The foundation of building the Cloud of Trust is the Trust Service, which is a broker of trust services, which provides two types of services: • Signing services – providing safeguards for the created documents • Services of executing the business process – providing the evidence from the process The role of Trust Services is to aggregate in one place a variety of signing services and business process support and the exchange of trust with the other Trust Service services. Beside the services mentioned above, the cloud of trust consists of: • Certificate Services – including delivery of certificates and managing they’re lifecycle. • Control Services – providing confirmations and safeguards for signing services. • Attribute Services – which are delivering attributes needed by the business processes. • Trusted Repository – storing and sharing evidence from realised business processes. All services that make up the Cloud of Trust are connected one with another, providing evidence from the realised business processes that is needed to achieve the business goal of the participants.

1. ©2013 Trusted Information Consulting Sp. z o.o.
Trust services for business
processes
Michał Tabor
Trusted Information Consulting
Międzyzdroje, EFPE 2013

2. ©2013 Trusted Information Consulting Sp. z o.o.
Agenda
Cloud of Trust
Components of
the cloud

3. ©2013 Trusted Information Consulting Sp. z o.o.
Motivation
Deliver electronic transactions
services suitable the business
Exploit the potential of experience in
building PKI
Learn from mistakes:
– Solutions not understandable for society
– Unfitted business model

4. ©2013 Trusted Information Consulting Sp. z o.o.
Doing business
Employee - consultant
Employee wants to provide work and receive salary
Employer
Employer wants to have job done and have evidence for
accounting purposes
Need of
contract

5. ©2013 Trusted Information Consulting Sp. z o.o.
Doing business
Employee - consultant
Employee wants to provide work and receive salary
Employer
Employer wants to have job done and have evidence for
accounting purposes
Need of
contract
Process of establishing
contract
Trustworthy
contract
Meets needs
and mitigates
risk
Meets needs
and mitigates
risk

6. ©2013 Trusted Information Consulting Sp. z o.o.
Process of establishing
contract
Doing business
Employee - consultant
Employer
Need of
contract
Business process
Trustworthy
contract

7. ©2013 Trusted Information Consulting Sp. z o.o.
Business process
PKI SIGNING
Employee - consultant
Employer
Need of
contract
Trustworthy
contract

8. ©2013 Trusted Information Consulting Sp. z o.o.
Business process
Doing business
Employee - consultant
Employer
Need of
contract
Trustworthy
contract
?
Meets needs and
mitigates risk
Meets needs and
mitigates risk
?

9. ©2013 Trusted Information Consulting Sp. z o.o.
Business process
Doing business
Employee - consultant
Employer
Need of
contract
Trustworthy
contract
Meets needs and
mitigates risk
Meets needs and
mitigates risk
Cloud of trust

10. ©2013 Trusted Information Consulting Sp. z o.o.
Cloud of Trust
Workflow definition
User needs
definition
Workflows
User needs

11. ©2013 Trusted Information Consulting Sp. z o.o.
Cloud of Trust
Risk mitigation
User
Commitment
Verification
Authorization
Confirmation
User
Authentication
eSignature
Trust
Security
Workflows
User needs
Evidence

12. ©2013 Trusted Information Consulting Sp. z o.o.
Cloud of Trust
Risk mitigation
User
Commitment
Verification
Authorization
Confirmation
User
Authentication
User
Authentication
Trust
Security
Workflows
User needs
Evidence providers

13. ©2013 Trusted Information Consulting Sp. z o.o.
Trust service

14. ©2013 Trusted Information Consulting Sp. z o.o.
TRUSTED SERVICES

15. ©2013 Trusted Information Consulting Sp. z o.o.
WORKFLOW SERVICE
Process control
Signatures collection
Other evidence collection
Document dissemination
Registred email
Trade portal

16. ©2013 Trusted Information Consulting Sp. z o.o.
DOCUMENT REPOSITORY
Authenticity
Integrity
Long term preservation
Translation between
media, formats
Smart paper
Notary service

17. ©2013 Trusted Information Consulting Sp. z o.o.
SIGNATURE SERVICE
Collects signature evidence
– Authentications
– Authorisations
– Cerificates
– Attributes
– Time
Signature creation assistance
Server Signing
Mobile Signing
Signature application for standard PKI
PKI 2.0 Lightweight Certificate
Signature

18. ©2013 Trusted Information Consulting Sp. z o.o.
ATTRIBUTE SERVICE
Private data
Registers and databases
State based attributes
Declarations
External attribute
services
Bank confirmations
Trusted profile
STORK attributes
exchange

19. ©2013 Trusted Information Consulting Sp. z o.o.
CONTROLS SERVICE
Authentication
Authorisation to signature service usage
Workflow based controls
Autorisation to attributes
usage
Cards, Keys, Passwords, SMSes, …
SAML Authorisation
Signing time frame, IP, workstation
restrictions, holds, …

20. ©2013 Trusted Information Consulting Sp. z o.o.
SIGNING ENVIRONMENT

21. ©2013 Trusted Information Consulting Sp. z o.o.
SIGNATURE SERVICE

22. ©2013 Trusted Information Consulting Sp. z o.o.
MULTIPLE SERVICES

23. ©2013 Trusted Information Consulting Sp. z o.o.
Trust exchange

24. ©2013 Trusted Information Consulting Sp. z o.o.
Thank you for your attention
Michał Tabor
michal.tabor@pki2.eu
http://twitter.com/Michal_Tabor
http://pki2.eu