©Copyright 2015, PIIT & Michał Tabor 1

Confirm it with an e-seal

Michał Tabor, CISSPPolish Chamber of Information Technology and

Telecommunications

Remember conference hashtag:

#EFPE2015#eIDAS

©Copyright 2015, PIIT & Michał Tabor

22015-06-11

Electronic signatures and seals

ElectronicSignature

ElectronicSeal

Evidence Protection

Means

eIDAS opportunity

Electronic Signature

Electronic Seal

2015-06-11

Electronic signature

Used to protect evidence created by humans

2015-06-11

Electronic signature

Evidence from systems is signed by the people to protect origin

2015-06-11

Electronic seal

Evidence from systems is sealed automatically to protect origin

2015-06-11

9

eIDAS Trust Sevice - Evidence gathering

© 2014, PIIT, Michal Tabor & TICons

certification

verification

validation

preservation

delivery

EVIDENCE

EVIDENCE

EVIDENCE

EVIDENCE

EVIDENCE

EVIDENCE

WORKFLOW

creation

2015-06-11

Electronic seal protects evidence from trust services

EVIDENCE

Qualified Seal

QTScreation

QTSvalidation

QTSpreservation

QTSdelivery

Certification Sig or Seal

QTSverification

2015-06-11

©Copyright 2015, PIIT & Michał Tabor 11

Business process evidence

EvidenceEvent

Event

Event Event

Event

2015-06-11

©Copyright 2015, PIIT & Michał Tabor 12

Business process evidence

EvidenceEvent

Event

Event Event

Event

2015-06-11

EvidenceWhen

Where

What Device

Steps

Documents

©Copyright 2015, PIIT & Michał Tabor 13

Creator of an Electronic Seal

2015-06-11

Legal person creates eSeal

Creator with eSeal guarantees authenticity of evidence

Seal proves integrity of sealed evidence

eSEAL creating data must remain under control of a creator

But eIDAS doesn’t specify how control should be implemented

Seal creation data „sole control” models

• Sealing is on own site• Full control over sealing device

Creator of the seal owns sealing device

• Device secured for sealing• Policy determines what is sealed

Creator of the seal distributes his sealing device

©Copyright 2015, PIIT & Michał Tabor 15

Device

Private Sealing Device

2015-06-11

Evidence: What

Evidence: When

Evidence: Where

Document

Event

Evidence

Creator of a seal – takes resposibility for a evidence

prepared by device

ElectronicSeal created by manufacturer✔

Device examples

©Copyright 2015, PIIT & Michał Tabor 17

#insurance case

2015-06-11

Captured photo

GPS Time

GPS Localization

Colecting evidence of an accident

TIMEPLACE

©Copyright 2015, PIIT & Michał Tabor 18

Patient personal data

Patient photo

Time

#medicine case

2015-06-11

Medical examination evidence

Policy doc

Agent info

Confirmation

TIMEPLACEPHONE CONFIRMATIONPHOTO OF INSURED

©Copyright 2015 Michal Tabor

Insurance policy

Who…

When…Where…

How….

Signature

Insurance Agent App on a tablet secures an evidence collected during „insuring process”.

#insurance case

eIDAS Purpose: Business Service

eIDAS Qualified Services

eIDAS Trust Services

Trust Services

Business Services

©Michal Tabor

#eIDAS Trust Services Piramid

22

eIDAS Trust Sevice – Business Service

© 2014, PIIT, Michal Tabor & TICons

certification

verification

validation

preservation

delivery

ID

ATTRIBUTES

PROCESSEVIDENCE

WORKFLOW

creation

2015-06-11

Private Sealing Device

Trust services

Seal certifiationCertificates

Private Sealing Device

Trust services

Preservation

Signature in Flight

Qualified Seal Creation

Other trust sevices based on evidence

EVIDENCE

ExternalEvidence

©Copyright 2015, PIIT & Michał Tabor 25

Electronic Sealprotects evidence

2015-06-11

©Copyright 2015, PIIT & Michał Tabor 262015-06-11

Michał Tabor

michal.tabor@ticons.plTwitter: @michal_tabor

Trusted Information Consulting Ltd. is the member of Polish Chamber of Information Technology and Telecommunications

#eIDAS #EFPE2015