![Page 2: Blockchain based PKI reassigning roles? - EEMA · PKI is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates](https://reader033.vdocuments.mx/reader033/viewer/2022060722/6082a3c51411b7595d7fc681/html5/thumbnails/2.jpg)
Trust Service Provides& EU Trusted Lists
• The eIDAS Regulation – on electronic identification and trust services for electronic transactions in the internal market
defines among others:– trust services and their operation by providers– operation of trusted lists
• ESTI TS 119 612
refers to many standards:– ISO, IETF, ESTI, CEN…
• The eIDAS Regulation – on electronic identification and trust services for electronic transactions in the internal market
defines among others:– trust services and their operation by providers– operation of trusted lists
• ESTI TS 119 612
refers to many standards:– ISO, IETF, ESTI, CEN…
![Page 3: Blockchain based PKI reassigning roles? - EEMA · PKI is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates](https://reader033.vdocuments.mx/reader033/viewer/2022060722/6082a3c51411b7595d7fc681/html5/thumbnails/3.jpg)
EU Trusted Lists structure
![Page 4: Blockchain based PKI reassigning roles? - EEMA · PKI is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates](https://reader033.vdocuments.mx/reader033/viewer/2022060722/6082a3c51411b7595d7fc681/html5/thumbnails/4.jpg)
Interoperability & sustainabilityare the main issue
![Page 5: Blockchain based PKI reassigning roles? - EEMA · PKI is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates](https://reader033.vdocuments.mx/reader033/viewer/2022060722/6082a3c51411b7595d7fc681/html5/thumbnails/5.jpg)
EU Distributed Ledger of TSP
![Page 6: Blockchain based PKI reassigning roles? - EEMA · PKI is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates](https://reader033.vdocuments.mx/reader033/viewer/2022060722/6082a3c51411b7595d7fc681/html5/thumbnails/6.jpg)
Trust by design is the main asset
![Page 7: Blockchain based PKI reassigning roles? - EEMA · PKI is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates](https://reader033.vdocuments.mx/reader033/viewer/2022060722/6082a3c51411b7595d7fc681/html5/thumbnails/7.jpg)
PKI is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates
and manage public-key encryption.
PKI is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates
and manage public-key encryption.
Impact on the Public Key Infrastructure
![Page 8: Blockchain based PKI reassigning roles? - EEMA · PKI is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates](https://reader033.vdocuments.mx/reader033/viewer/2022060722/6082a3c51411b7595d7fc681/html5/thumbnails/8.jpg)
• Digital Certificate is a set of attestedmetadata used to prove the possession ofthe public key
• The Digital Certificate contains:– Public key– (personal) information
• How does it respect the General Data ProtectionRegulation?
– Signature of its issuer• The certification chain must be checked
• Digital Certificate is a set of attestedmetadata used to prove the possession ofthe public key
• The Digital Certificate contains:– Public key– (personal) information
• How does it respect the General Data ProtectionRegulation?
– Signature of its issuer• The certification chain must be checked
Digital Certificate
![Page 9: Blockchain based PKI reassigning roles? - EEMA · PKI is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates](https://reader033.vdocuments.mx/reader033/viewer/2022060722/6082a3c51411b7595d7fc681/html5/thumbnails/9.jpg)
Blockchain oriented Certificate
![Page 10: Blockchain based PKI reassigning roles? - EEMA · PKI is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates](https://reader033.vdocuments.mx/reader033/viewer/2022060722/6082a3c51411b7595d7fc681/html5/thumbnails/10.jpg)
• The revocation status of the certificate is encoded on the blockchain
• User can manage his attributes and revocation
The new approach remains consistent with the old one
• The revocation status of the certificate is encoded on the blockchain
• User can manage his attributes and revocation
The new approach remains consistent with the old one
Blockchain riented Certificate
![Page 11: Blockchain based PKI reassigning roles? - EEMA · PKI is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates](https://reader033.vdocuments.mx/reader033/viewer/2022060722/6082a3c51411b7595d7fc681/html5/thumbnails/11.jpg)
REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCILof 23 July 2014
on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC
27)This Regulation should be technology-neutral. The legal effects it grants should be achievable by any technical means provided that the requirements of this Regulation are met.
ANNEX IREQUIREMENTS FOR QUALIFIED CERTIFICATES FOR ELECTRONIC SIGNATURES
Qualified certificates for electronic signatures shall contain:…(g) the advanced electronic signature or advanced electronic seal of the issuing qualified trust service provider;
REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCILof 23 July 2014
on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC
27)This Regulation should be technology-neutral. The legal effects it grants should be achievable by any technical means provided that the requirements of this Regulation are met.
ANNEX IREQUIREMENTS FOR QUALIFIED CERTIFICATES FOR ELECTRONIC SIGNATURES
Qualified certificates for electronic signatures shall contain:…(g) the advanced electronic signature or advanced electronic seal of the issuing qualified trust service provider;
eIDAS – to technic
![Page 12: Blockchain based PKI reassigning roles? - EEMA · PKI is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates](https://reader033.vdocuments.mx/reader033/viewer/2022060722/6082a3c51411b7595d7fc681/html5/thumbnails/12.jpg)
Impact on the identity management
![Page 13: Blockchain based PKI reassigning roles? - EEMA · PKI is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates](https://reader033.vdocuments.mx/reader033/viewer/2022060722/6082a3c51411b7595d7fc681/html5/thumbnails/13.jpg)
• The user manages his identity and his authentication means
Blockchain is a simple, effective and secure solution:
A new protocol should be defined to allow identity and authorization
management
• The user manages his identity and his authentication means
Blockchain is a simple, effective and secure solution:
A new protocol should be defined to allow identity and authorization
management
Impact on the identity management
![Page 14: Blockchain based PKI reassigning roles? - EEMA · PKI is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates](https://reader033.vdocuments.mx/reader033/viewer/2022060722/6082a3c51411b7595d7fc681/html5/thumbnails/14.jpg)
• Shared identity, attributs/claims management
• TSP/CA should become a validation node
• Governance rules must be defined
• Identity transfer to blockchain addresses
• New electronic signature schema
• Long term preservation by design
• Private key management
• Smart contract validation
• Enforcement of court decision
• Shared identity, attributs/claims management
• TSP/CA should become a validation node
• Governance rules must be defined
• Identity transfer to blockchain addresses
• New electronic signature schema
• Long term preservation by design
• Private key management
• Smart contract validation
• Enforcement of court decision
Impact on the Cetification Authorities
![Page 15: Blockchain based PKI reassigning roles? - EEMA · PKI is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates](https://reader033.vdocuments.mx/reader033/viewer/2022060722/6082a3c51411b7595d7fc681/html5/thumbnails/15.jpg)
Questions...