The gray area is an image container. In the diapositive mask select this gray box and choose ‘Fill’ under the ‘Format’ Tab. Choose Fill with image, select your picture and delete this text box. www.enisa.europa.eu ENISA E-Identification & trust services for electronic transactions Security Prof. Manel Medina Andreas Sfakianakis
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
The gray area is an image container. In the diapositive mask select this gray box and choose ‘Fill’ under the ‘Format’ Tab. Choose Fill with image, select your picture and
delete this text box.
www.enisa.europa.eu
ENISA
E-Identification & trust services for electronic transactions Security
Prof. Manel MedinaAndreas Sfakianakis
www.enisa.europa.eu 2
Content
• eID and Trust service providers regulation in Europe
• Trust Services in the new EU Regulation• Preliminary results of ENISA’s survey on TSP
security and interoperability requirements• Standards implemented by the TSPs in EU
www.enisa.europa.eu 3
eID and Trust service providers regulation in Europe
www.enisa.europa.eu 4
Digital Identity
www.enisa.europa.eu 5
eIDAS: the EU approach
www.enisa.europa.eu 6
Regulation on eID and TS
• Building trust in the online environment is key to economic development
• No comprehensive EU cross-border and cross-sector framework for secure electronic transactions that encompasses electronic trust services
• Enhance existing legislation
www.enisa.europa.eu 7
Scope
• Mutual recognition and acceptance of electronic identification
• Electronic trust services:• Electronic signatures • Electronic seals• Website authentication• Electronic time stamp• Electronic delivery service• Electronic documents• Long time preservation
www.enisa.europa.eu 8
Mutual recognition and acceptance of electronic identification
• How does it work? 'notified' eID(s)
• EU Member States obligations: – ‘notify’ the ‘national’ electronic identification scheme(s)
used at home for access to its public services. – Must recognise ‘notified’ eIDs of other MSs – Free private & abroad, liability Unambiguous
• Common principles– Tech. neutral, – Mutual recognition of qualified, – Data protection & data minimisation– Secondary legislation to ensure flexibility: Tech, Best pr.
www.enisa.europa.eu 9
More on the Regulation on eID an TS
• What is not covered?– Not eID or EU eID
• Why will it make a difference?– One single legislation across EU: NO need of Nat. Reg.– Supervision– Trusted lists vs. notified ID– Easy eSignature: “Soft ID”?– Clear market needs in terms of trust services
•Risk assessment, security requirements and incident management for trust service providers issuing electronic certificates. (ENISA Work Programme 2013)
•Explore security mechanisms used by EU TSPs and identify their interoperability issues. (ENISA Work Programme 2013)
www.enisa.europa.eu 12
ENISA’s survey on Trust Services in the EU
• Launched anonymous survey intended for TSPs
• Survey is still online!!https://www.enisa.europa.eu/trust-services-in-eu
• The final results of the survey will be presented at a workshop for trust service providershttps://www.enisa.europa.eu/activities/identity-and-trust/trust-services/eid-workshop