1 / 9

Exchange of digitally s igned SPSCertificate messages

Exchange of digitally s igned SPSCertificate messages. Overview of prototype of digital signature applied to SPSCertificate message between national systems and TRACES UN/CEFACT Forum Geneve , April 7-11 2014. What do we currently have?.

rayya
Télécharger la présentation

Exchange of digitally s igned SPSCertificate messages

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Exchange of digitallysignedSPSCertificate messages Overview of prototype of digital signature applied to SPSCertificate message between national systems and TRACES UN/CEFACT Forum Geneve, April 7-11 2014

  2. What do we currently have? • SPSCertificate based message exchange with TRACES is available • New Zealand is getting ready to exchange on large scale: • Fishery products • Meat of bovine and ovine animals • Target is to make exchanges with non-repudiation to enable the paperless exchange • Digital signature will enable this

  3. Digital Signature overview Message Message Digest Algorithm Digest Algorithm Hash Function Hash Function Digest Public Keyof sender Encryption Decryption Private Keyof sender Actual Digest Signature Expected Digest Compare

  4. How will we apply digital signature? • On the incoming messages (SPSCertificate) • Signed by sending authority • On the reply (SPSAcknowledge) • Signed by TRACES • Based on our recommendations made in analysis presented in Geneva in April 2013: • Enveloping signature • XML-based (XAdES) • Timestamp froml trusted time stamp authority (TSA) for archival purposes

  5. Example of signedSPSCertificate message Enveloping Signature SPSCertificateenveloped in the Signature

  6. Architecture Overview XMLGate Client TRACES • SignedSPSCertificate message • SignedSPSCertificate message forwarded ESSI • Signature validated • Certificate data validated, stored • SPSAcknowledgementcreated, signed • SPSAcknowledgementreturned

  7. First use-case: New Zealand exports to EU • Meat products, fishery products • 15000 – 20000 documents per year • Digitally signed health certificates for export to the EU from NZ eCert system • Digitally signed acknowledge messages from TRACES • Machine-to-machine signature (eCert / TRACES)

  8. Certificates to use • TRACES will use certificate provided by ESSI (Commission as Legal Entity) • New Zealand certificate provider (probably) not on EU trusted list • No global solution in sight for this problem: • Bilateral agreement on technologies and profiles • Both sides must test each other's signed messages for interoperability • We may need to define a "SANCO TLS" to add the CSP used in New Zealand to ESSI infrastructure

  9. The steps ahead • Agree on CSP on both sides • Agree on technical details for interoperability (XAdES level, profile…) • If necessary, define a "SANCO TLS" • Off-line verification of signed messages from both sides • Integrate to trust services on both sides • Start the exchange • Electronic "vault" needed – legal requirements?

More Related