Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Confirm it with an e-seal

1,100 views

Published on

Electronic Seal is a new solution incorporated in the eIDAS EU Regulation. Using the Electronic Seal to secure evidence of electronic transactions can facilitate the implementation of electronic services for individuals, reducing the need for them to use the electronic signature.
Electronic Seal is designed to ensure the integrity and authenticity of documents sealed with it. The Seal certificate contains information, which defines what exactly does “the authenticity” of the document imply. Authenticity of an electronic document may mean that the sealed document has been created or processed in accordance with rules regulated by certificate or certification policy.
The eIDAS Regulation specifies that only a legal person can create a seal. The creation of an electronic seal guarantees the authenticity of the document in accordance with the terms of use of the electronic seal, which are defined in the certificate or certification policy.
The above scheme allows for the creation of technical solutions, in which the seal mechanism can become a part of a device provided or authorized by "creator of a seal". These devices create an electronic seal over electronic data processed by them. The seal can contain information on the processing schema and security conditions. Individuals or legal persons for specific dedicated tasks can then use such devices. The evidence prepared by such a device can secure a business process or other trust services.

Published in: Technology
  • Login to see the comments

Confirm it with an e-seal

  1. 1. Confirm it with an e-seal Michał Tabor, CISSP Polish Chamber of Information Technology and Telecommunications ©Copyright 2015, PIIT & Michał Tabor 1 Remember conference hashtag: #EFPE2015 #eIDAS
  2. 2. 2015-06-11 ©Copyright 2015, PIIT & Michał Tabor 2
  3. 3. Electronic signatures and seals
  4. 4. Electronic Signature Electronic Seal Evidence Protection Means
  5. 5. eIDAS opportunity Electronic Signature Electronic Seal 2015-06-11
  6. 6. Electronic signature Used to protect evidence created by humans2015-06-11
  7. 7. Electronic signature Evidence from systems is signed by the people to protect origin2015-06-11
  8. 8. Electronic seal Evidence from systems is sealed automatically to protect origin 2015-06-11
  9. 9. eIDAS Trust Sevice - Evidence gathering © 2014, PIIT, Michal Tabor & TICons 9 certification verification validation preservation delivery EVIDENCE EVIDENCE EVIDENCE EVIDENCE EVIDENCE EVIDENCE WORKFLOW creation 2015-06-11
  10. 10. Electronic seal protects evidence from trust services EVIDENCE Qualified Seal QTS creation QTS validation QTS preservation QTS delivery Certification Sig or Seal QTS verification 2015-06-11
  11. 11. Business process evidence EvidenceEvent Event Event Event Event 2015-06-11 ©Copyright 2015, PIIT & Michał Tabor 11
  12. 12. Business process evidence EvidenceEvent Event Event Event Event 2015-06-11 ©Copyright 2015, PIIT & Michał Tabor 12 EvidenceWhen Where What Device Steps Documents
  13. 13. Creator of an Electronic Seal 2015-06-11 ©Copyright 2015, PIIT & Michał Tabor 13 Legal person creates eSeal Creator with eSeal guarantees authenticity of evidence Seal proves integrity of sealed evidence eSEAL creating data must remain under control of a creator But eIDAS doesn’t specify how control should be implemented
  14. 14. Seal creation data „sole control” models • Sealing is on own site • Full control over sealing device Creator of the seal owns sealing device • Device secured for sealing • Policy determines what is sealed Creator of the seal distributes his sealing device
  15. 15. Device Private Sealing Device 2015-06-11 ©Copyright 2015, PIIT & Michał Tabor 15 Evidence: What Evidence: When Evidence: Where Document Event Evidence Creator of a seal – takes resposibility for a evidence prepared by device Electronic Seal created by manufacturer ✔
  16. 16. Device examples
  17. 17. #insurance case 2015-06-11 ©Copyright 2015, PIIT & Michał Tabor 17 GPS Time Colecting evidence of an accident TIME PLACE
  18. 18. Patient photo #medicine case 2015-06-11 ©Copyright 2015, PIIT & Michał Tabor 18 Medical examination evidence
  19. 19. Agent info TIME PLACE PHONE CONFIRMATION PHOTO OF INSURED ©Copyright 2015 Michal Tabor Insurance policyWho… When… Where… How…. Signature Insurance Agent App on a tablet secures an evidence collected during „insuring process”. #insurance case
  20. 20. eIDAS Purpose: Business Service
  21. 21. eIDAS Qualified Services eIDAS Trust Services Trust Services Business Services ©Michal Tabor #eIDAS Trust Services Piramid
  22. 22. eIDAS Trust Sevice – Business Service © 2014, PIIT, Michal Tabor & TICons 22 certification verification validation preservation delivery ID ATTRIBUTES PROCESS EVIDENCE WORKFLOW creation 2015-06-11
  23. 23. Private Sealing Device Trust services Seal certifiation Certificates
  24. 24. Private Sealing Device Trust services Preservation Signature in Flight Qualified Seal Creation Other trust sevices based on evidence EVIDENCE External Evidence
  25. 25. 2015-06-11 ©Copyright 2015, PIIT & Michał Tabor 25
  26. 26. 2015-06-11 ©Copyright 2015, PIIT & Michał Tabor 26 Michał Tabor michal.tabor@ticons.pl Twitter: @michal_tabor Trusted Information Consulting Ltd. is the member of Polish Chamber of Information Technology and Telecommunications #eIDAS #EFPE2015

×