1 / 16

Electronic Signature Standardization: The National Dimension

Autorità per l’informatica nella Pubblica Amministrazione. Electronic Signature Standardization: The National Dimension. AFNOR, Tour Europe, Paris La Défense May 11th, 2000. SUMMARY. The Italian PKI: state of the art The Government Intranet (G-Net)

annice
Download Presentation

Electronic Signature Standardization: The National Dimension

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Autorità per l’informatica nella Pubblica Amministrazione Electronic Signature Standardization:The National Dimension AFNOR, Tour Europe, Paris La Défense May 11th, 2000

  2. SUMMARY • The Italian PKI: state of the art • The Government Intranet (G-Net) • Interoperability guidelines for the Public Administrations Electronic Signature Standardization: The National Dimension

  3. The Italian PKI • Only secure advanced digital signatures are regulated • No explicit regulation for low level digital signatures • Legal framework complete • Law 59/1997 • Presidential Decree 513/1997 • Prime Minister Decree February 8th, 1999 • AIPA Resolution July 26th, 1999, CR/22 • Near ten application for enrolment submitted • At the date seven certification authorities enrolled Electronic Signature Standardization: The National Dimension

  4. LEGAL FRAMEWORK • Law 59/1997 • gives legal validity to electronic documents • Presidential Decree 513/1997 • defines legal framework for electronic documents • introduces digital signature concept • states general rules for certification authorities operation • Prime Minister Decree February 8th, 1999 • states technical rules and security requirements for digital signatures and certification authorities • AIPA Resolution July 26th, 1999, CR/22 • defines the procedure to apply for the enrolment as certification authority Electronic Signature Standardization: The National Dimension

  5. ITALIAN CERTIFICATION AUTORITIES • Three banking organizations • One ISP (financial organization) • One telecom carrier • One PP.TT. organization • One Consortium of Public Agencies Electronic Signature Standardization: The National Dimension

  6. Government Intranet (G-Net) • Connects main offices of Italian Ministry • High level of network and data security • Smart card based user authentication • Secure mail system with digital signature Electronic Signature Standardization: The National Dimension

  7. Government Intranet (G-Net) II • PKI Standard: X.509v3 • Compliant with Directive CE/1999/93 • Proprietary mail enveloping (in near future PKCS#7) Electronic Signature Standardization: The National Dimension

  8. INTEROPERABILITY GUIDELINESFORCERTIFICATION AUTHORITIES Electronic Signature Standardization: The National Dimension

  9. TARGETS • Assure the interoperability within the Public Administration • All C.A. must accept DER, PKCS7, PEM data types as input • All C.A. must manage a minimal set of X.509v3 certificate extensions • All PKCS7 signed data envelopes must contain only the basic digital document without headers or trailers added to identify the document type Electronic Signature Standardization: The National Dimension

  10. REFERENCE STANDARDS Commercial products are compliant to : • PKCS#1(RSA) • ISO 10118-3 (SHA-1) • X.509:1997 (X.509v3) • PKCS#7 (RFC 2315) Electronic Signature Standardization: The National Dimension

  11. Certificate Structure (I) • COMMON NAME = <surname>/<name>/<fiscal code>/<owner identification code> Contains unique identification data of the certificate owner (slash is used as field separator). Must be a PrintableString. • DESCRIPTION= C=<extended surname>/ N=<extended name>/ D=<birthdate>/ R=<owner’s role in PKI> Can contain characters like ç, è, ì,ü to guarantee the support for foreign names. Can be a BMPString. Electronic Signature Standardization: The National Dimension

  12. Certificate Structure (II) Mandatory extensions (if applicable): 1. Authority Key Identifier 2. Subject Key Identifier 3. Key usage 4. Extended Key Usage 5. Certificate Policies Electronic Signature Standardization: The National Dimension

  13. CRL and CSL • Every C.A. publishes the CRL and CSL using a single file • CSL must use CRLReason and holdInstruction extensions to represent the temporary hold state Electronic Signature Standardization: The National Dimension

  14. WORK IN PROGRESS • OCSP Support for CRL • Attribute Certificates • Digital timestamp standardisation • Smart card interoperability Electronic Signature Standardization: The National Dimension

  15. Interoperability table (before) Electronic Signature Standardization: The National Dimension

  16. Interoperability table (after) Electronic Signature Standardization: The National Dimension

More Related