160 likes | 170 Views
Learn about the establishment and importance of the Transboundary Trust Space in the field of communications. Explore the challenges and best practices for ensuring validity in transboundary electronic interaction.
E N D
Transboundary Trust Space Regional Commonwealth in the field of communications www.en.rcc.org.ru Noncommercial Partnership National Certification Authority www.nucrf.ru Ensuring of validity in the process of transboundary electronic interaction (forming of transboundary trust space) Alexander Sazonov April 17, 2012
Problematic. Questions to be discussed • RCC approach • RCC proposals Transboundary Trust Space Presentation plan • Introduction. Brief information about the RCC. Primary tasks and directions of activities
Introduction Regional Commonwealth in the field of communications (RCC) December 1991 – heads of CIS states’ Communications Administrations signedAgreement on Establishment of RCC - an organization called upon to carry out cooperation between new independent states in the field of telecommunication and postal communication based on their free will, principles of mutual respect and sovereignty. October 1992 - the Heads of Government of the CIS countries signed the Agreement on coordination of interstate relations in the field of postal and telecommunication- the RCC is vested with the authority of an interstate coordinating body in the field of postal and telecommunication.
Introduction RCC primary tasks • extension of mutually beneficial relations between the RCC Administrations in harmonization of development of networks and communication means • coordination of issues in scientific and technical policy, radio spectrum management, tariff policy on communications and mutual settlement services, personnel training • interaction with international organizations in communications and informatization • mutual information exchange etc. RCC activity directions The Strategy of CIS member states in informatization field: • creation of an enabling environment for cooperation in the field of ICT • harmonization of legislation and development of standards regulations • development of new ICT directions • development of ICT sphere
Problematic Cardinal problem of the international electronic interactionisto ensure electronic data validity
Questions to be discussed • Whatbest practicesare there to ensure validity of • actions performed in the Internet? • Do mechanisms of insurance andjudicialprotection need to be used when valid actions are performed in the Internet? • What peculiaritiesof validity ensuring of actions performed in the Internet are there in nationalandtransboundaryregimes? • Whatnecessaryandsufficientset of attributesensures electronic data validity? • What can be agroundfor validity ensuring of actions performed in the Internet: • international agreements, • commercial usages, • combination of international regulation and self-regulation. • How canweprotect rightsof natural persons and legal entities – participants of international trade? • What measures can be taken tocounteractvariousfraudulent behaviorsand other abusefrom part ofmala fideparticipants of information interactionor cybercrime? • etc.
RCC approach • What is the best way to ensure trust in information exchange? – To have a opportunity to check trust. How to do it ? • Through direct access to a data base. In practical terms this means an access for an agency in state A to a data base of an agency in state B. Ideally it allows to interact without documents exchange at all. • If direct access is not possible, then the solution is to have states A and B appoint trusted parties (trusted services) through which such an access could be done. • How can authenticity и non-repudiation be ensured? Best practice is to usecryptographicmeans, public key technology in particular(PKI)
RCC approach PKI architecture variants • On the basis of a singlecryptographic algorithm (realization is unlikely). • On the basis of different (national) cryptographic algorithms: • a. reciprocalexchangeof cryptographic means; • b. use of trusted services (mediator between users of different cryptographic means) • What trusted services are necessary for electronic commerce – electronic signature, time stamps, accounting/registrationof information interaction participants, identificationand authentication procedures, data archiving, other (correlationelectronic data attributes)? • Doauditprocedures need to be used tomonitoractivities of operators representing trusted services, and is it necessary to unify regulations of such services provision?
RCC approach Methodology of the transboundary trust space forming and functioning in the Internet network (TTS Methodology) Model constructions as a system’s basis: • Accounting record (record) is data in electronic form recording subject of law legal status or recording an event happened. An accounting record comprises an aggregate of fields containing electronic content and document attributes – a result of trusted services work. Accounting record’s validity is assured by an aggregate of its attributes. • Register system is a registration information system containing an aggregate of accounting records (primary records are stored), containing information from the interaction participants’ documents of title, with valid electronic transferable records being drawn up or issued on the above grounds. • Model information process – a set of phases, typicalfor any information system: • Activation of alterations in system (authorization, formalization of a request); • Alterations in system, logging; • Response forming.
RCC approach Transboundary trust space architecture components • The common trust infrastructure (CTI), consisting of trusted services • Register systems (information systems of various state bodies (institutions)), which interact among themselves directly via electronic transferable records, herewith, interaction validity is ensured by trusted services • Operators of register systems and CTI services • Auditors of register systems and CTI services operators’ activity
RCC approach Record (document) - the common trust infrastructure object
RCC approach Possible variant of trusted services architecture
RCC approach Signed data validation process example
RCC approach Using attribute certificates to manage rights vested in negotiable instruments
RCC proposals Conclusions and suggested way forward • It is proposed to create aworking groupon issues of validity ensuring in the process of transboundaryelectronic interaction. • Possible results ofgroup’s workcould be: • UN/CEFACT recommendation concerning forming and functioning of information systems subject to their application in the process of transboundary interaction. • UNCITRAL (with UN/CEFACT contribution) model convention “On basics of transboundary trust space validity ensuring”. • A joint project on the basis of the approaches proposed in the TTS Model and TTS Methodology.
Transboundary Trust Space Thank you for attention! We are open to you views, ideas and critics! Latest versions of the TTS Model andTTS Methodologyare published at the RCC website in section RCC activities –> Informatization ->The transboundary trust space of the CIS member-states http://www.en.rcc.org.ru/index.php/rcc-activities/informatization-/261211 Speaker Alexander Sazonov www.nucrf.ru sazonov@nucrf.ru Any questions? National Certification Authority