180 likes | 336 Views
TDL Meeting 7-8 April 2014 //Vienna. Sprint Proposal The key of a legal on line signature : The inseparable link between e-Authentication, e-Signature and e-Validation. Description of innovation Certiway’s Ecosystem. Introduction of assurance levels in real time transactions
E N D
TDL Meeting7-8 April 2014 //Vienna Sprint Proposal The key of a legal on line signature: The inseparable link between e-Authentication, e-Signature and e-Validation
Description of innovationCertiway’s Ecosystem • Introduction of assurance levels in real time transactions • Real-time contractualisation of each bilateral relationship and provision of legal claim • Validation platform,CERTIWAY, to guarantee end-to-end trust: revocation list management, data domiciliation & data consolidation, accountability between all service providers, recovery, resilience (ISO 27006 and 27035), interoperability
Description of innovationCertiway’s Ecosystem • Description of a use case of new trust services and e-ID regulation (eIDAS)for cross border digital signature, applicable for handling real time processing of mass transactions. Use Case including: • a strong e-Authentication TDL Microsoft • a qualified electronic signature creation device TrustSeed • a validation of qualified electronic signaturesCertiWay - Legal evidence and privacy’s protection CertiWay
The urgent needs of Businesses and Users • New control technologies for digital identities – e-authentication • Establishing trust frameworks and increasing the interoperability of trust services • New design principles for easy and cheap deployment of complex architectures, e.g. architecture serving complex identity infrastructures • Newsolutions digital signature, easy, cheap and legal • Easy to use, easy to deploy • Insurance levels for guarantees
The urgent needs of Businesses and Users • Compliant with upcoming European Regulations : REGULATION on electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation) REGULATION on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) DIRECTIVE concerning measures to ensure a high common level of network and information security across the Union(NIS Directive)
Benefits • The innovation linking in real time… : • From a basic to a high eID security level • Strong authentication • Bilateral contracts • e-Signature and their validation • Validation (authentication, signature and delivery) • Control of the document to sign : its integrity and these mandatory data • Respect of the privacy • Assurance levels … is the only way to be compliant with the three upcoming European Regulations. This innovation makes your business get a head start.
Benefits In the meantime, the innovation allows : - an effective protection of the data of citizens and of businesses “PRIVACY BY DESIGN” - only the electronic exchanges previously agreed “ACCOUNTABILITY” & “TRACEABILITY” - Focus on your core business andentrust liability to the qualified trust service Providers “ENTRUST LIABILTY” - as a consequence: the drastic reduction of fraud and the capability to save money “STRUGGLE AGAINST CYBER CRIME”
Use Case: 1.Joining TDL Sign legally online the TDL membership agreement Application form contains: • Signature • Contact details and billing information • Adherence to Articles of Association • Adherence to rules & policies Weakness in process! • No control if the signature is from an authorised representative • No bilateral signature • No version management of signed AoA& Rules and Policy connected to the signature
2.By signing online in compliance to the upcoming regulations • Stored in the cloud: • Applicant Company Z • Agreement version .X • Rules & Policies version .Y • Electronic agreements • Probative value • Proof of exchange • Attribute for invoicing • Attribute for access 365 • Proof of acceptance • Legal archiving (WORM) E-authentication platform E-signature platform Validation platform TDL office 365
Prospective member MS Azure Sharepoint TDL Board TDL Entreprise Application Portal Signature validation and hash creation TDL countersigns agreement without membership fee PenSeal Signature and Verification Service Validation Service Provider Validation Request Contractdeposit Step 3 Signature validation approved notification Request for reviewing contract contractisshown to TDL Board Authentication + Signature Request Strong Authentication – Phase 1 Strong Authentication Activation Strong Authentication – Phase 2 PIN Entry Validation Request PIN Check Approved Service Invocation of Electronic Signature Receipt Proof Creation Contract Sign Signature Proof Creation Step 4 ProofsTransfer request Contract Signed + Proofs deposit for archiving Contract Signature information for TDL Board Contract Signature Notification for prospective member
Use case overview • Immediate Perspective In our solution, we use the Microsoft claim system completed by the TDL check of the supporting documents uploading by the Prospective Member. • TomorrowPerspective There will be different attribute providers that will be in charge to attest the authorized signees of companies .
Feedback on the sprint What have been done so far: Researched the interface between the Microsoft e-Authentication platform Researched the interface with TDL office 365 Worked out the workflow … and What needs to be done: Implementation of a use case in TDL community
Total budget for the sprint: € 81.000 Requested budget: €25.000 Method of cost estimation: 3 persons x (nb man days) x (500€) Already executed: approx. 8 man days = 12k euros • Conceptual design and technical feasibility check • Use case description • Research aspects of relying party (TDL contracting) • Preliminary workflows Needed to finalize the sprint (refer to slide 18 with details) • Analysis (legal functional): 10 man days • Design phase : 10 man days • Implementation phase : 16 man days • Dissemination of results (public paper): 10 man days • Costs for availability technical platform: 6.000,- • Costs for travel and unforeseen: 4k€ Costs estimation for the Sprint
Use Case – Implementation viewTDL membership agreement signing
Use Case – Implementation viewSigning the TDL membership agreement
Design phase : • Detailed storyboard and technical details • Review of existing components and apps • Technical specification • Prototyping API’s • Validation for implementation phase • Implementation phase : • TDL uses OFFICE SHAREPOINT 2013 on 365: need technical description of document formats, web application • UIA Authentication service: need technical description of service • Access to a TDL test environment: office365 and E-authentication (test bed) • WSDL and service point addresses of existing web services TDL Sprint requirements
Contribution to theTDL ATTPS Testbed & TDL innovation lines • Trusted stack • Trust framework architecture providing e-commerce middleware to guarantee probative value of any ”interchange” transaction and payment delivery. • Trust service provides an claim to prove validity of audit (level and duration) • Data life cycle management • Revolving probative value to extend the life cycle of the digital signature. (also part of regulation) • Legal archiving of signatures & documents in the cloud and proof of exchange (transparency). • Management of transaction recovery (traceability of the transaction) • Service integrity • Guarantees the integrity of the documents • ATTPS TESTBED • Other relyping parties and attribute providers can keep autohorized signees of companies.