Electronic Signature: Conform to the CC Anytime, Anywhere, with any Device September 20, 2012

Transcription

1 Electronic Signature: Conform to the CC Anytime, Anywhere, with any Device September 20, 2012 DICTAO 152, avenue Malakoff PARIS, France Tel. : +33 (0) Internet :

2 Agenda European Electronic Signature Framework Present Protection Profiles and Guidelines New Playing Field Demonstration of a Ubiquitous Electronic Creation Application & Device Futures Considerations Questions & Answers Copyright Dictao 2012

3 European electronic signature framework Directive 1999/93/CE Article 2 Definitions 1) Electronic signature 2) Advanced Electronic Signature 5) Signature Creation Device 6) Secure Signature Creation Device 10) Qualified certificate Article 5 Legal effect 1) Qualified Signature (an AES based on a QC and created by a SSCD) Legal and admissible as a evidence 2) All other forms of Electronic Signature (including Advanced Electronic Signature) Not denied legal effectiveness and admissibility as evidence on the sole reason that not qualified Copyright Dictao

4 Electronic Signature Use Cases SSCD SCDev Advanced Electronic Signature (1) Declaration of knowledge and intention of will by the applicable law in open communities Declaration of knowledge and intention of will by agreement in specified communities Electronic Signature (2) Authentication and Data Integrity (3) (1) Typically follows the ETSI *AdES recommendations (2) A digital signature (DSig, CMS, other) where the legal relevance is necessary (3) Some countries require dedicated certificates for authentication and signature Copyright Dictao

5 Relevant Protection Profiles HI SCA PP SCDev PP SSCD PP Type 1, 2, 3 CGA Copyright Dictao

6 Signature-Creation Application (SCA PP) Elaborated by the French ANSSI [CC PP-ACSE-CCv3.1] based upon the [CWA 14170] document Compatible PP for both Advanced and Qualified Electronic Signature Includes the following major functions Signatory user-interface (document/attribute selection, invocation of signature). User authentication outside the scope. WYSIWYS (presentation, invariance) Signature Policy (key usage, commitment) Signature and hash format (envelope) SCDev communication Compatible with both a SSCD or a SCDev PP Copyright Dictao

7 Signature-Creation Device (SCDev PP) A Protection Profile for Software Signature Creation Devices elaborated by CWA [ ] Compatible PP for creating advanced electronic signature May be implemented in software dedicated signing software, a plug-in to an program or to a browser Running on multi-application computer like a personal computer (PC) or a personal data assistant (PDA). The signatory is responsible to protect the SCD, the SCDev software and data against theft, physical and logical manipulation Appropriate level of confidence in the product to be used in e-commerce environments EAL3 + informal TOE security policy model (ADV_SPM.1). Copyright Dictao

8 Secure Signature-Creation Device (SSCD PP) A Protection Profile for Secure Signature-Creation Devices elaborated by the BSI published under [CWA 14169] Compatible PP for creating Qualified electronic signature Protected against physical tampering Domain separation from other processes is required (single purpose device preferred) Trusted channel with the SCA to receive the DTBS and user authentication data The establishment of the trusted path between the SSCD and SCA is critical EAL4+ Advanced methodical vulnerability analysis (AVA_VAN.5) Copyright Dictao

9 Guidelines of implementation in CWA 14355: 2004 Smartcard and PC environment guidelines Those environments did not evolve significantly since 2004 Mobile and PDA environment guidelines hardware and OS must allow for the creation and enforcement of separate domains. Current hardware and OS development makes meeting these requirements quite difficult Today s smartphones do not have such limitations anymore! Signing Service It is quite possible to design a Signing Service system where the SCD of all users are held in a large SSCD This design is not prohibited by the Directive and is technically possible. output of the current workgroup however does not address the serious technical issues that this type of design will present with the current generations of hardware and software the choices will be limited Is this not a lot more achievable with today s device? Copyright Dictao

10 New Playing Field Smartphone The merge of mobile phone and PDA principles With a ubiquitous data connection Application sandboxing The exception becomes the norm With a shared nothing architecture on the user device Data in the cloud A necessary evil With access from anywhere with any device that overcomes the risk perception Copyright Dictao

11 What does it mean? What does it mean? The SCD (Signature-Creation Data) should move into the Cloud (private or public) The signature takes places with an SCDev under control of the Cloud provider Trusted-channel must be established between the SCA TOE (on the user device) and SCDev TOE (in the Cloud) Do we need new PP? Maybe not! We believe that a combination of SCA, SCDev and SSCD fulfills the requirements Copyright Dictao

12 Combinaison of Existing PP Proposed implementation A SCA with a effective trusted-path to a SSCDs type 1 for key-generation and a SSCD Type 2 for signature creation SSCD specificities Trusted-channel based upon a mutual and multifactor authentication between the SCA and SSCD Import of SCD data before each signature and destruction after it under sole control of the Signatory Class 2 Signature Creation System Client side : SCA, and SCDev level authentication mechanism to establish the trusted channel with the SSCD (smartphone App) Server side : SSCD security level implementation communicating with the SCA using only strongly authenticated trusted channels (HSM) Authentication mechanism : Asymmetric based, ensures sole control requirement Copyright Dictao

13 Trusted-path Trustedchannel Schema of the proposed combinaison HI SCA Trusted-channel SSCD Type 2 SSCD Type 1 SCDev Authentication only Client Side Server Side Copyright Dictao

14 Demonstration Copyright Dictao

15 Key pair generation and personalization workflow Card # : XXX Activation code : CCFFR Launch the App Scan QRCode Approve the terms and conditions Choose a PIN The SCD is activated in the Cloud Copyright Dictao

16 Signature-Creation Workflow The business App requests a signature Signatory reads and expresses his/her consent Signatory enters his/her PIN The signature is created and returned to the business App Switch over Switch back Copyright Dictao

17 Zoom into Signature-Creation Just One-Click Highly intuitive but strongly secure and conformant with SCA/SCDev PP Support for Web, Hybrid and Native App Switch over the SCA and back to the Business App Input validation Business app requests are signed Certificate selection simplified Displayed as a card Copyright Dictao

18 Futures Considerations Local Type 2 SSCD Import SCD from a Cloud-based Type 1 SSCD into a local-based Type 2 SSCD Conformance with 2012 regulation proposal Article 2 (17) electronic signature creation device means configured software or hardware used to create an electronic signature; (18) qualified electronic signature creation device means an electronic signature creation device which meets the requirements laid down in Annex II; Copyright Dictao

19 Questions & Answers Copyright Dictao

20 Laurent FOURNIÉ DICTAO 152, avenue Malakoff Paris, France Tel. : +33 (0) lfournie@dictao.com