CaSPAR Remote Qualified. electronic signatures with Smartphones. Dr. Sven Kloppenburg, AUTHADA

Size: px

Start display at page:

Download "CaSPAR Remote Qualified. electronic signatures with Smartphones. Dr. Sven Kloppenburg, AUTHADA"

Phoebe Pope
5 years ago
Views:

1 CaSPAR Remote Qualified Dr. Sven Kloppenburg, AUTHADA electronic signatures with Smartphones This project (HA project no. 499/16-11) is funded in the framework of Hessen ModellProjekte, financed with funds of LOEWE Landes-Offensive zur Entwicklung Wissenschaftlich-ökonomischer Exzellenz, Förderlinie 3: KMU-Verbundvorhaben (State Offensive for the Development of Scientific and Economic Excellence).

2 eidas compliant, remote, mobile QES User Digital Business App Transfer A 1.548,00 NFC Transfer B Create Signature Transfer C Balance 345,67 125, ,67 Qualified Trusted Service Provider

3 Project Goals Gather requirements Business Regulatory Design a system architecture Comply with all relevant regulations Reuse stable components Security by design Privacy by design Build a prototype

4 Usecases Banking & FinTech Consumer Credit Leasing Digital Leasing QES to close EU wide Insurance Life Insurance Property finance Telecommunication Post-paid

5 Compliance with national and EU-laws (and technical guidelines) evolving during the project eidas-directive, Vertrauensdienstegesetz + -Verordnung several ISO and ETSI Standards Personalausweisgesetz und verordnung several BSI TRs Identifizierungsdiensteanbieter BDSG (german data protection law) and GDPR Compliance

6 Project Goals Gather requirements Business Regulatory Design a system architecture Comply with all relevant regulations Reuse stable components Security by design Privacy by design Build a prototype

7 Workflow Bank Bank & User prepare contract QTSP User Checks Contract Authada App User identifies w/eid Bank receives contract User downloads Contract User triggers signature

8 System Architecture Overview

9 Project Consortium Authada Mobile App with eid Identification Webapp for Remote Signing (SSA) MTG Backend for Remote Signing (QSCD) Certficate Handling (CARA) HDA Academic support Security Architecture

10 Project Goals Gather requirements Business Regulatory Design a system architecture Comply with all relevant regulations Reuse stable components Security by design Privacy by design Build a prototype

11 System Architecture Overview

12 System Architecture Overview

smarthsm Joint Venture by MTG and Reiner SCT Developed for use with Smart Meters The REINER SCT smarthsm is connected via USB to the Application Server Contains a security module

13 smarthsm Joint Venture by MTG and Reiner SCT Developed for use with Smart Meters The REINER SCT smarthsm is connected via USB to the Application Server Contains a security module conforming to BSI TR , Appendix B: Smart Meter Mini-HSM Functional and Interoperbility Requirements for the security module. since October 2017 Common Criteria EAL 4+ certified

14 System Architecture Overview

15 System Architecture Overview

16 Means of identification are defined by member states Thus, no single european eid Notification of national eid schemes Interoperability achieved using middleware, proxies and connectors eidas Creates Interoperability

17 Notification of eid means Optional Notification for national eid Systems Notified eid have a level of assurance low, e.g. login / password Substantial, e.g. software certificates High, e.g. the german epa If a notifying country accepts eid for usecases in the public sector, it must accept any eidas-notified eid with matching LOA Germany was first to start notification process, notification published Sep 2017

18 Countries providing notified eids implement Proxies or Middleware based schemes Providing notified eids German version: "eidas- Middleware-Service for eidas-token (TR )

19 Consuming notified eids Countries consuming notified eids provide an eidas Connector to the eidas network German version: Integration in eid-servers Implementation is eid-server-specific CaSPAR Project: eidas Connector integrated into remote QES Service.

20 Using eidas based eid as means of identification Identification is easy and fast Minimum amount of data stored for the minimum time No Account created Short lived, one time certificates Personal Data limited to the required fields Works with any notified eid level substantial or high providing required data fields

21 Project Goals Gather requirements Business Regulatory Design a system architecture Comply with all relevant regulations Reuse stable components Security by design Privacy by design Build a prototype ( )