140 likes | 331 Views
ICT and E-Business Strategies For Development Geneva, 20-21 October 2003 Building Trust and Confidence For ICT Applications. Krastu MIRSKI and Alexander NTOKO ITU Telecommunication Development Bureau (BDT). Agenda for Presentation. Barriers to E-Applications Technology Framework
E N D
ICT and E-Business Strategies For DevelopmentGeneva, 20-21 October 2003Building Trust and Confidence For ICT Applications Krastu MIRSKI and Alexander NTOKO ITU Telecommunication Development Bureau (BDT)
Agenda for Presentation • Barriers to E-Applications • Technology Framework • Regional Initiatives • ITU Activities/Initiatives
Knowing whom you are dealing with is central to building online trust
For Trust in E-Applications, We need at least the Following Features: • Data Confidentiality • Information accessed only by those authorized • Data Integrity • No information added, changed, or taken out • Strong Authentication • Parties are who they pretend to be • Non-repudiation • Originator cannot deny origin or transaction • Infrastructure of trust • Automating the checking of identities
Certificate-Based Identity Verification/Management is a Vital Technology Component for Online Trust ITU-T X.509 - A key component for establishing trust for e-applications in public networks (such as the Internet). Most B2C e-business solutions are built on HTTPS based on Server-side certificate authentication for security and trust.
Technology Framework - Digital Signature Signer’s Private Key Encrypted Digest Digest Signed Document Hash Algorithm Digital Signature techniques using encryption, message digest and digital certificates are important technology elements for online trust.
Digital Signature - Solutions Guarantees: • Data Integrity for E-Application Transactions. • Data Confidentiality when Combined with Encryption Algorithms. • Non-Replay in Combination with Content Validation (Time Stamps). • Positive Authentication of Parties. • Content Non-repudiation or Non-deniability for E-Application Transactions. (How to enforce anti-spam and data privacy laws?)
Digital Signature – Issues and Challenges • Acceptance of Digital Signatures Across Multi-Jurisdictional PKI Domains. • Adopting Policies for Generic Identity Certificates (PKI) and Attribute Certificates (PMI). • Elaborating Harmonized and Technology Neutral E-Legislative Framework and Enforcement Mechanisms. • CA-CA Inter-Domain Interoperability Across National Boundaries.
Strategy for E-Signatures and CAs Trust and Security for e-Business Needs part of a much broader and comprehensive policy framework dealing with e-applications/services
What could be the Role of Governments? • National/Regional Policies for the Management of IP Resources. • Internet Protocol Addresses • Domain Names (under ccTLDs) • Enabling Environment for E-Applications. • Accreditation of Certification Authorities • Control and Enforcement Mechanisms (e.g., Spam, Data privacy). • Central Role in Generic Digital Credentials. • Harmonized Regional Framework E-Legislation
Recent ITU Activities in Europe& CIS Region within the E-Strategies Programme • Sub-Regional Seminar for ICT Development for the Information Society in Uzbekistan – October 2003. • Internet Symposium for Europe and CIS States in Russia – September 2003. • E-agriculture project for a rural community in the Kyrgyz Republic – September 2003. • National Seminar for E-Business Strategies for Azerbaijan – August 2003. • E-Government projects in Bulgaria and Georgia using digital certificates, biometrics and public key infrastructure – August 2003. • Secure E-business infrastructure WTC, Turkey – Q3 2002.
Thank You for Your Attention For further information: Web: http://www.itu.int/ITU-D/e-strategy Email: e-strategy@itu.int