new opportunities for trust services in eu #eidas
DESCRIPTION
New eIDAS regulation opens discussion about Trust ServicesTRANSCRIPT
New opportunities for Trust Services in EU
Michał Tabor, CISSP
Expert of PIIT in the identification, authentication and electronic signature
05.06.2014 © 2014, PIIT & TICons
1
05.06.2014 © 2014, PIIT & TICons
2
Electronic identification and trust services for electronic transactions in the internal market
European Parliament legislative resolution of 3 April 2014 on the proposal for a regulation of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market (COM(2012)0238 – C7-0133/2012 – 2012/0146(COD))
eIDAS means
05.06.2014 © 2014, PIIT & TICons
3
electronic identification
electronic signature
electronic seal
trust service electronic time
stamp
electronic registered delivery
service
qualified certificate for
website authentication
eIDAS Services
05.06.2014 © 2014, PIIT & TICons
4
electronic identification
electronic signature
• Creation
• Verification
• Validation
• Certificate services
electronic seal
• Creation
• Verification
• Validation
• Certificate services
trust service
electronic time stamp
• Creation
• Verification
• Validation
• Certificate services
electronic registered delivery service
qualified certificate for website authentication
• Creation
• Verification
• Validation
Trust Service definition
(16) 'trust service' means an electronic service normally provided for remuneration which consists in:
a) the creation, verification, and validation of electronic signatures, electronic seals or electronic time stamps, electronic registered delivery services and certificates related to these services or
b) the creation, verification and validation of certificates for website authentication or
c) the preservation of electronic signatures, seals or certificates related to these services;'
05.06.2014 © 2014, PIIT & TICons
5
#eIDAS Trust Service
Trust Service
creation
certification
verification validation
preservation
delivery
05.06.2014 © 2014, PIIT & TICons
6
provided for remuneration
Defining trust services
• (25) Member States should remain free to define other types of trust services in addition to those making part of the closed list of trust services provided for in this Regulation, for the purpose of recognition at national level as qualified trust services
05.06.2014 © 2014, PIIT & TICons
7
#eIDAS Trust Service
Trust Service
creation
certification
verification
validation
preservation
delivery
combination of trust servies
05.06.2014 © 2014, PIIT & TICons
8
provided for remuneration
Business process
Securing transactions
Employee - consultant
Employer
Need of contract
Trustworthy contract Trust Service
Cloud of Trust
Evidence
Risk mitigation
User Commitment
Verification Authorization Confirmation
User Authentication
eSignature
Trust
Security
Workflows User needs
Cloud of Trust
Evidence
Risk mitigation
User Commitment
Verification Authorization Confirmation
User Authentication
eSignature
Trust
Security
Workflows User needs
TRUST SERVICE
WORKFLOW
SIGNATURE SERVICE
TRUSTED REPOSITORY
CONTROLS SERVICE
ATTRIBUTE SERVICES
CERTIFICATE AUTHORITY
Trust service
05.06.2014 © 2014, PIIT & TICons
12
WORKFLOW
creation
certification
verification
validation
preservation
delivery
Identification
Authentication
Authorization
Atributes
Information
PROOF OF TRUST
SEAL
05.06.2014 © 2014, PIIT & TICons
13
certification
verification
validation
preservation
delivery
EVIDENCE
EVIDENCE
EVIDENCE
EVIDENCE
EVIDENCE
EVIDENCE
EVIDENCE
WORKFLOW
creation
Trust service Evidence gathering
TRUST SERVICES
05.06.2014 © 2014, PIIT & TICons
14
Trust Service (Example 1)
05.06.2014 © 2014, PIIT & TICons
15
Identification
Authentication
Authorization
Attributes
Information
DOCUMENT
Sign
Signature on demand
Identification
Authentication
Attributes
• Time
• External confirmations Signed document
05.06.2014 © 2014, PIIT & TICons
16
Bank account
Cell phone
Corporate systems
Insurance …
WORKFLOW
creation
certification
verification
validation
preservation
delivery
Trust Service (Example 2)
05.06.2014 © 2014, PIIT & TICons
17
Signature
Signature
Time
Confirmation
DOCUMENT
Sign
SYNCRONIZED DOCUMENT DELIVERY
EVIDENCE of
synchronization
SEAL
Synchronised signature
Document Synchronization Dissemination
05.06.2014 © 2014, PIIT & TICons
18
Signatory A
Signatory B
WORKFLOW
creation
certification
verification
validation
preservation
delivery
Trust Service (Example 3)
05.06.2014 © 2014, PIIT & TICons
19
Signature
Signature
Time
Authorization
DOCUMENT
Sign
Contract versions exchange
EVIDENCE
SEAL
Business contracts trust service
05.06.2014 © 2014, PIIT & TICons
20
DOCUMENT
Sign
Final contract version
EVIDENCE
SEAL
Contract version…
Contract version…
Contract version…
Contract version…
WORKFLOW
creation
certification
verification
validation
preservation
delivery
Trust Service (Example 4)
05.06.2014 © 2014, PIIT & TICons
21
Signature
Document
Time
Identification
DOCUMENT
Sign
VISUALIZATION
SEAL
Smart Paper
05.06.2014 © 2014, PIIT & TICons
22
DOCUMENT
Sign
VISUALIZATION
SEAL
WORKFLOW
creation
certification
verification
validation
preservation
delivery REPOSITORY Preservation
Delivery
Trust Service (Example 5)
05.06.2014 © 2014, PIIT & TICons
23
Time
Trust coffee
05.06.2014 © 2014, PIIT & TICons
24
Trust coffee
05.06.2014 © 2014, PIIT & TICons
25
Trust Services
Time and money saving services - Transactions services
26
Q&A
Michał Tabor
Trusted Information Consulting Ltd.
www.ticons.pl
Twitter: @michal_tabor
05.06.2014 © 2014, PIIT & TICons
Trusted Information Consulting Ltd. is the member of Polish Chamber of Information Technology and Telecommunications