Remote Signature Creation Services : Protocols and Audit Requirements

Wednesday 13 June 2018 | Amphi Iris (70 pax)

 

While standards are well in place for signatures created locally by end-users, the market take-up of these solutions has been significantly low due to the unfriendly requirement for the end-user to have a physical device (e.g. dongle, smart card). The market has then been moving to signature creation services hosted in the cloud and managed by Trust Service Providers. These solutions imply moving the user private key from a user-owned device to the cloud and raise security challenges in order to ensure the security of the service. ETSI started to work on this topic in order to bring technical interoperability as well as a high level of assurance of the trust services building on the CEN standard for "server signing". The objective of the standards is to meet the aims of the eIDAS Regulation as well as to meet the general requirements of the European and international community.
The workshop discussed about standardization for remote signature creation services provided by Trust Service Providers, addressing business cases, audit requirements and protocols.

Objectives

1. Make users of the standards aware of:

  • Scope of standards and general approach being taken
  • Operation of Protocols
  • Main "policy" requirements to be covered by audit

2. Get an idea of some example business use cases

3. Collect initial feedback on standards and public review process

Target audience

This event was of particular interest for:

  • Remote signature creation service providers and manufacturers,
  • Major users of signature creation services (e.g. Banks)
  • Audit Bodies,
  • Supervisory Bodies,
  • Policy makers,
  • Other eSignature/eSeal related trust providers.

08:30 Check-in/Registration opens
09:00 Welcome Address & Opening Remarks
Riccardo Genghini, eWitness and TC ESI chairman
09:10 SESSION 1: Setting the Scene
Session Chair: Nick Pope, Thales and TC ESI vice-chairman
  The aim of the session is to introduce the legal and technical landscapes surrounding remote signature creation.
09:10 Where do we Stand on Standards for Remote Signature Creation?
Nick Pope, Thales and TC ESI vice-chairman
09:30 Setting the European Scene for Remote Signatures
Anders Gjoen, European Commission
09:50  SESSION 2 Protocols – Which Standards for Which Use?
Session Chair: Andrea Röck, Universign and ETSI STF 539 Expert
09:50 A Standard for Protocols for Remote Digital Signature Creation
ETSI STF 539 experts:
  • Francesco Barcellini, Intesi Group
  • Luigi Rizzo, InfoCert
  • Anders Tornqvist, Comfact
10:20 Questions and Answers
10:30 Coffee and Networking Break - Poster Session Visit 
11:00 SESSION 3: Feedback from the Field on Remote Signature Services Deployments
Session Chair: Nick Pope, Thales and TC ESI vice-chairman
  The session will gather input from trust service providers and manufacturers on their experience in deploying remote signature creation services. They will describe their perspective on remote signing, on deployed solutions, and their viewpoint on what should be included within standards.
11:00 Demonstration of a Reference Implementation
Anders Tornqvist, Comfact
11:15

DigitalSign Experiences in Becoming a Qualified TSP for Remote Signing
Álvaro Matos, DigitalSign

11:30  Cloud Signature Services with Dynamic Identity Verification,
Andrea Valle, Adobe Systems, and Giuseppe Damiano, Intesi Group
11:45 Experience of Remote Signature Services in Spain During the Past Five Years,
Raul Olivar, SIA
12:00 Building Remote Signature Services for a TSP
Rafael Araque, Bit4id
12:15 VW Financial Services, a real-world Case Study for Remote Signing Using a Distributed Trust Architecture
Nick Munro, BlueCube Security & Rod Crook, Ascertia
12:30 Lunch and Networking - Poster Session Visit 
14:00 Panel on Standardization Requirements for Remote Signature Creation Protocols
Moderator: Andrea Röck, Universign and ETSI STF 539 Expert
  Through a guided discussion, the panel will discuss requirements in terms of standardization
All speakers from sessions 2 and 3.
15:00 Coffee and Networking Break - Poster Session Visit 
15:30 SESSION 4: Auditing Schemes and Supervision
Session chair: Nick Pope, Thales and TC ESI Vice-Chairman
  The aim of the session is to present and discuss ETSI ongoing work on auditing schemes and to gather inputs from Conformity Assessment Bodies (CAB) and supervisory bodies (SB) on the standards necessary to perform their duties as defined in the eIDAS regulation.
15:30 Audit Requirements for TSPs Operating a Remote QSCD / SCD
Franck Leroy, Docapost and ETSI STF 539 expert
15:50 Audit Requirements for TSPs Supporting AdES Digital Signature Creation
Andrea Röck, Universign and ETSI STF 539 expert
16:10

Panel
Moderated by Nick Pope, Thales and TC ESI Vice-Chairman

Conformity Assessment Bodies (CABs)

  • A-SIT, Herbert Leitold
  • CSQA, Natale Prampolini
  • Ernst&Young, Christophe Bonjean
  • T-Systems International, Igor Furgel

Supervisory Bodies

  • ANSSI & FESA, Romain Santini

ENISA : Evgenia Nikolouzou

ETSI STF 539 Experts: Franck Leroy and Andrea Röck
17:15 Workshop Conclusions
Nick Pope, Thales and TC ESI Vice Chairman
17:30 Networking Cocktail

Click here to access the Remote Signature Creation Services Presentations. 

  • Secure Multiparty Computation in Remote Signatures
    Zsolt Rozsahegyi, i2p informatics Ltd 

 Bronze Sponsor

i2p

 

 

 

 

 

 The Programme Committee is composed of the following members:

  • Peter Lipp, Graz University of Technology & PC chairman
  • Francesco Barcellini, Intesi Group
  • Sonia Compans, ETSI
  • Liaquat Khan, Ascertia
  • Franck Leroy, Docapost
  • Nick Pope, Thales
  • Luigi Rizzo, InfoCert
  • Andrea Röck, Cryptolog
  • Anders Tornqvist, Comfact