NAME-ES 20 novembre 2002 Yves Leroux, David Ankri, Fabrice Scemama - - PDF document

name es
SMART_READER_LITE
LIVE PREVIEW

NAME-ES 20 novembre 2002 Yves Leroux, David Ankri, Fabrice Scemama - - PDF document

Apr 09, 2023 367 likes •475 views

STORCK 2002 conference IST project :Smart IS Accompanying Measure NAME-ES 20 novembre 2002 Yves Leroux, David Ankri, Fabrice Scemama SISGEM Agenda Why NAME and NAME-ES ? Different perspectives about signature Cryptographic

slide-1
SLIDE 1

1

STORCK 2002 conference IST project :Smart IS Accompanying Measure

NAME-ES

20 novembre 2002

Yves Leroux, David Ankri, Fabrice Scemama SISGEM

Agenda

  • Why NAME and NAME-ES ?
  • Different perspectives about signature
  • Cryptographic Options
  • Role of Smart card in this environment
  • NAME ES Module Specifications
  • Recommendations for implementation
  • Document presented to various European Bodies
  • Next Challenge
slide-2
SLIDE 2

2

NAME & NAME-ES

  • NAME (Network Authentication Module

for Internet End-users) covers only authentication

  • NAME.ES (Network Authentication

Module for Internet End-users with advanced Electronic Signatures functions) covers both Authentication and Signatures

INTEROPERABLE SOLUTIONS: Public Key Infrastructure(PKI)

Services User Certification Authority Directory

The Global Security Standard for IP Networks

Name digital certificate

slide-3
SLIDE 3

3

SMART IS NAME ES :

  • USER ID
  • X509 V3 certificate
  • Issuer

REFERENCE

  • KS and others
  • Add. Functions

ES,

  • Options , ...

Table extracted from WG3 Report : Requirements of terminal manufacturers and convergence model for multi-platform access to services

Authentication and signature requirements

slide-4
SLIDE 4

4

Different perspectives about signature

  • Business

– How will the electronic signature be unique to the individual? – How will the electronic signature be reliably verified? – How will the electronic document retain integrity over its life cycle to detect alteration from the original intent of the signer?

Four different perspectives:

Different perspectives about signature

  • Legal

– Minimalist Approach

  • US Electronic Signatures in Global and

National Commerce Act ("E-SIGN")

– Prescriptive Approach

  • Germany, Malaysia, Argentina

– “Two-tier” Approach

  • EU Digital Signatures Directive
slide-5
SLIDE 5

5

Different perspectives about signature

  • Functional

– Signatures as Identification – Signatures as Authentication – Signatures as declaration of knowledge – Signatures as declaration of will

Different perspectives about signature

  • Technical
slide-6
SLIDE 6

6

Cryptographic Options

  • Signature Scheme

– Conventional – Special

  • One-time digital signature
  • Arbitrated signature
  • Blind Signature
  • Infrastructures

– Public Key Infrastructure

  • Repartition of the different functions needed

– Web of Trust – Secret Key Infrastructure

Role of Smart card in this environment

  • Current proposed functions splits in the

EESSI

– CEN/ISSS CWA 14169 and 14170 – CEN/ISSS WS/E-Sign N 0195 – ETSI -ESI WG

  • Others proposed functions splits

– Identrus – WIM – EID – EMV

slide-7
SLIDE 7

7

NAME ES Module Specifications

  • The signature Schema used will be PKCS #1,11 ,

15 , compliant with a Public Key Infrastructure. Consequently, the NAME-ES module must be able to handle X509 certificates.

  • Document hashing inside the module seems to be

currently highly time consuming consequently, we have decided to put it optional .

  • In order to avoid legal discussion and potential

usage restrictions, document Encryption/decryption inside the module has been put optional.

NAME ES Module Specifications

  • As proposed in TB1 proposal V 0.14

“requirements for a EID Card”, the NAME-ES module shall contain at least two separate keys and certificates, where one key pair is used for authentication and encryption , and a second separate key pair for the qualified electronic signature (non repudiation). However, a three key pair EID-card is also perfectly valid, and complying applications shall be able to handle such cards.

  • For security reason, RSA Key pair generation

inside the module has been put mandatory

slide-8
SLIDE 8

8

Services using electronic signature

PKCS PKCS RSA RSA

Standards PKI products

CA system Server side PKI Client side PKI SSL SSL S/MIME S/MIME SEIS SEIS X.509 X.509 LDAP LDAP SET SET

Applications

Internet banking/I-Commerce, workflow Extranet /intranet, VPN, remote access, Single Sign On Banks and financial institutions Government Telecom Large Enterprises Secure email & file encryption with standard email products

Users

Secure A ID ES functions: “kernel cardlet” NAME -ES

Next Challenge

The challenge with smart card issuance is not only in countering public concerns about security and

  • privacy. Smart cards will take hold, and these

concerns will be alleviated, only if there is sufficient incentive for people to use the cards: >AUTHENTICATION and E- SIGN/NAME ES FOR CITIZEN & ENTERPRISES EGOVERNMENT APPLICATIONS

slide-9
SLIDE 9

9 SERVICES C to G : forms on line , tele-declarations ,e-services

CITIZEN home/ PC

Sécurité E-mail

Internet

Site Web / Taxes Office

FILESECURITY

Computing Center Taxes Office FORMS INCOMES DECL. INCOMES DECLARATION

KEY MANAGEMENT

Thank you

Name-ES Document is available at

http://www.smartis.org/minutes/pdf/NAME-ES_V01-20-06-02.pdf

For more details,suggestions and contributions to this document, feel free to contact:

David ANKRI dankri@smartismarketing.com Fabrice SCEMAMA fscemama@smartismarketing.com

NEXT END USERS CONFERENCE 6 NOV CARTES 2002