Documenttemplate

Citizen

Clerk

Form

Document

acitvity

start

subactivitydecision

endDocument

Document

Document

ePUAP – how does it look like?

http://www.epuap.gov.pl/

Trusted profile’s lifecycle

ePuap account creation

Account validation•Automatic, with qualified signature

•Manual – at verification point

Trusted profile usage•Signature

Renewal•With qualified signature

•With trusted profile’s signature

End of lifecycle•Expiration•revocation

Trusted profile - summary• Tool for natural persons only

– Although ePUAP authentication mechanism gives a possibility to login in a specific context

• Username/password based authentication• E-mail based authorization• Trusted profile signature – seal containing trusted profile data

Signing with trusted profile - presentation

New trends in electronic signatures

New trends• Biometric signatures• Mediated signatures• Forgery Evident Signatures• PKI 2.0 concept

Biometric signatures - Goals

Bind signature to the user

Remove the necessity of holding smartcard

Make system transparent to SCVA’s

Biometric signatures - concept

Key store

Finger Vein reader

Finger Vein authentication system

SCVA application

MS CSP

DocumentSigned

document

Signature request

Authentication request

Encrypted pattern

Authentication result

Authentication result

Signature response

Biometric signatures - applicability

Kiosks

Banks

Offices

Biometric signatures - summary• Advantages

– No card needed– Strong authentication– Technical details can be hidden behind CSP/PKCS#11 interface

• Disadvantages– Biometric (Finger Vein) reader needed– Central Finger Vein database


Mediated signatures - Goals

Preserve sole control

Make signature process auditable

Signature exists, so it is valid

Mediated signatures - concept

RSA key pair

Private keyUser’s Private

KeyService’s

Private Key

Public KeyPublic Key

Mediated signatures – key generation

Signature ServiceKey

Identifier

Pseudorandom data for identifier

Key Pair

Certificate

Public Key

Private Key

Key generation service Service master Key

SignatureService key

User’s Key

Mediated signatures – signature process

Signature Service

CitizenDocument

Preprocessed Signature

Valid Signature

Certificate validation

Signatures log

Mediated signatures - benefits

Sole control

•User’s key required•No key recovery on server sideSignature

only for valid

certificates

Signature constrains on server

side

Audit of created

signatures

Mediated signatures – additional information

• MRSAA RFC draft: https://datatracker.ietf.org/doc/draft-kutylowski-mrsa-algorithm/

• Mediated signatures project site: http://www.podpisosobisty.pl/

https://datatracker.ietf.org/doc/draft-kutylowski-mrsa-algorithm/




Forgery evident signatures - Goals

It is possible to reveal key compromise

It is possible to distinguish original signatures from forged ones

Applicability to existing technologies

Forgery evident signatures – concept

Mediated signatures as core technologyStateful authenticationKey evolution

FE signatures – signature process

Signature Service

CitizenDocument


Valid Signature


Signatures log

Synchronized HMAC key evolution

FE signatures – key compromise detection

Signature Service

CitizenDocument


Valid Signature


Signatures log

HMAC Keys not synchronized!

FE signatures – verification of authenticity of signature

Signature Service

CitizenSigned document

Signature authenticity confirmation

Valid Signature

Signatures log

Forgery evident signatures – possibilities

Forgery Evident services

Forged signatures may be recognized

If key was copied it is known when it happened

Forgery evident signatures – applicability

User signatures

Service signatures

High security areas


PKI vs PKI 2.0

PKI

Business Processes

CACitizen

Document

Certificate

SignedDocument

PaymentInsurance

PKI vs PKI 2.0

PKI 2.0

Business Processes

Signature AuthorityCitizen

Document

SignedDocument

PaymentInsurance

Signed Document

PKI 2.0 - summary• PKI 2.0 concept – bussiness model• Signature centric• Various realization models• More at http://www.pki2.eu

http://www.pki2.eu/

Summary• Poland – large market for e-services, and e-

signatures• IMM – public research body in Poland –

http://www.imm.org.pl/ • More on presented new signature technologies:

– Biometric signatures – http://www.biotrustis.pl– Mediated signatures – http://www.podpisosobisty.pl– Forgery evident signatures –http://www.biopki.org.pl/

node/2; http://www.ticons.pl; – PKI 2.0 concept – http://www.pki2.eu

http://www.imm.org.pl/

http://www.biotrustis.pl/

http://www.podpisosobisty.pl/

http://www.biopki.org.pl/node/2





http://www.ticons.pl/

http://www.pki2.eu/

Thank you for your attention

Dziękuję za uwagę

Daniel Wachnik ([email protected])Electronic signature laboratory

Documents

Electronic Signatures in Poland market, tools and new trends