TeleTrusT - Competence Association for Applied Cryptography and Biometrics Arno Fiedler (Nimbus Network) TeleTrusT Deutschland e. V. E-Mail: [email protected] http://www.teletrust.de I-Forum, Amsterdam, 20 June 2002
Mar 28, 2015
TeleTrusT - Competence Association for Applied Cryptography and Biometrics
Arno Fiedler (Nimbus Network)
TeleTrusT Deutschland e. V.E-Mail: [email protected]
http://www.teletrust.de
PKI-Forum, Amsterdam, 20 June 2002
Short Presentation for Project:
“Unified ISIS-MTT-Specifications for
Interoperability and Test Systems“
TeleTrusT - General
• Promoting the trustworthiness of information and communication technology
• Applied Cryptography & Biometrics
• founded in 1989
• 110 members: major user sectors, research organisations, developers and manufacturers of security products, government agencies, and test institutes.
• non-profit, political independent
ISIS-MTT – The Foundation
European Bridge-CA
ISIS-MTTCommon ISIS-MTT Specification for Interoperability and Test Systems
„E-Business“
Aut
hen
tifiz
ieru
ng
von
U
sern
und
Ser
vern
Ver
trau
liche
K
omm
unik
atio
n(S
SL)
Dat
eiv
ers
chlü
ssel
ung
Ver
schl
üsse
lte E
-Mai
l(S
/MIM
E)
Dat
ena
uthe
ntiz
ität
und
-in
teg
ritä
t(e
lekt
ron.
Sin
gatu
r)
Zei
tste
mpe
ldie
nst
VP
N
Sin
gle
Sig
n O
n
wei
tere
PK
I-D
iens
te
Objectives of the project:
• Synthesis of already available specifications towards a unified and open standard.
• This standard should take into account the current technical and legal requirements and should receive active support by the market players.
• Development of a test specification and a test bench, which allows the applications developers to prove their ISIS-MTT-interoperability
• Investment protection for users because of exchange-ability of single components.
Involved partner organizations:
T7 e. V. i. G. (direct) (ISIS-Spec.)• interest group of leading (german) providers of certification
services .
TeleTrusT e. V. (direct) (MailTrusT-Spec.)• competence association of major companies and organizations
concerned with trusted digital communication.
Additional Bodies comprise (selection):• AG INDI (indirect)
• Bundesverband Deutscher Banken (indirect)
• Media@kom-Projektpartner (indirect)
• Arbeitsgemeinschaft Karten im Gesundheitswesen (indirect)
ISIS-MTT document structure:● Part 1: Certificate and CRL Profiles,● Part 2: PKI Management,● Part 3: Message Formats,● Part 4: Operational Protocols,● Part 5: Certificate Path Validation,● Part 6: Cryptographic Algorithms,● Part 7: Cryptographic Token Interface,
● Profile: SigG-conforming Systems and Applications and
● Profile: Optional Enhancements to the SigG-Profile.
CORE-SPEC
OPTIONAL
# Object Content of the ISIS-MTT-Core-Profile
1 Certificate Profile Standard X.509 V3; Qualified Certs According ETSI QCP (RFC 3039 ) Attributes allowed in Key Certificates
1.3 Attribut Certificate Standard X.509 V2
1.4 CRL Standard CRL (including Delta CRL)
2 PKI Management Simple PKI-Management as in CMC
3 S/MIME Subset of S/MIME for mail
4.2 LDAP Standard LDAP V.3, no restrictions to DIT
4.3 OCSP Standard OCSP Optional extension for positive statement
4.4 TSP Standard TSP, no profiling yet
5 Certificate Path Validation
Standard PKIX procedures
6 Algorithms etc look to: www.teletrust.de
7 PKCS#11 Profile
ISIS-MTT- behind the cover
C lient A pp lica tion
C ryptograph ic L ib rary
C S P
C A
C ryptograph icToken
(ch ipcard orsoftware P S E )
C ertifica tion S ervice P rovider (C S P )
LD A P serverO C SP server
D epository
C A
T im e S tam pS ervice
M ail C lien tA pp lica tion
S ignature &C ert.P ath
V erifica tionM odule
F ile S ecurityA pp lica tion
S ignatureC reationM odule
K ey andC ertifica te
M anagem ent
C lien t A pp lica tion
M ail C lien tA pp lica tion
F ile S ecurityA pp lica tion
certifica tes, C R Lscross-certs(P art 1 )
O C SP(P art 4 )
s igned, encrypted em ails(P art 3 )
s igned, encrypted files(P art 3 )
LD A P(P art 4 )
certifica tionrequest(P art 2 )
TS P(P art 4 )
m anagem entpro toco ls(P art 2 )
s ignatures(P art 5 )
verifica tion(P art 5 )
a lgorithm s (P art 6 )
A P I ca lls(P art 7 )
in teroperab ility aspectscovered by theIS IS -M TT S pecifica tion
CA
S
EMPFÄNGER
CA
X
S ENDER
ISIS-MTT and the Infrastructure:
Actions planned for 2002
• Development of a usable test bench for realistic test of applications and services.
• Awarding of a “Quality Seal” for applications with proven interoperability.
• Further development of ISIS-MTT specification.• Further contribution from the specification to the
international standardization.• Strengthening of public relations and project
management.• Development of a XML-Profile.
Core theses for ISIS-MTT:
• ISIS-MTT is a free-of-charge offering to PKI integration to all applications developers.
• ISIS-MTT is internationally aligned, existing standards are used an extended
• ISIS-MTT defines a complete security architecture: encryption, authentication and signing.
• ISIS-MTT provides for different security levels; legal binding according to German signature law is just an option.
• ISIS-MTT interoperability criteria are publicly defined and provable through a test bench.
CUT
EEComponent
CUT
CAComponent
Tester
Web-Browser
Web-Server
LDAP-Server
Mail-Server
http
Test Tools
pop3
ldap
smtpLDAP-Client
ldap
smtp
CGI-Skriptsocsp
http
httpocsp
FileTransfer
FileTransfer
FileTransfer
Web-ClientDNS-Serverdns
Test Data
Testbed Prototype Platform
ISIS-MTT-Serviceprovider:
DATEV e. G. D-TRUST GmbH
ITSG Deutsche Telekom AG Telesec
TC Trustcenter CCI Sema Group
Fraunhofer IBT Addtrust AB
Medizon AG WV Deutscher Apotheker
ISIS-MTT-Application-Provider:
Applied Security GmbH BGS Systemplanung GmbH
Curiavant GmbH CV Cryptovision GmbH
DATEV e. G. DE-CODA GmbH
Microsoft Inc. Secartis GmbH
Secrypt GmbH SECUDE GmbH
Signcard GmbH TÜV Süddeutschland
Utimaco AG Faktum GmbH
ISIS-MTT-actual and potential user:
Deutsche Bank AG Dresdner Bank AG
Daimler-Chrysler BSI
Kassenärztliche BV Siemens AG
Siemens BMW
Sparkassen Informatik Bank 24
Cable & Wireless SAP
Giesecke & Devrient Athur Andersen
ISIS-MTT-Lessons learned:
• Don´t discuss the legal aspects too much, you can´t find a 100 percent solution! (not even 80 %)
• To get a committment for a profile like ISIS-MTT is hard work, lobbying doesn´t work via e-mail.
• Try to understand the needs of the different markets, but take care about „specific requirements“ which are propriatory.
• Keep the project interesting, the work is never done.(Testbench, XML....
Contacts for the project
• TeleTrusT: www.teletrust.deMr. Prof. Helmut Reimer, TeleTrusT e.V. [email protected]
Mr. Schneider und Herr Giessler (Editor), Fraunhofer SIT Mr. Bauspiess, Secorvo
• T7 e. V. i. G.: www.t7-isis.deMr. Bernd Kowalski, DT AG, telesec; [email protected]. Lindemann, TC TrustcenterMr. Pfeuffer, DatevMr. Horvath (Editor), SecunetMs. Ulrike Korte, Sparkassen Informatik Kooperation
• Project management and public relations:
Mr. Fiedler, Nimbus Network; [email protected]