docDigital Stamps of Companies
download 
Report Transcription
Digital Stamps of Companies
Estonia: 10 Years and 100 Million Digital Signatures Later – From National Standards to International Standards and Co-operation Tarvi Martens SK, Estonia Past 10 years in Estonia First ID-card issued: January 2002 First public digital signing ceremony: October 2002 ID-card rollout completed: October 2006 100 Million signatures created: Christmas 2012 How come? Introduction of Common Digital Signature System featuring long-term validity Making it free for end users The Result Digital signatures is part of everyday’s life: − Common Signature System is used in all sectors − People share understanding of “what is digitally signed file” Around 3 Million signatures created per month − 350 000 active users out of 1.1 Million − 62% created in financial sector, 15% in public services − 85% web-based signing, 15% desktop-based Importance of common file format Digital signatures cannot be converted − Changes in signed content result in invalid signature DDOC – common format in Estonia − Profile of XAdES – “XML Advanced Electronic Signatures” – ETSI TS 101903 − Proprietary XML packaging DDOC file format Original files Signature Validity confirmation Certificate of signer Certificate of responder 2007 Raise of Baltic WPKI Forum Who and What ? BANKS: − LT: Hansabankas, SEB Vilniaus bankas − LV: Hansabanka, SEB Unibanka − EE: Hansapank, SEB Eesti Ühispank Bank A Mobile operator A TELCO: − LT: Omnitel − LV: LMT − EE: EMT Bank B Mobile operator B Certification Authorities: − LV: Latvijas Pasts − EE: SK Bank C Mobile operator C EDOC vs DDOC BDOC! XAdES-T-C XAdES-X-L OOXML packaging (ZIP) Proprietary XML Packaging (XML) XAdES-X-L OpenPackaging convention (ZIP) What happened next Estonia adapted BDOC as national standard − Implementation still withheld Latvijas Pasts ceased CA operations to LVRTC − EDOC still in wide use, BDOC not addressed Lithuanian National Archive introduced ADOC! Metadata XAdES-* OpenPackaging convention (ZIP) Meanwhile in Europe... Internal Market Directive §8 – „ya shall get your business done electronically“ − MS trust lists − Quest for a common eSignature standard ETSI TS 102 918 – Associated Signature Containers (ASiC) ETSI TS 103 174 – ASiC Baseline Profile − OpenPackaging Conventions ETSI TS 103 171 – XAdES Baseline Profile XAdES vs BP vs BDOC BDOC BESEPES T C P BP X L Conclusions BDOC is 98% compatilble with ETSI latest standards − BDOC 2.0 will be derived to fully comply There should be no need to develop and keep national standards − ETSI BP standards satisfy all common requirements − Optional elements (like metadata) are always welcome Reference implementations will be provided − Aarhs (LU) DSS facilitated by EC − DigiDoc BDOC Thank You! [email protected]
