![Page 1: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/1.jpg)
PSD2/EIDAS DEMONSTRATIONSChris Kong, AzadianKornél Réti, MicrosecLuigi Rizzo, InfoCert © All rights reserved
![Page 2: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/2.jpg)
eIDAS meets PSD2
Overview for this Presentation
2
Revocations & Access
Interfaces & SCA
TPP & ASPSP XS2A Setup
eIDASCertificatesIssuing
Authorization & Passporting
As previously reported and reviewed at ERPB, with ECB and EC, there are five general stages of activity for actors within the new PSD2 services.
Today, we will be looking at these five stages and explaining the principles, rational and providing a demonstration of those activities in practice.
![Page 3: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/3.jpg)
eIDAS meets PSD2
Revocations & Access
Interfaces & SCA/CSC
TPP & ASPSP XS2A Setup
eIDASCertificatesIssuing
Authorization & Passporting
1. AUTHORISATION & PASSPORTING
![Page 4: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/4.jpg)
eIDAS meets PSD2
Authorization & Passporting
4
Revocations & Access
Interfaces & SCA/CSC
TPP & ASPSP XS2A Setup
eIDASCertificatesIssuing
Authorization & Passporting
Authorization & Passporting is the process for any PSP getting an Financial Authorization from their Home National Competent Authority (NCA) regulator.
A successful application by a PSP results in an entry on the Public Register of an NCA.
NOTE: For the purposes of the demonstration today, we have created an NCA, with “Example Tpp” and “Example Bank” as our entities to use as our demonstration.
![Page 5: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/5.jpg)
eIDAS meets PSD25
DEMO
![Page 6: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/6.jpg)
eIDAS meets PSD2
Authorization & Passporting
6
Revocations & Access
Interfaces & SCA
TPP & ASPSP XS2A Setup
eIDASCertificatesIssuing
Authorization & Passporting
SUMMARY
• It is expected that all NCAs will make available their Public Registers with PSD2 Upgrades in 2018.
• There is a market dependency on the availability and accuracy of the NCA Public Registers, as will be shown through this demonstration.
![Page 7: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/7.jpg)
eIDAS meets PSD2
2. EIDAS CERTIFICATE ISSUING
Revocations & Access
Interfaces & SCA/CSC
TPP & ASPSP XS2A Setup
eIDASCertificatesIssuing
Authorization & Passporting
![Page 8: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/8.jpg)
eIDAS meets PSD2
eIDAS Certificate Issuing
8
• Any PSP can acquire eIDAS certificates, including:
• Qualified certificate for website authentication (QWAC)• Qualified certificate for electronic seal (QSealC)
• This phase assumes that the PSP is already registered and authorized by the NCA
• NOTE: for the purposes of this demo we are using “Example TPP” as an example for the certificate subject
Revocations & Access
Interfaces & SCA/CSC
TPP & ASPSP XS2A Setup
eIDASCertificatesIssuing
Authorization & Passporting
![Page 9: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/9.jpg)
eIDAS meets PSD2
1. Generate a key pair e.g. in the PSP secure systems
2. Visit the QTSP website, fill out certificate request form, include public key to be certified
3. The QTSP will prepare the papers and contact PSP
4. Validation of all data to be included in the certificate
5. QTSP issues certificate to PSP
6. Install certificate into PSP secure systems
Example Certificate Request Process
9
![Page 10: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/10.jpg)
eIDAS meets PSD2
Screenshot
10
![Page 11: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/11.jpg)
eIDAS meets PSD211
DEMO
![Page 12: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/12.jpg)
eIDAS meets PSD2
• Identity validation, using one of:• qualified signature of authorized representative of PSP,• face-to-face identification of representative using photo ID,• other method providing equivalent assurance
• Validation of possession of the Private Key• Validation of company data against company register
• Validation of authorization of representative• PSD2 attribute validation against NCA register
Verification performed by the QTSP
10
![Page 13: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/13.jpg)
eIDAS meets PSD2
NCA Public Register - TPP
13
![Page 14: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/14.jpg)
eIDAS meets PSD2
1. Generate a key pair e.g. in the PSP secure systems
2. Visit the QTSP website, fill out certificate request form, include public key to be certified
3. The QTSP will prepare the papers and contact PSP
4. Validation of all data to be included in the certificate
5. QTSP issues certificate to PSP
6. Install certificate into PSP secure systems
Example Certificate Request Process
14
![Page 15: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/15.jpg)
eIDAS meets PSD215
DEMO
![Page 16: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/16.jpg)
eIDAS meets PSD2
Screenshot
16
![Page 17: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/17.jpg)
eIDAS meets PSD2
eIDAS Certificate Issuing
17
Revocations & Access
Interfaces & SCA/CSC
TPP & ASPSP XS2A Setup
eIDASCertificatesIssuing
Authorization & Passporting
SUMMARY
• QTSP identifies PSP and relies on NCA register to validate PSD2 specific attributes
• QTSP takes responsibility that all information in the certificate is correct at the time of issuance
• QTSP issues qualified certificates according to ETSI TS 119 495, which specifies a standard format and management of PSD2 specific data
![Page 18: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/18.jpg)
eIDAS meets PSD2
3. IDENTIFICATION & SETUP
Revocations & Access
Interfaces & SCA/CSC
TPP & ASPSP XS2A Setup
eIDASCertificatesIssuing
Authorisation & Passporting
![Page 19: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/19.jpg)
eIDAS meets PSD2
TPP to ASPSP - Identification & Setup
19
Revocations & Access
Interfaces & SCA/CSC
TPP & ASPSP XS2A Setup
eIDASCertificatesIssuing
Authorisation & Passporting
The TPP & ASPSP Setup is an identification process within API Access enablement. Although not mandated in the RTS SCA CSC, it is generally API industry best practice.
• As the TPP has a QSEALC, they can now digitally identify themselves towards ASPSPs online for PSD2 API Access.
• Successful identification & Setup between the TPP and ASPSP, results in a TPP getting API Access from an ASPSP.
• eIDAS and ETSI TS 119 495 enables a common framework and pan-European interoperability between all TPPs and ASPSPs for this process.
![Page 20: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/20.jpg)
eIDAS meets PSD220
Discovery1
Sign‐Up2 Access
Request3 eIDAS
Check4 PSD2
Check5 API
Access 6
Revocations & Access
Interfaces & SCA/CSC
TPP & ASPSP XS2A Setup
eIDASCertificatesIssuing
Authorisation & Passporting
![Page 21: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/21.jpg)
eIDAS meets PSD221
DEMO
![Page 22: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/22.jpg)
eIDAS meets PSD222
SUMMARY
• QSEALC Certificates provide a common and eiDAS secured method for an unknown TPP to become identified to the ASPSP.
• PKI can be used verify the TPP is who they claim to be in the QSEALC.
• QSEALC Certificates do not contain all information and may not be up to date, so ASPSPs need to check NCA Public Registers (or equivalent).
• Successful application of this Identification process allows TPPs a quick and universal way of secure access to APIs, with ASPSPs.
Revocations & Access
Interfaces & SCA/CSC
TPP & ASPSP XS2A Setup
eIDASCertificatesIssuing
Authorisation & Passporting
TPP to ASPSP - Identification & Setup
![Page 23: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/23.jpg)
eIDAS meets PSD2
Revocations & Access
Interfaces & SCA/CSC
TPP & ASPSP XS2A Setup
eIDASCertificatesIssuing
Authorisation & Passporting
4. INTERFACES – USING CERTIFICATES
![Page 24: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/24.jpg)
eIDAS meets PSD2
Interfaces and SCA/CSC
24
Interfaces and SCA requirements are laid out in the RTS SCA and CSC.
Generally, the key communication requirements are listed as:- Identification- Confidentiality- Integrity
NOTE: Whilst there are many technical methods for Communications, APIs and SCA, we have selected appropriate mechanisms for this demonstrations and should be considered as “one way to do it”, but not the “only way to do it”.
Revocations & Access
Interfaces & SCA/CSC
TPP & ASPSP XS2A Setup
eIDASCertificatesIssuing
Authorisation & Passporting
![Page 25: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/25.jpg)
eIDAS meets PSD225
eIDAS Certificates and Internet CSC It’s important to know that QWAC and QSEALC Certificates are used for different purposes and effects.
QSEALs provide:- Identification- Integrity
QWACs provide:- Identification - Confidentiality
Revocations & Access
Interfaces & SCA/CSC
TPP & ASPSP XS2A Setup
eIDASCertificatesIssuing
Authorisation & Passporting
Interfaces and SCA/CSC
![Page 26: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/26.jpg)
eIDAS meets PSD2
TLS protocol
26
From a high-level, TLS has three main capabilities that may be used independently or in combination to secure content transport (or the network pipe).
These capabilities are:1. Authenticating a server to a client2. Encrypting client/server communications3. Authenticating a client to a server
Most public web sites use TLS only to authenticate the web server to the client. Web server authentication is easily implemented and sufficient for establishing a TLS connection. However, web servers can be configured to request or require that the client authenticate using a certificate. This is known as mutual authentication.
![Page 27: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/27.jpg)
eIDAS meets PSD2
Mutual TLS Authentication
27
• Two parties authenticating each other through verifying the provided digital certificate issued by QTSPs both parties are assured of the other’s identity
• Very popular in server-to-server communications
• A client (web browser or client application) authenticating itself to a server (website or server application) and that server also authenticating itself to the client
• QTSPs listed in EU member states TSLs are an important part of the mutual authentication process
![Page 28: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/28.jpg)
eIDAS meets PSD228
DEMO
![Page 29: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/29.jpg)
eIDAS meets PSD2
Interfaces and SCA/CSC
29
eIDAS Certificates and Internet CSC
Revocations & Access
Interfaces & SCA/CSC
TPP & ASPSP XS2A Setup
eIDASCertificatesIssuing
Authorisation & Passporting
It’s important to know that QWAC and QSEALC Certificates are used for different purposes and effects.
QSEALs provide:- Identification- Integrity
QWACs provide:- Identification - Confidentiality
![Page 30: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/30.jpg)
eIDAS meets PSD230
Customer ASPSP services
customer payment request
omissis … customer is authenticated in some way by ASPSP … omissis
sealed payment request is validated, PISP QSEALC is validated by means of QTSP validation services, payment request is processed, ASPSP response is generated and sealed by means of ASPSP QSEALC
sealed payment response
PISP – ASPSP payment transaction
PISP services
payment request is generated and sealed by means of PISP QSEALC
sealed payment request
customer payment request processing outcomes
![Page 31: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/31.jpg)
eIDAS meets PSD231
DEMO
![Page 32: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/32.jpg)
eIDAS meets PSD2
Interfaces and SCA/CSC
32
SUMMARY
1. QWAC and QSEALC are used at different communication layers and provide different effects:
• QWAC for Transport Layer• QSEALC for Application Layer.
2. QWAC provides Identification and Confidentiality.
3. QSEALC provides Identification and Integrity.
4. When used in combination and with Qualified Certificates, this will fulfil the requirements from RTS SCA CSC and also have legal effect from eIDAS.
Revocations & Access
Interfaces & SCA/CSC
TPP & ASPSP XS2A Setup
eIDASCertificatesIssuing
Authorisation & Passporting
![Page 33: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/33.jpg)
eIDAS meets PSD2
Revocations & Access
Interfaces & SCA/CSC
TPP & ASPSP XS2A Setup
eIDASCertificatesIssuing
Authorisation & Passporting
5. REVOCATION OF CERTIFICATES
![Page 34: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/34.jpg)
eIDAS meets PSD2
eIDAS Certificate Revocation
34
• All certificates have a validity period (expiry date)• However, certificate data may become invalid earlier, e.g.:
• Private key is compromised• PSP authorization revoked or authorization number changed• PSP role(s) revoked
• In these cases the certificate needs to be revoked• Revocation is published by the issuer QTSP
Revocations & Access
Interfaces & SCA/CSC
TPP & ASPSP XS2A Setup
eIDASCertificatesIssuing
Authorisation & Passporting
![Page 35: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/35.jpg)
eIDAS meets PSD2
• Certificate validation includes• Is it expired? dates in the certificate• Is it revoked? CRL or OCSP
• CRL: Certificate Revocation List• OCSP: Online Certificate Status Protocol
• Is the issuer QTSP trusted? certificate path building
• Typically done automatically by application software• NOTE: in this demo we use e-Szigno SCVA by Microsec
Certificate Validation
35
![Page 36: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/36.jpg)
eIDAS meets PSD2
• Visit the QTSP website, specify certificate serial number and password (to authenticate owner)
• The QTSP will process revocation request• If properly authenticated, this can be automatic
• QTSP publishes that certificate is revoked• Certificate cannot be used any more to create
seals / authenticate website
The Certificate Revocation Process
36
![Page 37: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/37.jpg)
eIDAS meets PSD237
DEMO
![Page 38: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/38.jpg)
eIDAS meets PSD2
Screenshot
38
![Page 39: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/39.jpg)
eIDAS meets PSD2
Certificate Revocation
39
SUMMARY
1. Revocation may be requested bya. PSP (who owns the certificate), orb. NCA (who authorized the PSP)
2. Certificate loses its validity whena. Revocation is published by the QTSP, orb. The certificate expires
3. Invalid certificate shall not be accepted by the receiving party
Revocations & Access
Interfaces & SCA/CSC
TPP & ASPSP XS2A Setup
eIDASCertificatesIssuing
Authorisation & Passporting
![Page 40: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/40.jpg)
eIDAS meets PSD2
PSD2 DEMONSTRATIONOVERALL SUMMARY
![Page 41: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/41.jpg)
eIDAS meets PSD2
SUMMARY
41
Revocations & Access
Interfaces & SCA
TPP & ASPSP XS2A Setup
eIDASCertificatesIssuing
Authorisation & Passporting
Today we have briefly explained and demonstrated a few live processes for the E2E journey of a TPP.
We have also discussed where NCAs, QTSPs, ASPSP and the TPPs themselves need to perform Regulatory or Technological actions for this to fit together.
![Page 42: PSD2/EIDAS DEMONSTRATIONS · 2018-03-20 · eIDAS meets PSD2 1. Generate a key pair e.g. in the PSP secure systems 2. Visit the QTSP website, fill out certificate request form, include](https://reader033.vdocuments.net/reader033/viewer/2022050500/5f92bb00e6da51111d067dfc/html5/thumbnails/42.jpg)
eIDAS meets PSD2
PSD2 DEMONSTRATION
Kornél Ré[email protected]
https://www.microsec.com/
PKI: https://e-szigno.hu/en/
https://infocert.digital/about-us/
https://infocert.digital/solutions/
Luigi [email protected]
Chris [email protected]
https://www.azadian.io
https://openbankingeurope.eu