Upload
elias
View
39
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Electronic Signatures in Poland market, tools and new trends. Daniel Wachnik. Electronic Signature Laboratory. Agenda. About IMM Electronic s ignatures market in Poland Private & public sector Electronic signature tools Qualified signatures Trusted profile - PowerPoint PPT Presentation
Citation preview
Electronic Signatures in Poland market, tools and new trends
Daniel WachnikElectronic Signature Laboratory
Agenda
• About IMM• Electronic signatures market in Poland
– Private & public sector• Electronic signature tools
– Qualified signatures– Trusted profile
• New trends in electronic signatures– Biometric signatures– Mediated signatures– Forgery evident signatures
• Q&A
About Institute of Mathematical Machines
Institute of Mathematical Machines – history
• Public Research Body• Established in 1957• Operates under auspices of Ministry of Economy• Mathematical Machine – computer (old
fashioned wording)
• Areas of interest– Electronic Signature– Modeling and simulation techniques– Biometric devices and security systems– E-learnig
Electronic Signature Laboratory
• Established in 2009• Main achievements
– Electronic Signature’s Interoperability Tests (2011, 2012)
– SCVA application– Biometric signatures project with
BioTrustis
Electronic Signatures market in Poland
Statistics - access to the computer
73%
27%
Households
with computerwithout computer
with computer 9 238 668
without computer 3 353 619
total 12 592 287
Source: Polish Central Statistical Office
ICT in 2012
Statistics - Internet usage
Number of people (aged 16 - 74) 30 419 262 Internet users 19 814 148 People not using Internet 10 605 114 Internet users not using PA portals 10 205 928 Public administration's portals users 9 608 220 Users not sending forms to PA portals 6 385 490 Users sending forms to PA portals 3 222 730 Users sending tax declarations 2 049 089 Users potentially using electronic signature 1 173 641 Internet users not using electronic signature 18 640 507 People not using PA portals 29 245 621
People not using Internet
Internet users not using PA portals
Users not sending forms to PA portals
Users sending tax declarations via Internet
Users senidng forms to PA , but not tax declarations
Internet usage
Source: Polish Central Statistical Office
ICT in 2012
Electronic signatures market - drivers
EU level law regulations
Cross-border recognition
Electronic signature
National level law
regulations
Recognition on national
level
Electronic signature
Electronic adminstration Identification Electronic
signature
eID systemsLarge
number of users
Electronic signature
Electronic signatures market
18,5 mln
potential users
Services
Tools
Devices
Electronic signature tools in Poland
Electronic signature tools and services
Public Administration’s
systems
Qualified Signatures
Trusted profile
E-delivery (skrzynka podawcza)
Validation services
Signatures – trust platform in Poland
http://www.nccert.pl/podmiotyE.htm
Qproducts
QServices
RootCANCCert
QCA
QCert
QTSA
QTSP
Q…
Signatures – Trust platform in Poland
Qproducts
QServices
(root level)TSL
QCA
QCert
QTSA
QTSP
Q…
http://www.nccert.pl/tslE.htm
Qualified certificates in Poland
• 263 781
Valid qualified certificates number
• 754 613
Overall number of issued certificates
• 19 814 148
Internet users number
Source: Ministry of EconomyFeb. 2013
Trusted Profile – what is it?Trusted Profile-based
signatur
eValidated account (trusted profile)
User’s account
ePUAP
ePUAP - concept
CRDePUAP
Documenttemplate
Citizen
Clerk
Form
Document
acitvity
start
subactivitydecision
endDocument
Document
Document
ePUAP – how does it look like?
http://www.epuap.gov.pl/
Trusted profile’s lifecycle
ePuap account creation
Account validation•Automatic, with qualified signature
•Manual – at verification point
Trusted profile usage•Signature
Renewal•With qualified signature
•With trusted profile’s signature
End of lifecycle•Expiration•revocation
Trusted profile - summary• Tool for natural persons only
– Although ePUAP authentication mechanism gives a possibility to login in a specific context
• Username/password based authentication• E-mail based authorization• Trusted profile signature – seal containing trusted profile data
Signing with trusted profile - presentation
New trends in electronic signatures
New trends• Biometric signatures• Mediated signatures• Forgery Evident Signatures• PKI 2.0 concept
Biometric signatures - Goals
Bind signature to the user
Remove the necessity of holding smartcard
Make system transparent to SCVA’s
Biometric signatures - concept
Key store
Finger Vein reader
Finger Vein authentication system
SCVA application
MS CSP
DocumentSigned
document
Signature request
Authentication request
Encrypted pattern
Authentication result
Authentication result
Signature response
Biometric signatures - applicability
Kiosks
Banks
Offices
Biometric signatures - summary• Advantages
– No card needed– Strong authentication– Technical details can be hidden behind CSP/PKCS#11 interface
• Disadvantages– Biometric (Finger Vein) reader needed– Central Finger Vein database
New trends• Biometric signatures• Mediated signatures• Forgery Evident Signatures• PKI 2.0 concept
Mediated signatures - Goals
Preserve sole control
Make signature process auditable
Signature exists, so it is valid
Mediated signatures - concept
RSA key pair
Private keyUser’s Private
KeyService’s
Private Key
Public KeyPublic Key
Mediated signatures – key generation
Signature ServiceKey
Identifier
Pseudorandom data for identifier
Key Pair
Certificate
Public Key
Private Key
Key generation service Service master Key
SignatureService key
User’s Key
Mediated signatures – signature process
Signature Service
CitizenDocument
Preprocessed Signature
Valid Signature
Certificate validation
Signatures log
Mediated signatures - benefits
Sole control
•User’s key required•No key recovery on server sideSignature
only for valid
certificates
Signature constrains on server
side
Audit of created
signatures
Mediated signatures – additional information
• MRSAA RFC draft: https://datatracker.ietf.org/doc/draft-kutylowski-mrsa-algorithm/
• Mediated signatures project site: http://www.podpisosobisty.pl/
New trends• Biometric signatures• Mediated signatures• Forgery Evident Signatures• PKI 2.0 concept
Forgery evident signatures - Goals
It is possible to reveal key compromise
It is possible to distinguish original signatures from forged ones
Applicability to existing technologies
Forgery evident signatures – concept
Mediated signatures as core technologyStateful authenticationKey evolution
FE signatures – signature process
Signature Service
CitizenDocument
Preprocessed Signature
Valid Signature
Certificate validation
Signatures log
Synchronized HMAC key evolution
FE signatures – key compromise detection
Signature Service
CitizenDocument
Preprocessed Signature
Valid Signature
Certificate validation
Signatures log
HMAC Keys not synchronized!
FE signatures – verification of authenticity of signature
Signature Service
CitizenSigned document
Signature authenticity confirmation
Valid Signature
Signatures log
Forgery evident signatures – possibilities
Forgery Evident services
Forged signatures may be recognized
If key was copied it is known when it happened
Forgery evident signatures – applicability
User signatures
Service signatures
High security areas
New trends• Biometric signatures• Mediated signatures• Forgery Evident Signatures• PKI 2.0 concept
PKI vs PKI 2.0
PKI
Business Processes
CACitizen
Document
Certificate
SignedDocument
PaymentInsurance
PKI vs PKI 2.0
PKI 2.0
Business Processes
Signature AuthorityCitizen
Document
SignedDocument
PaymentInsurance
Signed Document
PKI 2.0 - summary• PKI 2.0 concept – bussiness model• Signature centric• Various realization models• More at http://www.pki2.eu
Summary• Poland – large market for e-services, and e-
signatures• IMM – public research body in Poland –
http://www.imm.org.pl/ • More on presented new signature technologies:
– Biometric signatures – http://www.biotrustis.pl– Mediated signatures – http://www.podpisosobisty.pl– Forgery evident signatures –http://www.biopki.org.pl/
node/2; http://www.ticons.pl; – PKI 2.0 concept – http://www.pki2.eu
Thank you for your attention
Dziękuję za uwagę
Daniel Wachnik ([email protected])Electronic signature laboratory