Status of Remote Signature Adoption and Implementation in ...User authentication function User...
17
Status of Remote Signature Adoption and Implementation in Japan Japan Network Security Association Remote Signature Task Force Leader Mizuho Information & Research Institute, Inc. Management & IT Consulting Div Manager Hirohisa OGAWA
Transcript of Status of Remote Signature Adoption and Implementation in ...User authentication function User...
Status of Remote Signature Adoption and
Implementation in Japan
Japan Network Security AssociationRemote Signature Task Force Leader
Mizuho Information & Research Institute, Inc.Management & IT Consulting Div Manager
Hirohisa OGAWA
Main Topics
• Activities of JNSA & Electronic Signature WG
• Remote Signature Task Force & METI’s Projects
• Activities supporting Electronic Signature Adoption and Implementation
2
Japan Network Security Association Organization Chart
General Assembly
Board of Directors
Board of Secretaries
Advisor Auditor
Secretariat
Western Japan
Branch
ISEPAInformation Security Education
Providers Association
ISOG-JInformation Security Operation
Providers Group Japan
Social Activities
Committee
Survey and
Research Committee
Education
Committee
JNSA Interactive
Committee
U40
Committee
Standards Investigation
Committee
Identity
Management
Working Group
Standard drafting TF Skill-up TF
Electronic Signature
Working Group
Committee
PKI
Interoperability
Working Group
Secure
Programming
Working Group
Globalization
Action Backup
Working Group
Member company: 191 companies (as of May 16, 2017)
Remote Signature TF
3
Relationship with other organizations
JAHIS : Japanese Association of Healthcare Information Systems IndustryTBF : Time Business Forum in Japan Data Communications Association
JNSAElectronic Signature
Work Group
ETSI/TC ESI
ISO/TC154
ISO/TC171
ISO/SC34 Technical committee
JAHIS
TBF
Technical cooperationex) Electronic Prescription
Partnerex) Timestamp, Trust List
Associate Member
Expert
Expert
LiaisonDocument description and processing languagesex) Long-term signature of XML
Document management applicationsex) PDF signature
International Organization for Standardizationex) PAdES Profile
ETSI/TC ESI #42 meetings in Austria
4
METI Projects involving JNSA
International Standardization Project• Standard drafting TF's responsibility
• ISO 14533-3:2017, Part 3: Long term signature profiles for PDF Advanced Electronic Signatures (PAdES)
Remote Signature Project• Remote Signature TF's responsibility
• In Japan, Electronic Signatures and certification businesses must adhere to the Electronic Signature Act (Act # 102), Electronic Signature Law Study Group studies all aspects of Remote signature
• During 2016, we examined Remote Signature basic functions and security requirements
METI : Ministry of Economy, Trade and Industry
5
Japanese Law as pertains to Electronic Signatures
Electronic Signatures and Certification Business
Act No. 102 - May 31, 2000
Japanese Law Translationhttp://www.japaneselawtranslation.go.jp/law/detail/?id=109&vm=04&re=01
Article 3 Any electromagnetic record that is made in order to express information (except for that prepared by a public official in the course of duties) shall be presumed to be established authentically if the Electronic Signature (limited to that which can be performed by the principal through appropriate management of codes and properties necessary to perform this) is performed by the principal with respect to information recorded in such electromagnetic record.
6
Electronic Signature Law Study Group
• The Electronic Signature Law Study Group holds a meeting on the Electronic Signature Act quarterly
• In 2015 and 2016 the group examined remote signatures
• Last year we implemented the following:
Ministry of Internal Affairs and Communications
Ministry of Economy, Trade and Industry
JNSA Electronic Signature WG
Electronic Signature Law Study Group
Remote Signature TF
Ministry of Justice
Document reviewe-sig Expert, user
Document editorElectronic signature WG Members comprise:Remote signature operators, HSM vendors, cloud vendors, security vendors, etc.(17 companies participated)
7
20 Items to consider for remote signature
I. Player / Role 1 Players and roles of remote signatures
II. Remote Signature / Provider
2 Requirements and assurance levels of remote signature providers
3 Consideration of the level according to the use application of the signature
4 Remote signature installation environment
5 Basic Functional component in Remote Signature
IV. Registration Phase
6 User registration method
7 Installation of Signing key of user (* generation and import of Signing key)
8 Protection measures for user's Signing key
9 Presence or absence of backup function of Signing key
V. Signature Phase
10 Requirements for signing instructions
11 User authentication method
12 Protection measures for user information and Signing key information
13 Signature function requirement
14 Presence or absence of transmission function of signed data
15 Presence or absence of signature generation log function
16 Presence or absence of signature verification function
17 Confirmation of data to be signed by the user
VI. Other
18 Distributed signature processing in user environment
19 Application of long-term signature
20 Relation to Electronic Signature Law
8
1. Players and roles of Remote Signatures
• Assumed remote signature pattern (Including concrete examples)
• A single company carries out the part surrounded by red.
• By implementing it in a single company, efficiency of user registration can be expected. But governance is necessary.
User
CA
CSP
RS
User
CA
CSP
RS
User
CA
CSP
RS
Pattern 1 Pattern 2 Pattern 3
User
CA
CSP
RS
User
CA
CSP
RS
User
CA
CSP
RS
Pattern 4 Pattern 5 Pattern 6
9
7. Installation of Signing key of user
• It is about importing and generating signing keys. The user registers the user in the remote signature and sets the signature key to be used.
User
CA
RS
User
CA
RS
User
CA
RS
Key Generation
Key Import
Key Import
Key Import(Key Generated by user)
Key Import(Key Generated by CA)
Key Generation by RS
10
5. Basic Functional component in Remote Signature
11
Remote Signature
Signature Verification
function
Signature Generation log function
User Information DB
(user ID, key ID, etc.)
User Information
management function
User Authentication
function
Hash Value Generation
function
Key pair Generation function
Signing key DB(key ID, Signing key, etc.)
Signing key management function
Signature Value Generation module (SGM)
Signing key Backup function
Certificate signing / issue
Request function
Signature application (SAP)
Signing key Activation function
Signing key Registration
function
Signature format
construction function
Signature functionSigner
Signature data
Authentication request
Data to be signed
Credential Service Provider Certification Authority
Signature request (Key-ID)
Signing key Activation data (PIN)
Signature Verification Result
Key pair Generation / Certificate Signing RequestAuthentication Credential
5. Basic Functional component in Remote Signature
Signature value generation module (SGM)
Signature application (SAP)
Signing key management functionSigning key DB (key ID, Signing key, etc.)
Hash value generation functionSigning key activation functionSignature format construction function
User authentication functionUser information management functionUser information DB(user ID, key ID, etc.)
Signature generation log function
Signing key registration functionCertificate signing request (/issue ) function
Signature verification function
Signature function
Signing key backup functionKey pair generation function
Signer
• SAP : Signature Application
• SGM : Signature value Generation Module
12
Registration Phase (User information)
Signature value generation module (SGM)
Signature application (SAP)
Signing key management functionSigning key DB (key ID, Signing key, etc.)
Hash value generation functionSigning key activation functionSignature format construction function
User authentication functionUser information management functionUser information DB(user ID, key ID, etc.)
Signature generation log function
Signing key registration functionCertificate signing request (/issue ) function
Signature verification function
Signature function
Signing key backup functionKey pair generation function
CSP
Signer
Authentication Credential
13
Registration Phase (Signing Key Generation or Import)
Signature value generation module (SGM)
Signature application (SAP)
Signing key management functionSigning key DB (key ID, Signing key, etc.)
Hash value generation functionSigning key activation functionSignature format construction function
User authentication functionUser information management functionUser information DB(user ID, key ID, etc.)
Signature generation log function
Signing key registration functionCertificate signing request (/issue ) function
Signature verification function
Signature function
Signing key backup functionKey pair generation function
Signer
CA
Key pair Generation / Certificate Signing Request
14
Signature Phase
Signature value generation module (SGM)
Signature application (SAP)
Signing key management functionSigning key DB (key ID, Signing key, etc.)
Hash value generation functionSigning key activation functionSignature format construction function
User authentication functionUser information management functionUser information DB(user ID, key ID, etc.)
Signature generation log function
Signing key registration functionCertificate signing request (/issue ) function
Signature verification function
Signature function
Signing key backup functionKey pair generation function
Signer
Authentication
Data to be signed
Hash
Signature request (Key-ID)
Signing keyActivation data (PIN)
CSP
15
Result Confirmation Phase
Signature value generation module (SGM)
Signature application (SAP)
Signing key management functionSigning key DB (key ID, Signing key, etc.)
Hash value generation functionSigning key activation functionSignature format construction function
User authentication functionUser information management functionUser information DB(user ID, key ID, etc.)
Signature generation log function
Signing key registration functionCertificate signing request (/issue ) function
Signature verification function
Signature function
Signing key backup functionKey pair generation function
SignerConfirmation of signature result
16
Next step JP in Remote signature
・Implementation guideline
・operation guideline
・service policy etc.
Remote signature guidelines
Cooperation with related organizations
Establishment of Remote Signature consortium
JTSCJapan Trusted Signature-service
Consortium(Tentative name)
Industrie 4.0 and Society 5.0.People and things connect. Business and services are connected, making it more efficient and advanced. For this purpose, we consider technologies supporting the service platform.
17
