tdl meeting 7-8 april 2014 //vienna
Post on 05-Jan-2016
37 Views
Preview:
DESCRIPTION
TRANSCRIPT
TDL Meeting7-8 April 2014 //Vienna
Sprint Proposal
The key of a legal on line signature:
The inseparable link between
e-Authentication, e-Signature and e-
Validation
Description of innovation
Certiway’s Ecosystem
Introduction of assurance levels in real time transactions
Real-time contractualisation of each bilateral relationship and provision of legal claim
Validation platform, CERTIWAY, to guarantee end-to-end trust: revocation list management, data domiciliation & data consolidation, accountability between all service providers, recovery, resilience (ISO 27006 and 27035), interoperability
Description of innovationCertiway’s Ecosystem
Description of a use case of new trust services and e-ID regulation (eIDAS) for cross border digital signature, applicable for handling real time processing of mass transactions.
Use Case including:
- a strong e-Authentication TDL Microsoft
- a qualified electronic signature creation device TrustSeed
- a validation of qualified electronic signatures CertiWay
- Legal evidence and privacy’s protection CertiWay
The urgent needs of Businesses and Users
• New control technologies for digital identities – e-authentication– Establishing trust frameworks and increasing the interoperability of
trust services– New design principles for easy and cheap deployment of complex
architectures, e.g. architecture serving complex identity infrastructures
• New solutions digital signature, easy, cheap and legal– Easy to use, easy to deploy– Insurance levels for guarantees
The urgent needs of Businesses and Users
– Compliant with upcoming European Regulations :
REGULATION on electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation)
REGULATION on the protection of individuals with regard to the processing of personal data and on the free movement of such data
(General Data Protection Regulation)
DIRECTIVE concerning measures to ensure a high common level of network and information security across the Union (NIS Directive)
Benefits
• The innovation linking in real time… : From a basic to a high eID security level Strong authentication Bilateral contracts e-Signature and their validation Validation (authentication, signature and delivery) Control of the document to sign : its integrity and these mandatory data Respect of the privacy Assurance levels
… is the only way to be compliant with the three upcoming European Regulations.
This innovation makes your business get a head start.
Benefits
In the meantime, the innovation allows : - an effective protection of the data of citizens and of businesses
“PRIVACY BY DESIGN”
- only the electronic exchanges previously agreed “ACCOUNTABILITY” & “TRACEABILITY”
- Focus on your core business and entrust liability to the qualified trust service Providers
“ENTRUST LIABILTY”
- as a consequence: the drastic reduction of fraud and the capability to save money
“STRUGGLE AGAINST CYBER CRIME”
Use Case: 1.
Joining TDL
Sign legally online the TDL membership agreement
TDL Membership
Prospective member applies for
membership
Written application send to the TDL office
Board of Directors approves applications
Member accepts articles of Association
&Rules and Policies
Application form contains:– Signature– Contact details and billing
information– Adherence to Articles of
Association – Adherence to rules & policies
Weakness in process!1. No control if the signature is from
an authorised representative2. No bilateral signature3. No version management of signed
AoA & Rules and Policy connected to the signature
2.
By signing online
in compliance to the upcoming regulations
Stored in the cloud:• Applicant Company Z• Agreement version .X• Rules & Policies version .Y
Authorised to access TDL office 365 Agreements
Signature of agreementby applicant
Signature of agreement by TDL Board of Directors
Storage of sealed legal proof documents
Electronic agreements Probative value Proof of exchange Attribute for invoicing Attribute for access 365 Proof of acceptance Legal archiving (WORM)
E-authentication platform
E-signature platform
Validationplatform TDL office 365
General flowchart of the processes
TDL countersigns agreement without membership fee
PenSeal Signature and Verification
Service
Validation Service Provider
Contract deposit
Signature Proof Creation
Contract Signed + Proofs deposit for archiving Proofs Transfer request
Contract Signature information for TDL Board
Authentication + Signature Request
TDL BoardTDL Entreprise Application Portal
Service Invocation of Electronic Signature
Prospective memberMS Azure Sharepoint
PIN Entry
Strong Authentication Activation
Strong Authentication – Phase 1
PIN CheckApproved
Contract Signature Notification for prospective member
Contract Sign
Strong Authentication – Phase 2
contract is shown to TDL Board
Signature validation and hash creation
Signature validation approved notification
Request for reviewing contract
Receipt Proof Creation
Validation Request
Validation Request
Step 3
Step 4
Use case overview
• Immediate Perspective
In our solution, we use the Microsoft claim system completed by the TDL
check of the supporting documents uploading by the Prospective Member.
• Tomorrow Perspective
There will be different attribute providers that will be in charge to attest
the authorized signees of companies .
Feedback on the sprint
What have been done so far: Researched the interface between the Microsoft e-Authentication
platform
Researched the interface with TDL office 365
Worked out the workflow
… and What needs to be done: Implementation of a use case in TDL community
Costs estimation for the Sprint
Total budget for the sprint: € 81.000 Requested budget: €25.000Method of cost estimation: 3 persons x (nb man days) x (500€)
Already executed: approx. 8 man days = 12k euros• Conceptual design and technical feasibility check• Use case description• Research aspects of relying party (TDL contracting)• Preliminary workflows
Needed to finalize the sprint (refer to slide 18 with details)• Analysis (legal functional): 10 man days• Design phase : 10 man days• Implementation phase : 16 man days• Dissemination of results (public paper): 10 man days• Costs for availability technical platform: 6.000,-• Costs for travel and unforeseen: 4k€
Use Case – Implementation view
TDL membership agreement signing
Use Case – Implementation view
Signing the TDL membership agreement
TDL Sprint requirements
• Design phase :– Detailed storyboard and technical details– Review of existing components and apps– Technical specification– Prototyping API’sValidation for implementation phase
• Implementation phase :– TDL uses OFFICE SHAREPOINT 2013 on 365: need technical description of
document formats, web application– UIA Authentication service: need technical description of service– Access to a TDL test environment: office365 and E-authentication (test
bed)– WSDL and service point addresses of existing web services
Contribution to the
TDL ATTPS Testbed & TDL innovation lines
• Trusted stack– Trust framework architecture providing e-commerce middleware to guarantee probative
value of any ”interchange” transaction and payment delivery.– Trust service provides an claim to prove validity of audit (level and duration)
• Data life cycle management– Revolving probative value to extend the life cycle of the digital signature. (also part of
regulation)– Legal archiving of signatures & documents in the cloud and proof of exchange (transparency).– Management of transaction recovery (traceability of the transaction)
• Service integrity– Guarantees the integrity of the documents
• ATTPS TESTBED– Other relyping parties and attribute providers can keep autohorized signees of companies.
top related