blockchain based pki reassigning roles? - eema · pki is a set of roles, policies, and procedures...
TRANSCRIPT
Blockchain based PKI reassigning roles?
Robert [email protected]
Trust Service Provides& EU Trusted Lists
• The eIDAS Regulation – on electronic identification and trust services for electronic transactions in the internal market
defines among others:– trust services and their operation by providers– operation of trusted lists
• ESTI TS 119 612
refers to many standards:– ISO, IETF, ESTI, CEN…
• The eIDAS Regulation – on electronic identification and trust services for electronic transactions in the internal market
defines among others:– trust services and their operation by providers– operation of trusted lists
• ESTI TS 119 612
refers to many standards:– ISO, IETF, ESTI, CEN…
EU Trusted Lists structure
Interoperability & sustainabilityare the main issue
EU Distributed Ledger of TSP
Trust by design is the main asset
PKI is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates
and manage public-key encryption.
PKI is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates
and manage public-key encryption.
Impact on the Public Key Infrastructure
• Digital Certificate is a set of attestedmetadata used to prove the possession ofthe public key
• The Digital Certificate contains:– Public key– (personal) information
• How does it respect the General Data ProtectionRegulation?
– Signature of its issuer• The certification chain must be checked
• Digital Certificate is a set of attestedmetadata used to prove the possession ofthe public key
• The Digital Certificate contains:– Public key– (personal) information
• How does it respect the General Data ProtectionRegulation?
– Signature of its issuer• The certification chain must be checked
Digital Certificate
Blockchain oriented Certificate
• The revocation status of the certificate is encoded on the blockchain
• User can manage his attributes and revocation
The new approach remains consistent with the old one
• The revocation status of the certificate is encoded on the blockchain
• User can manage his attributes and revocation
The new approach remains consistent with the old one
Blockchain riented Certificate
REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCILof 23 July 2014
on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC
27)This Regulation should be technology-neutral. The legal effects it grants should be achievable by any technical means provided that the requirements of this Regulation are met.
ANNEX IREQUIREMENTS FOR QUALIFIED CERTIFICATES FOR ELECTRONIC SIGNATURES
Qualified certificates for electronic signatures shall contain:…(g) the advanced electronic signature or advanced electronic seal of the issuing qualified trust service provider;
REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCILof 23 July 2014
on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC
27)This Regulation should be technology-neutral. The legal effects it grants should be achievable by any technical means provided that the requirements of this Regulation are met.
ANNEX IREQUIREMENTS FOR QUALIFIED CERTIFICATES FOR ELECTRONIC SIGNATURES
Qualified certificates for electronic signatures shall contain:…(g) the advanced electronic signature or advanced electronic seal of the issuing qualified trust service provider;
eIDAS – to technic
Impact on the identity management
• The user manages his identity and his authentication means
Blockchain is a simple, effective and secure solution:
A new protocol should be defined to allow identity and authorization
management
• The user manages his identity and his authentication means
Blockchain is a simple, effective and secure solution:
A new protocol should be defined to allow identity and authorization
management
Impact on the identity management
• Shared identity, attributs/claims management
• TSP/CA should become a validation node
• Governance rules must be defined
• Identity transfer to blockchain addresses
• New electronic signature schema
• Long term preservation by design
• Private key management
• Smart contract validation
• Enforcement of court decision
• Shared identity, attributs/claims management
• TSP/CA should become a validation node
• Governance rules must be defined
• Identity transfer to blockchain addresses
• New electronic signature schema
• Long term preservation by design
• Private key management
• Smart contract validation
• Enforcement of court decision
Impact on the Cetification Authorities
Questions...