Long term electronic signatures or documents retention



Similar documents
PKI - current and future

Digital Signature Verification using Historic Data

CERTIFICATION PRACTICE STATEMENT UPDATE

Specifying the content and formal specifications of document formats for QES

Signature policy for TUPAS Witnessed Signed Document

Digital Signing without the Headaches

Certificate Path Validation

ETSI TS V1.1.1 ( )

ETSI SECURITY WEEK EIDAS Overview CEN/ETSI esignature Standardization including standards for TSP Compliance. ETSI All rights reserved

Electronic Signature. István Zsolt BERTA Public Key Cryptographic Primi4ves

DIRECTOR GENERAL OF THE LITHUANIAN ARCHIVES DEPARTMENT UNDER THE GOVERNMENT OF THE REPUBLIC OF LITHUANIA

In accordance with article 11 of the Law on Electronic Signature (Official Gazette of the Republic of Serbia No. 135/04), REGULATION

ETSI TS V1.3.2 ( )

FOR A PAPERLESS FUTURE. Petr DOLEJŠÍ Senior Solution Consultant SEFIRA Czech Republic

e-szigno Digital Signature Application

OASIS Standard Digital Signature Services (DSS) Assures Authenticity of Data for Web Services

The Estonian ID Card and Digital Signature Concept

Submitted to the EC on 03/06/2012. COMPETITIVENESS AND INNOVATION FRAMEWORK PROGRAMME ICT Policy Support Programme (ICT PSP) e-codex

BDOC FORMAT FOR DIGITAL SIGNATURES

CERTIFICATE POLICY (CP) (For SSL, EV SSL, OSC and similar electronic certificates)

ETSI TS V1.4.2 ( ) Technical Specification. Electronic Signatures and Infrastructures (ESI); XML Advanced Electronic Signatures (XAdES)

STANDARDISIERUNG FÜR EIDAS IM MANDATE/460

XML Advanced Electronic Signatures (XAdES)

TR-GRID CERTIFICATION AUTHORITY

Best prac*ces in Cer*fying and Signing PDFs

Making Digital Signatures Work across National Borders

TR-GRID CERTIFICATION AUTHORITY

Optimized Certificates A New Proposal for Efficient Electronic Document Signature Validation

Public Key Infrastructure (PKI)

Embedding digital signature technology to other systems - Estonian practice. Urmo Keskel SK, DigiDoc Product Manager

Land Registry. Version /09/2009. Certificate Policy

Danske Bank Group Certificate Policy

Authentication Applications

ETSI TS V1.1.1 ( ) Technical Specification

Verification of digitally signed PDFs

Multiple electronic signatures on multiple documents

White Paper. Digital signatures from the cloud Basics and Applications

Ericsson Group Certificate Value Statement

Authentication Applications

Lecture VII : Public Key Infrastructure (PKI)

Registration Practices Statement. Grid Registration Authority Approved December, 2011 Version 1.00

ETSI TS V1.1.2 ( ) Technical Specification

PkBox Technical Overview. Ver

INDEPENDENT AUDIT REPORT BASED ON THE REQUIREMENTS OF ETSI TS Aristotle University of Thessaloniki PKI ( WHOM IT MAY CONCERN

Mobile OTPK Technology for Online Digital Signatures. Dec 15, 2015

Digital Signature: Efficient, Cut Cost and Manage Risk. Formula for Strong Digital Security

e-tuğra CERTIFICATE POLICY E-Tuğra EBG Bilişim Teknolojileri ve Hizmetleri A.Ş. Version: 3.1 Validity Date: September, 2013 Update Date: 30/08/2013

Certipost Trust Services. Certificate Policy. for Lightweight Certificates for EUROCONTROL. Version 1.2. Effective date 03 May 2012

ETSI TS V1.1.1 ( ) Technical Specification

Reducing Certificate Revocation Cost using NPKI

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

Key Management and Distribution

ETSI TR V1.1.1 ( )

Chapter 4. Authentication Applications. COSC 490 Network Security Annie Lu 1

Purpose of PKI PUBLIC KEY INFRASTRUCTURE (PKI) Terminology in PKIs. Chain of Certificates

Future directions of the AusCERT Certificate Service

Neutralus Certification Practices Statement

THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY. July 2011 Version 2.0. Copyright , The Walt Disney Company

Concept of Electronic Approvals

PAdES signatures in itext and the road ahead. Paulo Soares

Key Management and Distribution

TEPZZ A_T EP A1 (19) (11) EP A1 (12) EUROPEAN PATENT APPLICATION. (51) Int Cl.: G06F 21/64 ( )

Digital Signatures in a PDF

New York State Electronic Signatures and Records Act

SECURITY IN ELECTRONIC COMMERCE MULTIPLE-CHOICE QUESTIONS

ETSI TS V1.1.1 ( )

Information Security Basic Concepts

Adobe PDF for electronic records

CALIFORNIA SOFTWARE LABS

TC TrustCenter GmbH Time-Stamp Practice and Disclosure Statement

TeliaSonera Root CA v1 Certificate Practice Statement. Published by: TeliaSonera AB

Technical Description. DigitalSign 3.1. State of the art legally valid electronic signature. The best, most secure and complete software for

DEPARTMENT OF DEFENSE ONLINE CERTIFICATE STATUS PROTOCOL RESPONDER INTEROPERABILITY MASTER TEST PLAN VERSION 1.0

SAFE Digital Signatures in PDF

Malaysian Identity Federation and Access Management Certification Authority Certificate Policy and Certification Practice Statement

Digital legal archiving

Cryptography and Network Security Chapter 14. Key Distribution. Key Management and Distribution. Key Distribution Task 4/19/2010

E-TUGRA INFORMATIC TECHNOLOGIES AND SERVICES CORP (E-TUGRA)

IHE IT Infrastructure Technical Framework Supplement. Document Digital Signature (DSG) Trial Implementation

X.509 Certification Practices Statement for the U.S. Government Printing Office Principal Certification Authority (GPO-PCA)

to hide away details from prying eyes. Pretty Good Privacy (PGP) utilizes many

NIST-Workshop 10 & 11 April 2013

CERTIFICATION PRACTICE STATEMENT (CPS) SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A. Version 2.0

Certificate Policy KEYNECTIS SSL CA CP. Emmanuel Montacutelli 12/11/2014 DMS_CP_KEYNECTIS SSL CA CP_1.2

Operating a CSP in Switzerland or Playing in the champions league of IT Security

Building a Digital Signature to Meet State Statute Requirements Using a Certificate Authority. Adobe Acrobat Pro DC (Released July 2015)

Certification Practice Statement

Business Issues in the implementation of Digital signatures

Transcription:

Long term electronic s or documents retention IWAP 2004 Yuichi Suzuki SECOM IS Laboratory IWAP 2004 Yuichi Suzuki (SECOM IS Lab) 1

Problem of validity period of certificate PKI does work well in a validity period of public key certificate However, after expiration of certificate No more secure the public key, even if the key does not compromise Should not use the key for verifying the Then, digital can not verify Too short the validity period Usually the period is one to three years Many legislations require to keep documents over 5 years, 10 years, or more than 30 years IWAP 2004 Yuichi Suzuki (SECOM IS Lab) 2

Signature verification Usual PKI environment We can not verify the after revocation or expiration of the certificate Before certificate expiration After certificate expiration Allow validation Can not confirm validation After more than ten years Algorithm compromise Signature Verify Certificate revocation Verify Verify Verify Loose revocation information Forge IWAP 2004 Yuichi Suzuki (SECOM IS Lab) 3

e-document law Strong requirement exist to eliminate paper documents and written documents e-documents law: Japanese government is preparing Scan paper documents to make e-documents The e-documents could be original, Ok to destroy the original papers To keep the integrity of scanned data Only the trusted document officers can scan the paper documents He/her must sign digitally on the scanned documents Digital time stamp also required Requirement for long term validation IWAP 2004 Yuichi Suzuki (SECOM IS Lab) 4

Requirement for long term If first verification of a was correct, then Could verify the over long term period After the verification period expired After the key algorithm become week Re-verification of the Verify certification path Verify no revocation Correct existed before revocation, then Verify the by the public key IWAP 2004 Yuichi Suzuki (SECOM IS Lab) 5

To keep long term Two methods for long term s Notary service Need trusted third party Collect all evidences at first verification Required stable standard format IWAP 2004 Yuichi Suzuki (SECOM IS Lab) 6

Notary services Can trust notary organization over long time? Government service? Private service? Bankrupt Cease business Standard for notary services RFC 3029 Data Validation and Certification Server Protocols Certification of Possession of Data Certification of Claim of Possession of Data Validation of Digitally Signed Document Validation of Public Key Certificates Experimental RFC, we need more stable standard IWAP 2004 Yuichi Suzuki (SECOM IS Lab) 7

Collect all evidences in format At the first verification Fix signing time Time stamp on value Collect all certificates on certification path Collect all revocation information Before expiration of time stamp certificate or fear of key or hash algorithm compromise Time stamp all above data archive timestamp IWAP 2004 Yuichi Suzuki (SECOM IS Lab) 8

Standard format for long term Two standards have been proposed ETSI TS 101 733 (RFC 3126) (ASN.1 extension of CMS Signed Data) ETSI TS 101 903 (W3C Note) XAdES XML format extension ES-C ES-X ES-T Signature Policy ID Elect. Signature (ES) Signed Attributes Digital Signature Timestamp over digital Complete certificate and revocation references Complete certificate and revocation Data Basic format Hash value of Certificates and CRL, ARLs IWAP 2004 Yuichi Suzuki (SECOM IS Lab) 9

Archiving Time Stamp Time stamp based on PKI also has fixed life time ex. RFC 3161 time stamp token has digital Encapsulate by another new time stamp Archive time stamping before expiration of inner timestamp certificate and/or cryptographic algorithm compromise ES-X Time Stump Time Stump Time Stump IWAP 2004 Yuichi Suzuki (SECOM IS Lab) 10

Summary Long term retention is necessary We have to re-verify the again to arbitrate the disputes Stable standards are needed for verification capability over long term period Some standards had been proposed We have to confirm the stability and usability of these standards IWAP 2004 Yuichi Suzuki (SECOM IS Lab) 11

IWAP 2004 Yuichi Suzuki (SECOM IS Lab) 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information