1 / 9

Meeting the requirements of the Electronic Signatures Directive

Meeting the requirements of the Electronic Signatures Directive. Sokratis K. Katsikas & John Iliadis Department of Information and Communication Systems University of the Aegean {ska,jiliad}@aegean.gr. Technology Independence. Directive aims at technology independence

zaynah
Download Presentation

Meeting the requirements of the Electronic Signatures Directive

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Meeting the requirements of the Electronic Signatures Directive Sokratis K. Katsikas & John Iliadis Department of Information and Communication Systems University of the Aegean {ska,jiliad}@aegean.gr

  2. Technology Independence • Directive aims at technology independence • Problem: Directive identifies requirements that fall under the scope of technology (e.g. secure signature creation devices, Annex III) • Solution: Define sets of components that comply with the Directive. Caution needed when defining these sets; they must not conflict with other, underlying regulatory frameworks

  3. Separation of legislation and standardisation framework • Separation of responsibilities, proposed by EESSI: layered framework for legislation and regulation • Legislation • High-level requirements • Functional and quality standards • International technical interoperability standards

  4. Secure signature creation devices:The case of hardware tokens against security requirements and evaluation standards • Hardware tokens • easier to deploy • wide acceptance by public as a «secure» method • degree of security awareness required: low • Security requirements and evaluation standards • harder to deploy; compliance certification (end-user systems)? • degree of public confidence: low • degree of security awareness required: high

  5. Secure signature creation devices:The case of hardware tokens against security requirements and evaluation standards • Factors to consider: • Ease of use, • confidence/acceptance by public, • cost of implementation, operation and maintenance, • security level and assurance, • others...

  6. Qualified Value-added Services • Need for «Qualified Value-added Services» • Should there be a limit on the kind of services CSPs may develop and offer to the public? Should we ensure that the new services they will be providing in the future will not damage their impartiality?

  7. A Conflicting Situation • The Directive and the EESSI Expert Team Report provide for CSP interoperability but not for CSP service-level collaboration. • Certificate 1Certificate 2John Doe John Doeorg: X org: Yorg unit: Xu org unit: YuCountry: GR Country: GR

  8. The Case of Greece • Harmonisation of the Electronic Signatures Directive and inclusion into national legislation is an evolving process. legislation standardisation

  9. The Case of Greece • «Qualified Value-added services» could proove to be useful security evaluation hardware tokens

More Related