New opportunities for Trust Services in EU

Michał Tabor, CISSP

Expert of PIIT in the identification, authentication and electronic signature

05.06.2014 © 2014, PIIT & TICons

1

05.06.2014 © 2014, PIIT & TICons

2

Electronic identification and trust services for electronic transactions in the internal market

European Parliament legislative resolution of 3 April 2014 on the proposal for a regulation of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market (COM(2012)0238 – C7-0133/2012 – 2012/0146(COD))

eIDAS means

05.06.2014 © 2014, PIIT & TICons

3

electronic identification

electronic signature

electronic seal

trust service electronic time

stamp

electronic registered delivery

service

qualified certificate for

website authentication

eIDAS Services

05.06.2014 © 2014, PIIT & TICons

4

electronic identification

electronic signature

• Creation

• Verification

• Validation

• Certificate services

electronic seal

• Creation

• Verification

• Validation

• Certificate services

trust service

electronic time stamp

• Creation

• Verification

• Validation

• Certificate services

electronic registered delivery service

qualified certificate for website authentication

• Creation

• Verification

• Validation

Trust Service definition

(16) 'trust service' means an electronic service normally provided for remuneration which consists in:

a) the creation, verification, and validation of electronic signatures, electronic seals or electronic time stamps, electronic registered delivery services and certificates related to these services or

b) the creation, verification and validation of certificates for website authentication or

c) the preservation of electronic signatures, seals or certificates related to these services;'

05.06.2014 © 2014, PIIT & TICons

5

#eIDAS Trust Service

Trust Service

creation

certification

verification validation

preservation

delivery

05.06.2014 © 2014, PIIT & TICons

6

provided for remuneration

Defining trust services

• (25) Member States should remain free to define other types of trust services in addition to those making part of the closed list of trust services provided for in this Regulation, for the purpose of recognition at national level as qualified trust services

05.06.2014 © 2014, PIIT & TICons

7

#eIDAS Trust Service

Trust Service

creation

certification

verification

validation

preservation

delivery

combination of trust servies

05.06.2014 © 2014, PIIT & TICons

8

provided for remuneration

Business process

Securing transactions

Employee - consultant

Employer

Need of contract

Trustworthy contract Trust Service

Cloud of Trust

Evidence

Risk mitigation

User Commitment

Verification Authorization Confirmation

User Authentication

eSignature

Trust

Security

Workflows User needs

Cloud of Trust

Evidence

Risk mitigation

User Commitment

Verification Authorization Confirmation

User Authentication

eSignature

Trust

Security

Workflows User needs

TRUST SERVICE

WORKFLOW

SIGNATURE SERVICE

TRUSTED REPOSITORY

CONTROLS SERVICE

ATTRIBUTE SERVICES

CERTIFICATE AUTHORITY

Trust service

05.06.2014 © 2014, PIIT & TICons

12

WORKFLOW

creation

certification

verification

validation

preservation

delivery

Identification

Authentication

Authorization

Atributes

Information

PROOF OF TRUST

SEAL

05.06.2014 © 2014, PIIT & TICons

13

certification

verification

validation

preservation

delivery

EVIDENCE

EVIDENCE

EVIDENCE

EVIDENCE

EVIDENCE

EVIDENCE

EVIDENCE

WORKFLOW

creation

Trust service Evidence gathering

TRUST SERVICES

05.06.2014 © 2014, PIIT & TICons

14

Trust Service (Example 1)

05.06.2014 © 2014, PIIT & TICons

15

Identification

Authentication

Authorization

Attributes

Information

DOCUMENT

Sign

Signature on demand

Identification

Authentication

Attributes

• Time

• External confirmations Signed document

05.06.2014 © 2014, PIIT & TICons

16

Bank account

Cell phone

Corporate systems

Insurance …

WORKFLOW

creation

certification

verification

validation

preservation

delivery

Trust Service (Example 2)

05.06.2014 © 2014, PIIT & TICons

17

Signature

Signature

Time

Confirmation

DOCUMENT

Sign

SYNCRONIZED DOCUMENT DELIVERY

EVIDENCE of

synchronization

SEAL

Synchronised signature

Document Synchronization Dissemination

05.06.2014 © 2014, PIIT & TICons

18

Signatory A

Signatory B

WORKFLOW

creation

certification

verification

validation

preservation

delivery

Trust Service (Example 3)

05.06.2014 © 2014, PIIT & TICons

19

Signature

Signature

Time

Authorization

DOCUMENT

Sign

Contract versions exchange

EVIDENCE

SEAL

Business contracts trust service

05.06.2014 © 2014, PIIT & TICons

20

DOCUMENT

Sign

Final contract version

EVIDENCE

SEAL

Contract version…

Contract version…

Contract version…

Contract version…

WORKFLOW

creation

certification

verification

validation

preservation

delivery

Trust Service (Example 4)

05.06.2014 © 2014, PIIT & TICons

21

Signature

Document

Time

Identification

DOCUMENT

Sign

VISUALIZATION

SEAL

Smart Paper

05.06.2014 © 2014, PIIT & TICons

22

DOCUMENT

Sign

VISUALIZATION

SEAL

WORKFLOW

creation

certification

verification

validation

preservation

delivery REPOSITORY Preservation

Delivery

Trust Service (Example 5)

05.06.2014 © 2014, PIIT & TICons

23

Time

Trust coffee

05.06.2014 © 2014, PIIT & TICons

24

Trust coffee

05.06.2014 © 2014, PIIT & TICons

25

Trust Services

Time and money saving services - Transactions services

26

Q&A

Michał Tabor

Trusted Information Consulting Ltd.

michal.tabor@ticons.pl

www.ticons.pl

Twitter: @michal_tabor

05.06.2014 © 2014, PIIT & TICons

Trusted Information Consulting Ltd. is the member of Polish Chamber of Information Technology and Telecommunications