trust in a digital society: the trend in europe - jipdec · 2021. 1. 25. · registration. tsp...

1

Trust in a Digital Society: the trend in Europeクラウド署名で加速するビジネスの改革 Tokyo, 9th November 2018

Andrea VallePresidentCloud Signature Consortium

© 2018 Cloud Signature Consortium. All Rights Reserved.

eIDAS: boosting Trust & supporting Businesses

Regulation No 910/2014. Effective since July 2016.

Provide a consistent set of Regulations and Standards throughout the EU.

Strengthen the EU Single Market by boosting Trust and Convenience in secure and seamless cross-border electronic transactions.

3


Where eIDAS plays a role

4

AMLD5 – Directive (EU) 2018/843Published on OJEU on 19/06/2018

Payment Service Directive 2 – Directive (EU) 2015/2366 Commission Delegated Regulation (EU) 2018/389 – Regulatory Technical Standards for Strong Customer Authentication

Once-Only Principle cross-borderEU Regulation on Single Digital Gateway agreed on 24/05/2018

Digital on-boarding and portability of KYCEC Expert Group on eID and remote KYC (2nd meeting held on 10 July 2018)– jointly managed by CNECT, JUST and FISMA

Company lawProposal to amend the Directive (EU) 2017/1132 adopted by EC on 25/04/2018 as regards the use of digital tools and processes in company law

Tackling online disinformation / Fighting fake newsCOM(2018) 236 final adopted on 26/04/2018

GDPR complianceData minimisation; use of trusted attributes, credentials and entitlements (such as age verification, proof of residence, etc.)

Audio-visual Media Service DirectiveProtection of minors / Age verification and parental consent


eIDAS Trust Services facilitate the Digital Transformation of Businesses

5


Qualified Trust Service Providers in Europe

165Qualified Trust Service Providersare active in the EU

6

© 2018 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.

(Basic) Electronic SignaturesAny electronic signatures and verification services shall be admissible as evidence in legal proceedings.

Electronic Signatures

Advanced Electronic Signatures (AES)Signatures must be uniquely linked to—and capable of identifying—the signer, e.g. Certificate-based digital ID.

Advanced

8

What does “electronic signatures” mean?

eIDAS definitions

Qualified Electronic Signatures (QES)• Same legal value as a handwritten signature.• Certificate issued by Qualified Trust Service Providers

(QTSP).• Requires use of a Qualified Signature Creation Device

(QSCD), e.g. HSM or smart card.

Qualified

© 2018 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.

The Problem of Digital Signatures: Very Secure but Very Outdated

Required in some highly regulated industries BUTdo not work on mobile or web applications

Have special status in the EU, BUT carry a substantial IT cost to manage and maintain certificates.

More secure, BUT require in-person authentication and physical tokens.

© 2018 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 10

Remote Electronic Signatures

eIDAS introduces the possibility to sign legally binding documents remotely

• Recital 51: “It should be possible for the signatory to entrust qualified electronic signature creation devices to the care of a third party, provided that appropriate mechanisms and procedures are implemented to ensure that the signatory has sole control over the use of his electronic signature creation data, and the qualified electronic signature requirements are met by the use of the device”.

• Article 29: Requirements for qualified electronic signature creation devices:• “Qualified electronic creation devices shall meet the requirements laid down in Annex II”• Generating or managing electronic signature creation data on behalf of the signatory may only be done

by a qualified trust service provider (Annex II 3)”

• Recital 56: “This Regulation should lay down requirements for qualified electronic signature creation devices to ensure the functionality of advanced electronic signatures. This Regulation should not cover the entire system environment in which such devices operate. Therefore, the scope of the certification of qualified signature creation devices should be limited to the hardware and system software used to manage and protect the signature creation data created, stored or processed in the signature creation device. As detailed in relevant standards, the scope of the certification obligation should exclude signature creation applications.”

• Article 30: Certification of qualified electronic signature creation devices.

© ETSI 2018 11

Remote Signing Standards

Tamper Protected Environment

Crypto. Module

SignatureActivationModule

ServerSigning

Application

EN 419241-2 (qualified only)EN 419241-1

TS 119 432(protocol)

CertificateIssuance

Registration

TSP Service Componentoperating remote QSCD / SCD

TS 119 431 (policy requirements)

EN 419221-5

SignerInteractionComponent

RevocationManagem’t

DelegatedAuthentication


Meet the Cloud Signature Consortium

The Cloud Signature Consortium was founded in 2016 by an international cooperation group of industry and academic experts, including solutions, technology and trust service providers Promote cloud-based Electronic Trust Services.

Design a common architecture and building blocks to facilitate service interaction

Develop technical specifications for protocols and APIs to make these interactions easy and interoperable.

Publish technical specifications as open standards.

13


Current activities

January 2018: the Consortium becomes a Not For Profit Association Acquired legal personality to support membership expansion and advocacy worldwide

Releasing the final CSC API V1 Specification Stable Draft publicly available at https://cloudsignatureconsortium.org/specifications

International Cooperation Establishing a Cooperation Agreement with ETSI to allow mutual exchange

of contributions for the development of standards for trust services.

The CSC API specification is referenced in ETSI TS 119 432 “Protocols for remote digital signature creation”, due to be published by the end of November 2018.

Active cooperation with several Government agencies developing public policies on remote digital signatures.

14

https://cloudsignatureconsortium.org/specifications


The Members**

15

Adobe USA/IrelandAsseco Data Systems PolandBuyPass NorwayCertinomis Docapost FranceCertSign RomaniaDigiCert USAD-Trust/Bundesdruckerei GermanyeMudhra IndiaGMO GlobalSign USA/JapanKPMG NorwayInfoCert ItalyIntarsys GermanyIntesi Group ItalyNotarius CanadaQuoVadis WiseKey Switzerland/BeneluxSafeLayer SpainTechnische Univ. Graz AustriaTrans Sped RomaniaUniversign FranceValidated ID SpainWorldline ATOS France


Joining the Cloud Signature Consortium

Being part of the Cloud Signature Consortium Technical Community Joining the CSC means becoming a member of an active community of adopters and endorsers: Service Providers, Solution Providers, Technology Providers, System Integrators, Consultants, Auditors.

Contribute to the development of the standard: Influence and drive strategic directions.

Benefit from early access to updated API specifications.

Conformity Checker software to test implementations for interoperability and performance analysis.

A Partner in Public Policy development A team of experts in standards development and regulatory compliance.

Technical awareness and dissemination initiatives.

https://cloudsignatureconsortium.org/contacts

16

https://cloudsignatureconsortium.org/contacts

© 2018 Cloud Signature Consortium. All Rights Reserved.© 2018 Adobe Inc. All Rights Reserved. 17

An example of Cloud Signature serviceAdobe Sign

© 2018 Adobe Systems Incorporated. All Rights Reserved. 19

Click the signature field to start signing

• Fill in data fieldsas needed.

• Click on the signature field to apply the digital signature.


Select your Trust Service Provider

• Select the CSC Provider as needed.

• Currently available providers:• Asseco• BankID Sweden• BankID Norway• GMO GlobalSign• InfoCert• Intesi Group• Seiko• Trans Sped…more coming soon!


Authenticate with your CSC Provider

• Authenticate with the chosen CSC Provider via OAuth.

• Supports Single Sign On for Enterprise environments


Configure and Preview your signature

• Preview the visual presentation of your digital signature. Shows how it will appear in the final signed agreement.

• Add a Signing Reason if needed.


Apply the digital signature to the document

• Complete any other required form fields.

• Accept the terms and conditions as required and press the Click to Sign button.


Authorize the signature

• Enter the authorization data that protects the Digital ID (e.g. PIN/OTP).

• Also supports other types of authorization via OAuth.

• A Qualified Timestampis also automatically applied as a proof of existence and to obtain a Long Term Validity signature.


You have successfully signed the agreement!

• Your Cloud Signaturehas been applied successfully.

• The signed document is archived for unlimited time.

• You can download a copy of your signed document when needed at any time.


Andrea [email protected]

Thank you!

mailto:[email protected]

Slide Number 1Slide Number 2eIDAS: boosting Trust & supporting BusinessesWhere eIDAS plays a roleeIDAS Trust Services facilitate the Digital Transformation of BusinessesQualified Trust Service Providers in EuropeSlide Number 7What does “electronic signatures” mean?The Problem of Digital Signatures: Very Secure but Very OutdatedSlide Number 10Remote Signing StandardsSlide Number 12Meet the Cloud Signature ConsortiumCurrent activitiesThe Members**Joining the Cloud Signature ConsortiumSlide Number 17Slide Number 18Slide Number 19Slide Number 20Slide Number 21Slide Number 22Slide Number 23Slide Number 24Slide Number 25Slide Number 26

trust in a digital society: the trend in europe - jipdec · 2021. 1. 25. · registration. tsp...

Documents