meeting the requirements of the electronic signatures directive n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Meeting the requirements of the Electronic Signatures Directive PowerPoint Presentation
Download Presentation
Meeting the requirements of the Electronic Signatures Directive

Loading in 2 Seconds...

play fullscreen
1 / 9

Meeting the requirements of the Electronic Signatures Directive - PowerPoint PPT Presentation


  • 76 Views
  • Uploaded on

Meeting the requirements of the Electronic Signatures Directive. Sokratis K. Katsikas & John Iliadis Department of Information and Communication Systems University of the Aegean {ska,jiliad}@aegean.gr. Technology Independence. Directive aims at technology independence

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Meeting the requirements of the Electronic Signatures Directive' - zaynah


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
meeting the requirements of the electronic signatures directive

Meeting the requirements of the Electronic Signatures Directive

Sokratis K. Katsikas & John Iliadis

Department of Information and Communication Systems

University of the Aegean

{ska,jiliad}@aegean.gr

technology independence
Technology Independence
  • Directive aims at technology independence
  • Problem: Directive identifies requirements that fall under the scope of technology (e.g. secure signature creation devices, Annex III)
  • Solution: Define sets of components that comply with the Directive. Caution needed when defining these sets; they must not conflict with other, underlying regulatory frameworks
separation of legislation and standardisation framework
Separation of legislation and standardisation framework
  • Separation of responsibilities, proposed by EESSI: layered framework for legislation and regulation
    • Legislation
    • High-level requirements
    • Functional and quality standards
    • International technical interoperability standards
slide4
Secure signature creation devices:The case of hardware tokens against security requirements and evaluation standards
  • Hardware tokens
    • easier to deploy
    • wide acceptance by public as a «secure» method
    • degree of security awareness required: low
  • Security requirements and evaluation standards
    • harder to deploy; compliance certification (end-user systems)?
    • degree of public confidence: low
    • degree of security awareness required: high
slide5
Secure signature creation devices:The case of hardware tokens against security requirements and evaluation standards
  • Factors to consider:
    • Ease of use,
    • confidence/acceptance by public,
    • cost of implementation, operation and maintenance,
    • security level and assurance,
    • others...
qualified value added services
Qualified Value-added Services
  • Need for «Qualified Value-added Services»
  • Should there be a limit on the kind of services CSPs may develop and offer to the public? Should we ensure that the new services they will be providing in the future will not damage their impartiality?
a conflicting situation
A Conflicting Situation
  • The Directive and the EESSI Expert Team Report provide for CSP interoperability but not for CSP service-level collaboration.
  • Certificate 1Certificate 2John Doe John Doeorg: X org: Yorg unit: Xu org unit: YuCountry: GR Country: GR
the case of greece
The Case of Greece
  • Harmonisation of the Electronic Signatures Directive and inclusion into national legislation is an evolving process.

legislation

standardisation

the case of greece1
The Case of Greece
  • «Qualified Value-added services» could proove to be useful

security evaluation

hardware tokens