Public Key Directory: What is the PKD and How to Make Best Use of It

Size: px
Start display at page:

Download "Public Key Directory: What is the PKD and How to Make Best Use of It"

Transcription

1 Public Key Directory: What is the PKD and How to Make Best Use of It Christiane DerMarkar ICAO Programme Officer Public Key Directory ICAO TRIP: Building Trust in Travel Document Security 19/10/2015 Footer 1

2 PKD and TRIP Strategy For the efficient and secure reading and verification of MRTDs, including the use of PKD 2

3 MRP Connection between PKD and epassports epassport Machine Readable Passport (MRP) CHIP RFID IMAGE FACE Logical Data Structure (LDS) PKI DIGITAL SIGNATURE Public Key Directory (PKD) 3

4 What is the PKD & What does it do? A central storage location, highly secure where States and other entities can input and retrieve the security information to validate the electronic information on the passport. It allows Border control authorities to confirm that the epassport: Was issued by the right authority Has not been altered Is not a copy or cloned document 4

5 The Role of The PKD Minimizing the volume of certificate exchange: Document Signer Certificates (DSCs) Certificate Revocation Lists (CRLs) Country Signing Certificate Authority (CSCA) Master List Ensuring timely uploads Managing adherence to technical standards Facilitating the validation process 5

6 Central Broker Distribution of Certificates and CRLs via bilateral Exchange via ICAO PKD Conformity validated certificates Country A Country B Country A Country B Country H Country C Country H ICAO PKD Country C Country G Country D Country G Country D Country F Country E Country F Country E This example shows 8 States/non-States requiring 56 bilateral exchanges (left ) or 2 exchanges with the PKD (right) to be up to date with DSCs and CRLs. In case of 191 ICAO States 36,290 bilateral exchanges would be necessary while there are still 2 exchanges with the PKD. This example shows 8 states requiring 56 bilateral exchanges (left) or 2 exchanges with the PKD (right) to be up to date with certificates and CRLs. In case of 188 ICAO States 35,156 bilateral exchanges would be necessary while there are still 2 exchanges necessary with the PKD. 6

7 Current Services of the PKD Validated DSCs and CRLs of Participants CSCA Master List List of CSCAs used by Participants Country Signing Certificate Authority (CSCA) Registry Yellow Pages for the Passport Issuance Agency of the Participant A reference for compliance to Doc 9303 for DSCs and CRLs Contains lists on non-compliant certificates 7

8 8 46 Participants New Participant COLOMBIA

9 ANNEX 9: Recommended Practice & The Standards and Recommended Practice of Annex 9 recommend the following: 3.9.1: Contracting States issuing, or intending to issue emrtds should join the ICAO Public Key Directory (PKD) and upload their information to the PKD : Contracting States implementing checks on emrtds at border controls should join the ICAO Public Key Directory (PKD) and use the information available from the PKD to validate emrtds at border controls. 9

10 Some Arguments repeated over and over. It s too expensive Bilateral exchange works good enough It s not necessary DSCs are (mostly) on the chip It s too complicated we must first introduce epassports As of Fee reduction cumbersome, time consuming and possible security risk A DSC on the epassport but not on the PKD could mean a compromised private signing key. & CRLS are only distributed via PKD 1. Participation in the PKD should go hand in hand with introduction of epassports 2. PKD participation is key for setting up any successful epassport based border control. 10

11 Reasons to Participate The need to exchange certificates is the logical step forward from the well known specimen exchange (you must know what you're looking for, when inspecting a travel document). Without the ability of validating the digital signature in a epassport at the border, the travel document must be treated exactly as a simple MRP not an epassport Using the PKD in epassport validation is essential to capitalize on the investment made by States in developing epassports to improve Border Security 11

12 It s not complicated : All you have to do is. Find out who is responsible Check legislation and budget Different organizations in different states (try to make it as simple as possible) Contact ICAO or any PKD Board Member or PKD Participant if you have questions 12

13 Formalities: The steps to join the PKD 1. Deposit a Notice of Participation with the Secretary General of ICAO 2. Deposit a Notice of Registration with the Secretary General of ICAO 3. Effect payment of the Registration Fee and Annual Fee to ICAO a) Registration Fees : US $ 15,900 b) Annual Fees: +/- US $40, Securely submit to ICAO and all Participants, the CSCA certificate 5. Use the PKD : upload/download certificates

14 2016 a year that will bring changes New Fees New Services New service provider 14

15 : Fees reduction A. For new Participants - Registration Fee: US $15,900 B. Annual Fees based on 45 Participants: 1. Operator: US $ 29, ICAO: US $10, Total: US $39,900 C. More Participants = reduction in Operators and ICAO Annual Fees 50 Participants 27, US$ 55 Participants 24, US$ 60 Participants 22, US$ 65 Participants 20, US$ 15

16 New Service ICAO Global Master List A fact: heir full extend Border Agencies need the tools (certificates) necessary, bilateral exchange doesn t meet the requirements One-Stop Shop For epassport Validation K L I + A M B D H PKD G F E C + CSCA + DSCs + + CRLs CSCA = ICAO Master List (new) = currently in the PKD = currently in the PKD 16

17 : New Service Provider Bundesdruckerei - Germany Operations at ICAO HQ Montreal Site BDr Berlin Site MOI UAE, Abu Dhabi 17

18 Technology and Security ICAO HQ Montreal Site A: D-Trust Berlin (Germany) Fully redundant system at each location Outer Firewall Inner Firewall incl. Intrusion Detection & Prevention System High Security VPN Network 1 2 Disaster Scenario: Geo-redundant, TLS encrypted and load-balanced up- and Even certificate with one download based access site completely d download sites own, additional failures at the remaining s ites the system is still fully functional with Trust Center without service interruption Security Level, Min. 99.8% availability Site B: Abu Dhabi Police (UAE) ICAO PKD October

19 ICAO PKD - how does it work? D S New generation of DS certificates in DS issued passports Access to ICAO PKD Service CSCA Official key ceremony by diplomatic means cryptographic check ICAO PKD D S Access to ICAO PKD Service e.g.national PKD system ICAO PKD October D S Border Control

20 ICAO PKD - Advantages for participants Unique chain of trust: Supervision by ICAO as supra-national institution Transparent and reliable processes (initial key ceremony at ICAO HQ) High security and high availability of ICAO PKD system, available end of 2015 Additional advantages: A combination with National PKD systems (npkd) allows for secure and automated distribution of certificates to border control stations nation-wide Live support via phone and ticket system ICAO PKD October

21 Support for ICAO PKD by Veridos/BDr Site A: D-Trust, Berlin (Germany) Site B: MoI, Abu Dhabi (UAE) ICAO HQ Montreal Local Technical support downlaod sites Berlin & Abu Dhabi 46 ICAO PKD Participants Local technical support ICAO HQ Montreal Monthly reports on system usage and performance for ICAO Participant support - Live Phone support - Online Support System - 2h reaction time (Monday- Friday) High Security High Availability min. 99.8% 24/7 ICAO PKD October

22 Schedule & Transition to new ICAO PKD Pilot Testing (AUS, Sweden, UK) Beg. August 2015 Testing period Test Environment New PKD system Bundesdruckerei Current Structure Switch-Over Date Beg. Dec 2015 PKD Pre-Production System Bundesdruckerei (new structure) Current Structure All participants can perform Implementation migration and tests Testing for of 4 month Implementation prior to the and switch-over Testing of day New Structure New Structure The test environment provides identical interface and functions as the production system Testing Current Structure PKD Production System Bundesdruckerei (new structure) Current Structure Step 1: Testing and migration to current structure guarantee business continuity on switch-over day Step 2: Testing and migration to new structure gain more time even until after the switch-over day ICAO PKD October

23 Project Setup involved companies ICAO Customer and ICAO PKD system principal Bundesdruckerei Prime Contractor Bundesdruckerei GmbH D-Trust Abu Dhabi Police GHQ EGSP Veridos IT operations ICAP PKD Housing the ICAO PKD System Site Berlin Local service Berlin Housing the ICAO PKD System - Site Abu Dhabi Local service Abu Dhabi Service Management ICAP PKD System Local service Montreal ICAO PKD October

24 Contact Details Name: Christiane DerMarkar PKD website: 19/10/

Introduction ICAO PKD

Introduction ICAO PKD Introduction ICAO PKD Higher Travel Security Dr. Hermann Sterzinger Veridos COO October 2015 Border control with epassports Certificates exchanged: CSCA Certificates Document Signer Certificates Certificate

More information

Deputy Chief Executive Netrust Pte Ltd

Deputy Chief Executive Netrust Pte Ltd ICAO Public Key Directory R Rajeshkumar R Rajeshkumar Deputy Chief Executive Netrust Pte Ltd The trust imperative E-Passports are issued by entities that assert trust Trust depends on the requirements

More information

PKD Board ICAO PKD unclassified B-Tec/37. Procedures for the ICAO Public Key Directory

PKD Board ICAO PKD unclassified B-Tec/37. Procedures for the ICAO Public Key Directory Procedures for the ICAO Public Key Directory last modification final 1/13 SECTION 1 INTRODUCTION 1.1 As part of the MRTD initiative by ICAO, the Participants will upload to and download from the PKD, their

More information

Electronic machine-readable travel documents (emrtds) The importance of digital certificates

Electronic machine-readable travel documents (emrtds) The importance of digital certificates Electronic machine-readable travel documents (emrtds) The importance of digital certificates Superior security Electronic machine-readable travel documents (emrtds) are well-known for their good security.

More information

PKD Board ICAO PKD unclassified B-Tec/36. Regulations for the ICAO Public Key Directory

PKD Board ICAO PKD unclassified B-Tec/36. Regulations for the ICAO Public Key Directory Regulations for the ICAO Public Key Directory last modification final 1/8 SECTION 1 AUTHORITY These Regulations are issued by ICAO on the basis of Paragraph 3 b) of the Memorandum of Understanding (MoU)

More information

Case Studies. National Identity Management Commission (NIMC), Nigeria eid Consulting for national ID system

Case Studies. National Identity Management Commission (NIMC), Nigeria eid Consulting for national ID system Case Studies National Identity Management Commission (NIMC), Nigeria eid Consulting for national ID system Royal Oman Police (ROP) of the Sultanate of Oman eid Consulting for e-passport system Federal

More information

Establishing and Managing the Schengen Masterlist of CSCAs

Establishing and Managing the Schengen Masterlist of CSCAs Establishing and Managing the Schengen Masterlist of CSCAs Big City 21/04/2015 European Commission Directorate-General HOME Unit B3 Information Systems for Borders and Security Richard.Rinkens@ec.europa.eu

More information

Security by Politics - Why it will never work. Lukas Grunwald DN-Systems GmbH Germany DefCon 15 Las Vegas USA

Security by Politics - Why it will never work. Lukas Grunwald DN-Systems GmbH Germany DefCon 15 Las Vegas USA Security by Politics - Why it will never work Lukas Grunwald DN-Systems GmbH Germany DefCon 15 Las Vegas USA Agenda Motivation Some basics Brief overview epassport (MRTD) Why cloning? How to attack the

More information

TECHNICAL ADVISORY GROUP ON MACHINE READABLE TRAVEL DOCUMENTS (TAG/MRTD)

TECHNICAL ADVISORY GROUP ON MACHINE READABLE TRAVEL DOCUMENTS (TAG/MRTD) International Civil Aviation Organization WORKING PAPER TAG/MRTD/22-WP/24 16/04/14 English only Revised No 1. 06/05/14 Revised No. 2 13/05/14 TECHNICAL ADVISORY GROUP ON MACHINE READABLE TRAVEL DOCUMENTS

More information

Operational and Technical security of Electronic Passports

Operational and Technical security of Electronic Passports European Agency for the Management of Operational Cooperation at the External Borders of the Member States of the European Union Operational and Technical security of Electronic Passports Warsaw, Legal

More information

Sub- Regional Workshop and Consulta;ons on Capacity- Building in Travel Document Security: Colombia, 2013

Sub- Regional Workshop and Consulta;ons on Capacity- Building in Travel Document Security: Colombia, 2013 Sub- Regional Workshop and Consulta;ons on Capacity- Building in Travel Document Security: Colombia, 2013 Carlos Gómez Head of R&D and Innova.on, FNMT- RCM, Spain ICAO TRIP: Building Trust in Travel Document

More information

Implementation of biometrics, issues to be solved

Implementation of biometrics, issues to be solved ICAO 9th Symposium and Exhibition on MRTDs, Biometrics and Border Security, 22-24 October 2013 Implementation of biometrics, issues to be solved Eugenijus Liubenka, Chairman of the Frontiers / False Documents

More information

COMMON CERTIFICATE POLICY FOR THE EXTENDED ACCESS CONTROL INFRASTRUCTURE FOR PASSPORTS AND TRAVEL DOCUMENTS ISSUED BY EU MEMBER STATES

COMMON CERTIFICATE POLICY FOR THE EXTENDED ACCESS CONTROL INFRASTRUCTURE FOR PASSPORTS AND TRAVEL DOCUMENTS ISSUED BY EU MEMBER STATES COMMON CERTIFICATE POLICY FOR THE EXTENDED ACCESS CONTROL INFRASTRUCTURE FOR PASSPORTS AND TRAVEL DOCUMENTS ISSUED BY EU MEMBER STATES BSI TR-03139 Version 2.1 27 May 2013 Foreword The present document

More information

Best Solutions for Biometrics and eid

Best Solutions for Biometrics and eid Best Solutions for Biometrics and eid In times of virtual communication even a person s identity is converted into an electronic form with the help of biometrics and then organised through intricate technical

More information

MACHINE READABLE TRAVEL DOCUMENTS

MACHINE READABLE TRAVEL DOCUMENTS MACHINE READABLE TRAVEL DOCUMENTS (Logo) TECHNICAL REPORT PKI for Machine Readable Travel Documents offering ICC Read-Only Access Version - 1.1 Date - October 01, 2004 Published by authority of the Secretary

More information

International Civil Aviation Organization ASSEMBLY 38TH SESSION EXECUTIVE COMMITTEE

International Civil Aviation Organization ASSEMBLY 38TH SESSION EXECUTIVE COMMITTEE A38-WP/11 17/05/13 International Civil Aviation Organization WORKING PAPER ASSEMBLY 38TH SESSION EXECUTIVE COMMITTEE Agenda Item 16: Facilitation and Machine Readable Travel Documents PROPOSAL FOR AN ICAO

More information

Preventing fraud in epassports and eids

Preventing fraud in epassports and eids Preventing fraud in epassports and eids Security protocols for today and tomorrow by Markus Mösenbacher, NXP Machine-readable passports have been a reality since the 1980s, but it wasn't until after 2001,

More information

Biometrics for Public Sector Applications

Biometrics for Public Sector Applications Technical Guideline TR-03121-2 Biometrics for Public Sector Applications Part 2: Software Architecture and Application Profiles Version 2.3 Bundesamt für Sicherheit in der Informationstechnik Postfach

More information

FAQs Electronic residence permit

FAQs Electronic residence permit FAQs Electronic residence permit General 1) When was the electronic residence permit introduced? Since 1 September 2011, foreigners in Germany have been issued with the new electronic residence permit

More information

PERSONALIZATION AS A KEY PROCESS IN ELECTRONIC ID DOCUMENT ISSUING PROGRAMS

PERSONALIZATION AS A KEY PROCESS IN ELECTRONIC ID DOCUMENT ISSUING PROGRAMS PERSONALIZATION AS A KEY PROCESS IN ELECTRONIC ID DOCUMENT ISSUING PROGRAMS Alexander Popov, X INFOTECH Presentation Title cv cryptovision GmbH T: +49 (0) 209.167-24 50 F: +49 (0) 209.167-24 61 info(at)cryptovision.com

More information

eidas as blueprint for future eid projects cryptovision mindshare 2015 HJP Consulting Holger Funke

eidas as blueprint for future eid projects cryptovision mindshare 2015 HJP Consulting Holger Funke eidas as blueprint for future eid projects cryptovision mindshare 2015 HJP Consulting Holger Funke Agenda eidas Regulation TR-03110 V2.20 German ID card POSeIDAS Summary cryptovision mindshare 2015: eidas

More information

PRIME IDENTITY MANAGEMENT CORE

PRIME IDENTITY MANAGEMENT CORE PRIME IDENTITY MANAGEMENT CORE For secure enrollment applications processing and workflow management. PRIME Identity Management Core provides the foundation for any biometric identification platform. It

More information

Introduction to Annex 9: ICAO SARPs on Traveller Identification and Border Controls

Introduction to Annex 9: ICAO SARPs on Traveller Identification and Border Controls Introduction to Annex 9: ICAO SARPs on Traveller Identification and Border Controls Erik Slavenas, Programme Officer, ICAO 26 June 2014 Page 1 Overview 1. The Chicago Convention and Annexes 2. ICAO SARPs

More information

CS 356 Lecture 28 Internet Authentication. Spring 2013

CS 356 Lecture 28 Internet Authentication. Spring 2013 CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

Brocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, 2002. Page 1

Brocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, 2002. Page 1 PKI Tutorial Jim Kleinsteiber February 6, 2002 Page 1 Outline Public Key Cryptography Refresher Course Public / Private Key Pair Public-Key Is it really yours? Digital Certificate Certificate Authority

More information

esign FAQ 1. What is the online esign Electronic Signature Service? 2. Where the esign Online Electronic Signature Service can be used?

esign FAQ 1. What is the online esign Electronic Signature Service? 2. Where the esign Online Electronic Signature Service can be used? esign FAQ 1. What is the online esign Electronic Signature Service? esign Electronic Signature Service is an innovative initiative for allowing easy, efficient, and secure signing of electronic documents

More information

3 rd Generation Electronic Passport Supplemental Access Control (SAC) for future-proof security and privacy

3 rd Generation Electronic Passport Supplemental Access Control (SAC) for future-proof security and privacy 3 rd Generation Electronic Passport Supplemental Access Control (SAC) for future-proof security and privacy Gemalto Verna Heino ICAO MRTD Symposium Montreal ICAO MRTD Symposium, Montreal September 12 th

More information

Concept of Electronic Approvals

Concept of Electronic Approvals E-Lock Technologies Contact info@elock.com Table of Contents 1 INTRODUCTION 3 2 WHAT ARE ELECTRONIC APPROVALS? 3 3 HOW DO INDIVIDUALS IDENTIFY THEMSELVES IN THE ELECTRONIC WORLD? 3 4 WHAT IS THE TECHNOLOGY

More information

Certificate Policies and Certification Practice Statements

Certificate Policies and Certification Practice Statements Entrust White Paper Certificate Policies and Certification Practice Statements Author: Sharon Boeyen Date: February 1997 Version: 1.0 Copyright 2003 Entrust. All rights reserved. Certificate Policies and

More information

Common Criteria Protection Profile for Inspection Systems (IS) BSI-CC-PP-0064. Version 1.01 (15 th April 2010)

Common Criteria Protection Profile for Inspection Systems (IS) BSI-CC-PP-0064. Version 1.01 (15 th April 2010) Common Criteria Protection Profile for BSI-CC-PP-0064 Version 1.01 (15 th April 2010) Federal Office for Information Security Postfach 20 03 63 53133 Bonn Phone: +49 228 99 9582-0 e-mail: zertifizierung@bsi.bund.de

More information

SSLPost Electronic Document Signing

SSLPost Electronic Document Signing SSLPost Electronic Document Signing Overview What is a Qualifying Advanced Electronic Signature (QAES)? A Qualifying Advanced Electronic Signature, is a specific type of digital electronic signature, that

More information

Evidence of Identity: Breeder Documents and Beyond Barry J. Kefauver International national Standards ds Organization ation Why Care? A false passport in the hands of a terrorist is as dangerous as a bomb

More information

White Paper. Cloud Signing vs. Smartcard Signing

White Paper. Cloud Signing vs. Smartcard Signing White Paper Cloud Signing vs. Smartcard Signing 1. Introduction 2. What is the Goal? What is driving successful Electronic Commerce and e-government solutions? The answer is simple: useful applications

More information

Technical Guideline eid-server. Part 2: Security Framework

Technical Guideline eid-server. Part 2: Security Framework Technical Guideline eid-server Part 2: Security Framework BSI TR-03130-2 Version 2.0.1 January 15, 2014 Federal Office for Information Security Post Box 20 03 63 D-53133 Bonn Phone: +49 22899 9582-0 E-Mail:

More information

Progress by Partnership. State Wide E-Procurement Implementation

Progress by Partnership. State Wide E-Procurement Implementation Progress by Partnership 1 State Wide E-Procurement Implementation Contents Selecting the Platform and Model Snapshot of progress so far Implementation Challenges Way forward 3 Selecting the e-procurement

More information

Combatting Counterfeit Identities: The Power of Pairing Physical & Digital IDs

Combatting Counterfeit Identities: The Power of Pairing Physical & Digital IDs Combatting Counterfeit Identities: The Power of Pairing Physical & Digital IDs 1 GOVERNMENTS ADOPTING DIGITAL STRATEGIES Governments designing/operating digital ecosystems to create, transform and optimize

More information

Best Practices for the Use of RF-Enabled Technology in Identity Management. January 2007. Developed by: Smart Card Alliance Identity Council

Best Practices for the Use of RF-Enabled Technology in Identity Management. January 2007. Developed by: Smart Card Alliance Identity Council Best Practices for the Use of RF-Enabled Technology in Identity Management January 2007 Developed by: Smart Card Alliance Identity Council Best Practices for the Use of RF-Enabled Technology in Identity

More information

GNB RSA Token Standards and Procedures

GNB RSA Token Standards and Procedures Client Authentication Standards GNB RSA Token Standards and Procedures Concept The client authentication standard provides a formalized, secure and efficient methodology for proper identification of the

More information

ELECTRONIC SIGNATURES AND ASSOCIATED LEGISLATION

ELECTRONIC SIGNATURES AND ASSOCIATED LEGISLATION ELECTRONIC SIGNATURES AND ASSOCIATED LEGISLATION This can be a complex subject and the following text offers a brief introduction to Electronic Signatures, followed by more background on the Register of

More information

Mobile Driver s License Solution

Mobile Driver s License Solution Mobile Driver s License Solution Secure, convenient and more efficient Improved identity protection through secure mobile driver s licenses The introduction of a mobile driver s license is a huge opportunity

More information

MACHINE READABLE TRAVEL DOCUMENTS

MACHINE READABLE TRAVEL DOCUMENTS MACHINE READABLE TRAVEL DOCUMENTS TECHNICAL REPORT Version 1.0 Date June 23, 2009 Published by authority of the Secretary General ISO/IEC JTC1 SC17 WG3/TF5 FOR THE INTERNATIONAL CIVIL AVIATION ORGANIZATION

More information

Certificate Management. PAN-OS Administrator s Guide. Version 7.0

Certificate Management. PAN-OS Administrator s Guide. Version 7.0 Certificate Management PAN-OS Administrator s Guide Version 7.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us

More information

ICP BRASIL The Brazilian PKI

ICP BRASIL The Brazilian PKI ICP BRASIL The Brazilian PKI PKI as a National Basic Infrastructure for Electronic Identification Projects in Brazil Mauricio Augusto Coelho Director, PKI Department National Institute of Information Technology

More information

Veridos Protects Identities. The expert for worldwide government solutions

Veridos Protects Identities. The expert for worldwide government solutions Veridos Protects Identities The expert for worldwide government solutions 2 Personal identity in a globalized world Today s globalized world is fast, mobile, and highly virtualized. We now expect access

More information

DNSSEC Policy & Practice Statement for.tz Zone

DNSSEC Policy & Practice Statement for.tz Zone DNSSEC Policy & Practice Statement for.tz Zone Version 1.1 Effective Date: January 1, 2013 Tanzania Network Information Centre 14107 LAPF Millenium Towers, Ground Floor, Suite 04 New Bagamoyo Road, Dar

More information

EPASSPORT WITH BASIC ACCESS CONTROL AND ACTIVE AUTHENTICATION

EPASSPORT WITH BASIC ACCESS CONTROL AND ACTIVE AUTHENTICATION COMMON CRITERIA PROTECTION PROFILE EPASSPORT WITH BASIC ACCESS CONTROL AND ACTIVE AUTHENTICATION Draft Version 1.0 TURKISH STANDARDS INSTITUTION TABLE OF CONTENTS Common Criteria Protection Profile...

More information

Electronic Signatures: A New Opportunity for Growth. May 10, 2005

Electronic Signatures: A New Opportunity for Growth. May 10, 2005 Electronic Signatures: A New Opportunity for Growth May 10, 2005 1 Contents Is It Legal? 3 E-Signature Technology 12 Another Industry Example 15 National Association for Variable Annuities Applications

More information

TeleTrusT European Bridge CA Status and Outlook

TeleTrusT European Bridge CA Status and Outlook TeleTrusT European Bridge CA Status and Outlook TeleTrusT Workshop, Saarbrücken, 2010-06-11 Dr. Guido von der Heidt, Siemens AG Copyright Siemens AG 2010. All rights reserved. Secure (E-Mail) Communication

More information

An introduction to EJBCA and SignServer

An introduction to EJBCA and SignServer An introduction to EJBCA and SignServer PrimeKey Solutions AB Tomas Gustavsson http://www.primekey.se tomas@primekey.se EJBCA and SignServer Euro PKI projects and use cases 1 EJBCA - Open Source Enterprise

More information

Merchants and Trade - Act No 28/2001 on electronic signatures

Merchants and Trade - Act No 28/2001 on electronic signatures This is an official translation. The original Icelandic text published in the Law Gazette is the authoritative text. Merchants and Trade - Act No 28/2001 on electronic signatures Chapter I Objectives and

More information

TELSTRA RSS CA Subscriber Agreement (SA)

TELSTRA RSS CA Subscriber Agreement (SA) TELSTRA RSS CA Subscriber Agreement (SA) Last Revision Date: December 16, 2009 Version: Published By: Telstra Corporation Ltd Copyright 2009 by Telstra Corporation All rights reserved. No part of this

More information

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But it s

More information

sign-me Bundesdruckerei's solution for online signatures using the new German ID card

sign-me Bundesdruckerei's solution for online signatures using the new German ID card Basic information: sign-me sign-me Bundesdruckerei's solution for online signatures using the new German ID card What is sign-me? sign-me is a web application from Bundesdruckerei that enables online signatures

More information

Modular biometric architecture with secunet biomiddle

Modular biometric architecture with secunet biomiddle Version 2.1 Modular biometric architecture with secunet biomiddle White Paper Version 2.0, 25/03/10 secunet Security Networks AG Copyright 2010 by secunet Security Networks AG This document is for information

More information

Guide to Using DoD PKI Certificates in Outlook

Guide to Using DoD PKI Certificates in Outlook Report Number: I33-002R-2005 Guide to Using DoD PKI Certificates in Outlook Security Evaluation Group Authors: Margaret Salter Mike Boyle Updated: June 9, 2005 Version 4.0 National Security Agency 9800

More information

I N F O R M A T I O N S E C U R I T Y

I N F O R M A T I O N S E C U R I T Y NIST Special Publication 800-78-2 DRAFT Cryptographic Algorithms and Key Sizes for Personal Identity Verification W. Timothy Polk Donna F. Dodson William. E. Burr I N F O R M A T I O N S E C U R I T Y

More information

fulfils all requirements defined in the technical specification The appendix to the certificate is part of the certificate and consists of 6 pages.

fulfils all requirements defined in the technical specification The appendix to the certificate is part of the certificate and consists of 6 pages. The certification body of TÜV Informationstechnik GmbH hereby awards this certificate to the company D-TRUST GmbH Kommandantenstraße 15 10969 Berlin, Germany to confirm that its certification service D

More information

The Costs of Managed PKI:

The Costs of Managed PKI: The Costs of Managed PKI: In-House Implementation of PKI vs. Traditional Managed PKI vs. ON-Demand PKI A TC TrustCenter Whitepaper Last Updated: February 2008 Introduction Until recently, organizations

More information

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006 Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates September 2006 Copyright 2006 Entrust. All rights reserved. www.entrust.com Entrust is a registered trademark

More information

A Draft Framework for Designing Cryptographic Key Management Systems

A Draft Framework for Designing Cryptographic Key Management Systems A Draft Framework for Designing Cryptographic Key Management Systems Elaine Barker Dennis Branstad Santosh Chokhani Miles Smid IEEE Key Management Summit May 4, 2010 Purpose of Presentation To define what

More information

Certificate Policy for. SSL Client & S/MIME Certificates

Certificate Policy for. SSL Client & S/MIME Certificates Certificate Policy for SSL Client & S/MIME Certificates OID: 1.3.159.1.11.1 Copyright Actalis S.p.A. All rights reserved. Via dell Aprica 18 20158 Milano Tel +39-02-68825.1 Fax +39-02-68825.223 www.actalis.it

More information

Next Steps In Accelerating DNSSEC Deployment

Next Steps In Accelerating DNSSEC Deployment Next Steps In Accelerating DNSSEC Deployment Dan York, CISSP Senior Content Strategist, Internet Society DNSSEC Deployment Workshop, ICANN 45 Toronto, Canada October 17, 2012 Internet Society Deploy360

More information

E-Visas Verification Schemes Based on Public-Key Infrastructure and Identity Based Encryption

E-Visas Verification Schemes Based on Public-Key Infrastructure and Identity Based Encryption Journal of Computer Science 6 (7): 723-727, 2010 ISSN 1549-3636 2010 Science Publications E-Visas Verification Schemes Based on Public-Key Infrastructure and Identity Based Encryption Najlaa A. Abuadhmah,

More information

L@Wtrust Class 3 Registration Authority Charter

L@Wtrust Class 3 Registration Authority Charter Class 3 Registration Authority Charter Version 1.0 applicable from 09 November 2010 Building A, Cambridge Park, 5 Bauhinia Street, Highveld Park, South Africa, 0046 Phone +27 (0)12 676 9240 Fax +27 (0)12

More information

Certification Practice Statement

Certification Practice Statement Certification Practice Statement Revision R1 2013-01-09 1 Copyright Printed: January 9, 2013 This work is the intellectual property of Salzburger Banken Software. Reproduction and distribution require

More information

Emirates Identity Authority (EIDA), Abu Dhabi

Emirates Identity Authority (EIDA), Abu Dhabi Emirates Identity Authority Strategic Initiatives National Vision... For Better Future Emirates Identity Authority (EIDA), Abu Dhabi هيي ة اتحادية Authority Federal Our Vision: To be a role model and reference

More information

FIVE-MINUTES-TO-CONTRACT The DESKO over-all concept for digital contract management and ID verification.

FIVE-MINUTES-TO-CONTRACT The DESKO over-all concept for digital contract management and ID verification. Discover a new conception for customer verification and electronic contract management Your benefit is our task. FIVE-MINUTES-TO-CONTRACT The DESKO over-all concept for digital contract management and

More information

Common Criteria Protection Profile

Common Criteria Protection Profile Machine Readable Travel Document using Standard Inspection Procedure with PACE (PACE PP) Version 1.01, 22th July 2014 Foreword This Protection Profile Electronic Passport using Standard Inspection procedure

More information

e-authentication guidelines for esign- Online Electronic Signature Service

e-authentication guidelines for esign- Online Electronic Signature Service e-authentication guidelines for esign- Online Electronic Signature Service Version 1.0 June 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry of Communications

More information

PROGRAMME. Mr. Franklin Hoyer, ICAO Regional Director, Lima

PROGRAMME. Mr. Franklin Hoyer, ICAO Regional Director, Lima Revised, 10 April 2012 Seminar Venue: Itamaraty Palace Avenida Marechal Floriano 196 Centro Rio de Janeiro, Brazil Tel: (55) 21 2253 7691 Website: www.itamaraty.gov.br/ Registration: Tuesday, 17 April

More information

Course Outline: 6436 _ Designing a Windows Server 2008 Active Directory Infrastructure and Services Learning Method: Instructor-led Classroom Learning

Course Outline: 6436 _ Designing a Windows Server 2008 Active Directory Infrastructure and Services Learning Method: Instructor-led Classroom Learning Course Outline: 6436 _ Designing a Active Directory Infrastructure and Services Learning Method: Instructor-led Classroom Learning Duration: 5.00 Day(s)/ 40 hrs Overview: At the end of this five-day course,

More information

Land Registry. Version 4.0 10/09/2009. Certificate Policy

Land Registry. Version 4.0 10/09/2009. Certificate Policy Land Registry Version 4.0 10/09/2009 Certificate Policy Contents 1 Background 5 2 Scope 6 3 References 6 4 Definitions 7 5 General approach policy and contract responsibilities 9 5.1 Background 9 5.2

More information

DNSSEC Policy and Practice Statement.amsterdam

DNSSEC Policy and Practice Statement.amsterdam DNSSEC Policy and Practice Statement.amsterdam Contact T +31 26 352 55 00 support@sidn.nl www.sidn.nl Offices Meander 501 6825 MD Arnhem Mailing address Postbus 5022 6802 EA Arnhem May 24, 2016 Public

More information

Security Digital Certificate Manager

Security Digital Certificate Manager System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure

More information

Compliance Response Edition 07/2009. SIMATIC WinCC V7.0 Compliance Response Electronic Records / Electronic Signatures. simatic wincc DOKUMENTATION

Compliance Response Edition 07/2009. SIMATIC WinCC V7.0 Compliance Response Electronic Records / Electronic Signatures. simatic wincc DOKUMENTATION Compliance Response Edition 07/2009 SIMATIC WinCC V7.0 Compliance Response Electronic Records / Electronic Signatures simatic wincc DOKUMENTATION Compliance Response Electronic Records / Electronic Signatures

More information

DNSSEC Policy Statement Version 1.1.0. 1. Introduction. 1.1. Overview. 1.2. Document Name and Identification. 1.3. Community and Applicability

DNSSEC Policy Statement Version 1.1.0. 1. Introduction. 1.1. Overview. 1.2. Document Name and Identification. 1.3. Community and Applicability DNSSEC Policy Statement Version 1.1.0 This DNSSEC Practice Statement (DPS) conforms to the template included in RFC 6841. 1. Introduction The approach described here is modelled closely on the corresponding

More information

Danske Bank Group Certificate Policy

Danske Bank Group Certificate Policy Document history Version Date Remarks 1.0 19-05-2011 finalized 1.01 15-11-2012 URL updated after web page restructuring. 2 Table of Contents 1. Introduction... 4 2. Policy administration... 4 2.1 Overview...

More information

Global eid Developments. Detlef Eckert Chief Security Advisor Microsoft Europe, Middle East, and Africa

Global eid Developments. Detlef Eckert Chief Security Advisor Microsoft Europe, Middle East, and Africa Global eid Developments Detlef Eckert Chief Security Advisor Microsoft Europe, Middle East, and Africa Agenda Country View on eid initiatives Trustworthy Identity Scenarios Microsoft eid update Summary

More information

Security Digital Certificate Manager

Security Digital Certificate Manager IBM i Security Digital Certificate Manager 7.1 IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in Notices,

More information

A B U N D E S D R U C K E R E I P O C K E T G U I D E T O B O R D E R C O N T R O L

A B U N D E S D R U C K E R E I P O C K E T G U I D E T O B O R D E R C O N T R O L A B U N D E S D R U C K E R E I P O C K E T G U I D E T O B O R D E R C O N T R O L www.bundesdruckerei.de A B U N D E S D R U C K E R E I P O C K E T G U I D E T O B o r d e r C o n t r o l P u b l i

More information

I N F O R M A T I O N S E C U R I T Y

I N F O R M A T I O N S E C U R I T Y NIST Special Publication 800-78-3 DRAFT Cryptographic Algorithms and Key Sizes for Personal Identity Verification W. Timothy Polk Donna F. Dodson William E. Burr Hildegard Ferraiolo David Cooper I N F

More information

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 12 Applying Cryptography

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 12 Applying Cryptography Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used

More information

TeleTrusT IT Security Association Germany. TeleTrusT IT Security Association Germany. Overview

TeleTrusT IT Security Association Germany. TeleTrusT IT Security Association Germany. Overview TeleTrusT IT Security Association Germany Overview Introduction to TeleTrusT EBCA Since 2001 Consolidation of individual, equal PKIs in a PKI network of trust simple, secure email communication & data

More information

Certification Practice Statement (ANZ PKI)

Certification Practice Statement (ANZ PKI) Certification Practice Statement March 2009 1. Overview 1.1 What is a Certification Practice Statement? A certification practice statement is a statement of the practices that a Certification Authority

More information

Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI) Public Key Infrastructure (PKI) In this video you will learn the quite a bit about Public Key Infrastructure and how it is used to authenticate clients and servers. The purpose of Public Key Infrastructure

More information

Control and management of privileged users

Control and management of privileged users Control and management of privileged users The secure solution for monitoring and recording privileged users Visulox The complete Access Management Solution ToolBox Solution GmbH, established in 2003,

More information

Understanding Digital Signature And Public Key Infrastructure

Understanding Digital Signature And Public Key Infrastructure Understanding Digital Signature And Public Key Infrastructure Overview The use of networked personnel computers (PC s) in enterprise environments and on the Internet is rapidly approaching the point where

More information

An identity management solution. TELUS AD Sync

An identity management solution. TELUS AD Sync An identity management solution TELUS AD Sync June 2013 Introduction An important historic challenge faced by small and mid-sized businesses when opting for the TELUS Business E-mail Service is the requirement

More information

New Attacks against RFID-Systems. Lukas Grunwald DN-Systems GmbH Germany

New Attacks against RFID-Systems. Lukas Grunwald DN-Systems GmbH Germany New Attacks against RFID-Systems Lukas Grunwald DN-Systems GmbH Germany Agenda What is RFID? How to exploit and attack RFID systems Attacks against the middleware Reader-emulation, soft-tags Unexpected

More information

ID Security Made in Germany Holistic Solutions for Biometric Systems and Identity Documents

ID Security Made in Germany Holistic Solutions for Biometric Systems and Identity Documents ID Security Made in Germany Holistic Solutions for Biometric Systems and Identity Documents 3 Your Personal Identity: Unique, Secure, Multifaceted Every person has individual characteristics by which

More information

Information Security Basic Concepts

Information Security Basic Concepts Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,

More information

Designing a Windows Server 2008 Active Directory Infrastructure and Services

Designing a Windows Server 2008 Active Directory Infrastructure and Services Designing a Windows Server 2008 Active Directory Infrastructure and Services MOC6436 About this Course At the end of this five-day course, students will learn how to design an Active Directory Infrastructure

More information

FAQs - New German ID Card. General

FAQs - New German ID Card. General FAQs - New German ID Card General 1) How to change from the old ID card to the new one? The new Law on Identification Cards came into effect on 1 November 2010. Since then, citizens can apply for the new

More information

Ericsson Group Certificate Value Statement - 2013

Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 1 (23) Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 2 (23) Contents 1 Ericsson Certificate Value Statement... 3 2 Introduction... 3 2.1 Overview... 3 3 Contact information...

More information

THE LEADING EDGE OF BORDER SECURITY

THE LEADING EDGE OF BORDER SECURITY THE LEADING EDGE OF BORDER SECURITY RECORD-BREAKING TRAVEL CREATING NEW CHALLENGES TIM KLABUNDE Entrust Datacard; Director, Government Vertical Marketing THE ERA OF THE MOBILE IDENTITY In an increasingly

More information

6436: Designing a Windows Server 2008 Active Directory Infrastructure and Services (5 Days)

6436: Designing a Windows Server 2008 Active Directory Infrastructure and Services (5 Days) www.peaklearningllc.com 6436: Designing a Windows Server 2008 Active Directory Infrastructure and Services (5 Days) Introduction At the end of this five-day course, students will learn how to design an

More information

TPM Key Backup and Recovery. For Trusted Platforms

TPM Key Backup and Recovery. For Trusted Platforms TPM Key Backup and Recovery For Trusted Platforms White paper for understanding and support proper use of backup and recovery procedures for Trusted Computing Platforms. 2006-09-21 V0.95 Page 1 / 17 Contents

More information

Electronic Document Imaging Solution for Births, Marriages & Death Certificates Digitization & Issuance Colombo, Sri Lanka

Electronic Document Imaging Solution for Births, Marriages & Death Certificates Digitization & Issuance Colombo, Sri Lanka Page 1 of 6 Electronic Document Imaging Solution for Births, Marriages & Death Certificates Digitization & Issuance Colombo, Sri Lanka THE SITUATION Births, Marriages and Death certificates are highly

More information

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES Table of contents 1.0 SOFTWARE 1 2.0 HARDWARE 2 3.0 TECHNICAL COMPONENTS 2 3.1 KEY MANAGEMENT

More information

Certificate Policy. SWIFT Qualified Certificates SWIFT

Certificate Policy. SWIFT Qualified Certificates SWIFT SWIFT SWIFT Qualified Certificates Certificate Policy This Certificate Policy applies to Qualified Certificates issued by SWIFT. It indicates the requirements and procedures to be followed, and the responsibilities

More information