Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Securing eHealth, eGovernment and eBanking
with Java
Werner Keil
CATMedia
Thodoris Bais
ABN Amro & Utrecht JUG
Werner Keil Thodoris Bais
Jakarta EE Specification Committee Member Jakarta EE Ambassador, EG Member JSR-385
Let’s meet
@t...
@thodorisbais@wernerkeil
ABN Amro Bank
Financial sector
Amsterdam
Agile organization
20,000
3000+
400+
Total number of emp...
Agenda
1. eHealth and eGovernment
2. Signatures and Certificates
3. eBanking and eBusiness
4. DSS Framework
5. Demo
6. Lin...
eHealth refers to the use of
information and communications
technologies in healthcare.
https://www.who.int/ehealth/en/
eGovernment is the opening up
and adaptation of the public
sector through information and
communication technologies.
eGovernment in DE
ExternalInternal
eHealth in DE
Long distance communication Health Data Patient Monitoring
eGovernment in NL
eHealth in NL
80%
Access to medical records
75%
Health monitoring
eHealth in NL – How to achieve these
goals
Benefits of eHealth
Insight into own health
Time saving
Requirements for Secure
Transmission
Integrity Identity Authenticity
Authenticity of Author and Data
• Assignment of data to the signer
• Protection against denial by signatory
• Protection o...
Risks & Solutions
Electronic Signatures
Functionality
The electronic signature is a
cryptographic method that
uses two asymmetric keys
• Private key
• Public key
Signature Process
Signature Types
The signature law distinguishes three (or four) types
of signatures:
• Simple Electronic Signature (SES)
•...
Signature Types
Advanced Electronic Signature
Electronic signatures, where:
• The owner can be uniquely identified and assigned to the sig...
Scope of Application
An advanced electronic signature holder can also be a company,
service, app, etc.
The advanced electr...
Qualified Electronic Signature
An advanced electronic signature based on a secure signature
creation device and a qualifie...
Qualified Electronic Signature
with Accreditation
Provision of the PKI by a trust center that has undergone the
voluntary ...
Certificates
Certificates
The assignment of the electronic signature to the owner is carried out
by means of certificates
A certificate...
Signature Formats
There are four main types of signatures:
• XAdES (XML Document)
• CAdES (Common binaries of different ki...
Signature Packaging
Depending on the signature format, different packaging of the
signature and the document are possible:...
Signature Creation and Validation
eSENS Document Flow
eBanking with PSD2
eIDAS Certificate for PSD2
eBusiness Fraud
https://www.pdf-insecurity.org/index.html
PDF Insecurity
https://www.pdf-insecurity.org/index.html
DSS Framework
DSS Framework
DSS (Digital Signature Services) is an open-source software library
for electronic signature creation and va...
DSS Framework – Features
• Formats of the signed documents: XML, PDF, DOC, TXT, ZIP,…​
• Packaging structures: enveloping,...
Demo Time
@thodorisbais@wernerkeil
Links
CEF Digital Home:
https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/eSignature
eGov EU Twitter Account: @eGov_...
Thank You !
You’ve finished this document.
Download and read it offline.
Upcoming SlideShare
What to Upload to SlideShare
Next
Upcoming SlideShare
What to Upload to SlideShare
Next
Download to read offline and view in fullscreen.

Share

Securing eHealth, eGovernment and eBanking with Java - IT-Tage 2020 Conference

Download to read offline

Slide deck for our talk with Werner Keil at IT-Tage Conference 2020. Online, December 2020

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all
  • Be the first to like this

Securing eHealth, eGovernment and eBanking with Java - IT-Tage 2020 Conference

  1. 1. Securing eHealth, eGovernment and eBanking with Java Werner Keil CATMedia Thodoris Bais ABN Amro & Utrecht JUG
  2. 2. Werner Keil Thodoris Bais Jakarta EE Specification Committee Member Jakarta EE Ambassador, EG Member JSR-385 Let’s meet @thodorisbais@wernerkeil
  3. 3. @thodorisbais@wernerkeil ABN Amro Bank Financial sector Amsterdam Agile organization 20,000 3000+ 400+ Total number of employeesEnterprise bank Headquarters Development Teams DevOps / Hybrid cloud Applications
  4. 4. Agenda 1. eHealth and eGovernment 2. Signatures and Certificates 3. eBanking and eBusiness 4. DSS Framework 5. Demo 6. Links / Q&A
  5. 5. eHealth refers to the use of information and communications technologies in healthcare. https://www.who.int/ehealth/en/
  6. 6. eGovernment is the opening up and adaptation of the public sector through information and communication technologies.
  7. 7. eGovernment in DE ExternalInternal
  8. 8. eHealth in DE Long distance communication Health Data Patient Monitoring
  9. 9. eGovernment in NL
  10. 10. eHealth in NL 80% Access to medical records 75% Health monitoring
  11. 11. eHealth in NL – How to achieve these goals
  12. 12. Benefits of eHealth Insight into own health Time saving
  13. 13. Requirements for Secure Transmission Integrity Identity Authenticity
  14. 14. Authenticity of Author and Data • Assignment of data to the signer • Protection against denial by signatory • Protection of data against manipulation • On the transmission path • Through the receiver
  15. 15. Risks & Solutions
  16. 16. Electronic Signatures
  17. 17. Functionality The electronic signature is a cryptographic method that uses two asymmetric keys • Private key • Public key
  18. 18. Signature Process
  19. 19. Signature Types The signature law distinguishes three (or four) types of signatures: • Simple Electronic Signature (SES) • Advanced Electronic Signature (AdES) • Qualified Electronic Signature (QES) • Qualified Electronic Signature with Provider Accreditation
  20. 20. Signature Types
  21. 21. Advanced Electronic Signature Electronic signatures, where: • The owner can be uniquely identified and assigned to the signature • The signature is generated by means which owner can keep under their sole control • It is capable of identifying if accompanying data has changed after the message was signed • The signature can be invalidated in the event of such change
  22. 22. Scope of Application An advanced electronic signature holder can also be a company, service, app, etc. The advanced electronic signature can therefore be used to sign documents if there are no legal formalities (personal certificates) With the advanced electronic signature, mass signatures are possible, for example to ensure the integrity of documents in the area of electronic invoicing or archiving (functional certificates)
  23. 23. Qualified Electronic Signature An advanced electronic signature based on a secure signature creation device and a qualified certificate valid at the time of creation. Qualified Certificates • Serial Number • Reference to Qualified Certificate • Name of the owner (natural person) • Signature verification • Period of validity • Certification Service • Usage restrictions
  24. 24. Qualified Electronic Signature with Accreditation Provision of the PKI by a trust center that has undergone the voluntary accreditation process. Accreditation as a quality label provides proof of comprehensively tested safety. An accredited Qualified Trust Service Provider (QTSP) manages the signature creation.
  25. 25. Certificates
  26. 26. Certificates The assignment of the electronic signature to the owner is carried out by means of certificates A certificate is an electronic document linking the public signature verification key to the name of the holder (natural or legal person) The most common format for public key certificates is X.509.
  27. 27. Signature Formats There are four main types of signatures: • XAdES (XML Document) • CAdES (Common binaries of different kinds) • PAdES (PDF Document) • Associated Signature Containers (ASiC)
  28. 28. Signature Packaging Depending on the signature format, different packaging of the signature and the document are possible: • Enveloped • Enveloping • Detached • Internally Detached
  29. 29. Signature Creation and Validation
  30. 30. eSENS Document Flow
  31. 31. eBanking with PSD2
  32. 32. eIDAS Certificate for PSD2
  33. 33. eBusiness Fraud https://www.pdf-insecurity.org/index.html
  34. 34. PDF Insecurity https://www.pdf-insecurity.org/index.html
  35. 35. DSS Framework
  36. 36. DSS Framework DSS (Digital Signature Services) is an open-source software library for electronic signature creation and validation. DSS supports the creation and verification of interoperable and secure electronic signatures in line with European legislation. Three main features can be distinguished within the framework: • Creation of a Digital Signature • Extension of a Digital Signature • Validation of a Digital Signature
  37. 37. DSS Framework – Features • Formats of the signed documents: XML, PDF, DOC, TXT, ZIP,…​ • Packaging structures: enveloping, enveloped, detached and internally-detached • Forms signatures: XAdES, CAdES, PAdES and ASiC-S/ASiC-E • Profiles associated to each form of the digital signature • Trust management • Revocation data handling (OCSP and CRL sources) • Certificate chain building • Signature validation and validation policy • Validation of the signing certificate
  38. 38. Demo Time @thodorisbais@wernerkeil
  39. 39. Links CEF Digital Home: https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/eSignature eGov EU Twitter Account: @eGov_EU CEF DSS: https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/DSS DSS Framework on GitHub: https://github.com/esig/dss Bouncy Castle for Java: https://www.bouncycastle.org/java.html Apache Sanctuario: https://santuario.apache.org/ Apache PDFBox: https://pdfbox.apache.org/
  40. 40. Thank You !

Slide deck for our talk with Werner Keil at IT-Tage Conference 2020. Online, December 2020

Views

Total views

177

On Slideshare

0

From embeds

0

Number of embeds

1

Actions

Downloads

0

Shares

0

Comments

0

Likes

0

×