SlideShare a Scribd company logo

Are electronic signature assumptions realistic

Download as PPTX, PDF
Pawel Krawczyk
Pawel Krawczyk

A retrospective analysis of basic legal and technical assumptions that were laid at base of EU Directive 1999/93/EC on electronic signatures and subsequent technical standards (CWA). See http://ipsec.pl/ for more details.

Technology
1 of 9
Are electronic signature assumptions realistic? Paweł Krawczyk IPSec.pl
The Directive • Equivalency to handwritten signature – Which hadwritten signature? • At $10 CC purchase? At wedding contract? At car dealer? At notary? At church? • Sole control of the owner (AdEs 2.2c) – Reality – Polish article 47 • Utopia that turned into fetish
Technical standards • CWA 14170:2004 „A typical environment for the first case might be the home or the office, where the individual or the company has direct control of the SCS (e.g. an SCS implemented in a mobile phone). In this case, the security requirements may be met by organisational methods put in place or managed by the signer, and the technical means to ensure achievement of the security requirements may be more relaxed.”
Computer in home or office? • Direct control?? • In XXI century??? • This could be valid in 70’s – Pre-BBS, pre-FidoNet, pre-Internet • Reality of „direct control” – RDP, XDMCP, SSH, PoisonIvy... – Direct control from Romania over server in Australia with proxy in USA
Results • The Smartcard – €150’000 CC certificate, DPA protection, tamper-proof Is then inserted into... • The Signature Creation System – Pirated Windows, no patches, on admin account and out-of-date antivirus
QCA’s response • „Attack is possible, but only if using software non-compliant with recommendations found in „User manual” delivered with QCA products”
All about antivirus
SEALED 2007 • “Study on the standardisation aspects of eSignature” “The view of PKI taken in these documents is still based on the views from the 1970s and 1980s (an off-line world!) that have to some extent failed in the 1990s for various reasons”
What works out there? • Username and • Trusted email – PEC password (UK) (IT), De-mail (DE), • Server-based OCES (DK), TSCP signature (MobiTrust, (USA) Trusted Profile, OCES • Risk-based II) authentication (e- • SMS password Deklaracje) (banks) • 3rd party (EchoSign, • Software digital DocuSign) signature (UK, DK, PL – e-Sąd) • OTP tokens (banks)

Recommended

How encryption work
How encryption workHow encryption work
How encryption workYosuke Takabatake
 
E signature-signyourdoc
E signature-signyourdocE signature-signyourdoc
E signature-signyourdocKishankant Yadav
 
Wisekey italia presentation 2012
Wisekey italia presentation 2012Wisekey italia presentation 2012
Wisekey italia presentation 2012K-Team Consulting Srl
 
Document security & firewall
Document security & firewallDocument security & firewall
Document security & firewallSanjay Singh
 
DIGITAL SIGNATURE PPT
DIGITAL SIGNATURE PPTDIGITAL SIGNATURE PPT
DIGITAL SIGNATURE PPTRajanGoyal16
 
Digital signatures
Digital signaturesDigital signatures
Digital signaturesIshwar Dayal
 
Reaching Agreement: eSignature API strategies (API Days Paris 2016-12-13)
Reaching Agreement: eSignature API strategies (API Days Paris 2016-12-13)Reaching Agreement: eSignature API strategies (API Days Paris 2016-12-13)
Reaching Agreement: eSignature API strategies (API Days Paris 2016-12-13)DocuSign
 
Future of Public Key Infrastructure
Future of Public Key InfrastructureFuture of Public Key Infrastructure
Future of Public Key InfrastructureChin Wan Lim
 

Recommended

How encryption work
How encryption workHow encryption work
How encryption workYosuke Takabatake
 
E signature-signyourdoc
E signature-signyourdocE signature-signyourdoc
E signature-signyourdocKishankant Yadav
 
Wisekey italia presentation 2012
Wisekey italia presentation 2012Wisekey italia presentation 2012
Wisekey italia presentation 2012K-Team Consulting Srl
 
Document security & firewall
Document security & firewallDocument security & firewall
Document security & firewallSanjay Singh
 
DIGITAL SIGNATURE PPT
DIGITAL SIGNATURE PPTDIGITAL SIGNATURE PPT
DIGITAL SIGNATURE PPTRajanGoyal16
 
Digital signatures
Digital signaturesDigital signatures
Digital signaturesIshwar Dayal
 
Reaching Agreement: eSignature API strategies (API Days Paris 2016-12-13)
Reaching Agreement: eSignature API strategies (API Days Paris 2016-12-13)Reaching Agreement: eSignature API strategies (API Days Paris 2016-12-13)
Reaching Agreement: eSignature API strategies (API Days Paris 2016-12-13)DocuSign
 
Future of Public Key Infrastructure
Future of Public Key InfrastructureFuture of Public Key Infrastructure
Future of Public Key InfrastructureChin Wan Lim
 
Microsoft paint es un programa simple para editar gráficos
Microsoft paint es un programa simple para editar gráficosMicrosoft paint es un programa simple para editar gráficos
Microsoft paint es un programa simple para editar gráficosKatyaVanesita RZ
 
Facultad de comercio exterior administración empresarial economíca y mark...
Facultad de comercio exterior administración empresarial economíca y mark...Facultad de comercio exterior administración empresarial economíca y mark...
Facultad de comercio exterior administración empresarial economíca y mark...Gabriel Dario Enriquez Lopez
 
¿Por que es importante saber programar?
¿Por que es importante saber programar?¿Por que es importante saber programar?
¿Por que es importante saber programar?Anibal Guzmán Miranda
 
The SEO secret sauce to international success
The SEO secret sauce to international successThe SEO secret sauce to international success
The SEO secret sauce to international successOban International
 
Decagolo etico angie melisa
Decagolo etico angie melisaDecagolo etico angie melisa
Decagolo etico angie melisaAngie Melissa Monroy
 
La aventura de encontrar un empleo 18abr2013
La aventura de encontrar un empleo 18abr2013La aventura de encontrar un empleo 18abr2013
La aventura de encontrar un empleo 18abr2013AINTZANE Diez Urbieta
 
Phrasal verbs_Johan Enciso Florez Ingles B1+ UNAD 2015
Phrasal verbs_Johan Enciso Florez Ingles B1+ UNAD 2015Phrasal verbs_Johan Enciso Florez Ingles B1+ UNAD 2015
Phrasal verbs_Johan Enciso Florez Ingles B1+ UNAD 2015Johann Enflo
 
Pragmatic view on Electronic Signature directive 1999 93
Pragmatic view on Electronic Signature directive 1999 93Pragmatic view on Electronic Signature directive 1999 93
Pragmatic view on Electronic Signature directive 1999 93Pawel Krawczyk
 
How do you secure an electronic signature?
How do you secure an electronic signature?How do you secure an electronic signature?
How do you secure an electronic signature?XeniT Solutions nv
 
2017.03.30 - e-Signatures Conference for ZertES and eIDAS
2017.03.30 - e-Signatures Conference for ZertES and eIDAS 2017.03.30 - e-Signatures Conference for ZertES and eIDAS
2017.03.30 - e-Signatures Conference for ZertES and eIDAS Kyos
 
Digital signature
Digital signatureDigital signature
Digital signatureYash Karanke
 
Session 1. e-ID_esign
Session 1. e-ID_esignSession 1. e-ID_esign
Session 1. e-ID_esigne-SENS project
 
Digital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFDigital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFiText Group nv
 
OWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentationOWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentationuisgslide
 
Email Interception For The Good Guys | CloudFest 2021
Email Interception For The Good Guys | CloudFest 2021Email Interception For The Good Guys | CloudFest 2021
Email Interception For The Good Guys | CloudFest 2021Axigen
 
Cryptography: zero knowledge proof and multi party computation, OW2online, Ju...
Cryptography: zero knowledge proof and multi party computation, OW2online, Ju...Cryptography: zero knowledge proof and multi party computation, OW2online, Ju...
Cryptography: zero knowledge proof and multi party computation, OW2online, Ju...OW2
 
Online bankingsecurity
Online bankingsecurityOnline bankingsecurity
Online bankingsecurityMohammad Akteruzzaman(Nannu)
 
An Online secure ePassport Protocol
An Online secure ePassport ProtocolAn Online secure ePassport Protocol
An Online secure ePassport ProtocolVijay Pasupathinathan, PhD
 
digital signature for SMS security
digital signature for SMS securitydigital signature for SMS security
digital signature for SMS securityNilu Desai
 
Why and how to implement strong authentication on the web cartes 2010 - pat...
Why and how to implement strong authentication on the web cartes 2010 - pat...Why and how to implement strong authentication on the web cartes 2010 - pat...
Why and how to implement strong authentication on the web cartes 2010 - pat...Keynectis
 
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AliveHow to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AlivePositive Hack Days
 
130522 Analysis of Electronic Signatures in the Cdn Justice Sector
130522 Analysis of Electronic Signatures in the Cdn Justice Sector130522 Analysis of Electronic Signatures in the Cdn Justice Sector
130522 Analysis of Electronic Signatures in the Cdn Justice SectorPatrick Cormier
 

More Related Content

Viewers also liked

Microsoft paint es un programa simple para editar gráficos
Microsoft paint es un programa simple para editar gráficosMicrosoft paint es un programa simple para editar gráficos
Microsoft paint es un programa simple para editar gráficosKatyaVanesita RZ
 
Facultad de comercio exterior administración empresarial economíca y mark...
Facultad de comercio exterior administración empresarial economíca y mark...Facultad de comercio exterior administración empresarial economíca y mark...
Facultad de comercio exterior administración empresarial economíca y mark...Gabriel Dario Enriquez Lopez
 
¿Por que es importante saber programar?
¿Por que es importante saber programar?¿Por que es importante saber programar?
¿Por que es importante saber programar?Anibal Guzmán Miranda
 
The SEO secret sauce to international success
The SEO secret sauce to international successThe SEO secret sauce to international success
The SEO secret sauce to international successOban International
 
La aventura de encontrar un empleo 18abr2013
La aventura de encontrar un empleo 18abr2013La aventura de encontrar un empleo 18abr2013
La aventura de encontrar un empleo 18abr2013AINTZANE Diez Urbieta
 
Phrasal verbs_Johan Enciso Florez Ingles B1+ UNAD 2015
Phrasal verbs_Johan Enciso Florez Ingles B1+ UNAD 2015Phrasal verbs_Johan Enciso Florez Ingles B1+ UNAD 2015
Phrasal verbs_Johan Enciso Florez Ingles B1+ UNAD 2015Johann Enflo
 

Viewers also liked (7)

Microsoft paint es un programa simple para editar gráficos
Microsoft paint es un programa simple para editar gráficosMicrosoft paint es un programa simple para editar gráficos
Microsoft paint es un programa simple para editar gráficos
 
Facultad de comercio exterior administración empresarial economíca y mark...
Facultad de comercio exterior administración empresarial economíca y mark...Facultad de comercio exterior administración empresarial economíca y mark...
Facultad de comercio exterior administración empresarial economíca y mark...
 
¿Por que es importante saber programar?
¿Por que es importante saber programar?¿Por que es importante saber programar?
¿Por que es importante saber programar?
 
The SEO secret sauce to international success
The SEO secret sauce to international successThe SEO secret sauce to international success
The SEO secret sauce to international success
 
Decagolo etico angie melisa
Decagolo etico angie melisaDecagolo etico angie melisa
Decagolo etico angie melisa
 
La aventura de encontrar un empleo 18abr2013
La aventura de encontrar un empleo 18abr2013La aventura de encontrar un empleo 18abr2013
La aventura de encontrar un empleo 18abr2013
 
Phrasal verbs_Johan Enciso Florez Ingles B1+ UNAD 2015
Phrasal verbs_Johan Enciso Florez Ingles B1+ UNAD 2015Phrasal verbs_Johan Enciso Florez Ingles B1+ UNAD 2015
Phrasal verbs_Johan Enciso Florez Ingles B1+ UNAD 2015
 

Similar to Are electronic signature assumptions realistic

Pragmatic view on Electronic Signature directive 1999 93
Pragmatic view on Electronic Signature directive 1999 93Pragmatic view on Electronic Signature directive 1999 93
Pragmatic view on Electronic Signature directive 1999 93Pawel Krawczyk
 
How do you secure an electronic signature?
How do you secure an electronic signature?How do you secure an electronic signature?
How do you secure an electronic signature?XeniT Solutions nv
 
2017.03.30 - e-Signatures Conference for ZertES and eIDAS
2017.03.30 - e-Signatures Conference for ZertES and eIDAS 2017.03.30 - e-Signatures Conference for ZertES and eIDAS
2017.03.30 - e-Signatures Conference for ZertES and eIDAS Kyos
 
Digital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFDigital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFiText Group nv
 
OWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentationOWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentationuisgslide
 
Email Interception For The Good Guys | CloudFest 2021
Email Interception For The Good Guys | CloudFest 2021Email Interception For The Good Guys | CloudFest 2021
Email Interception For The Good Guys | CloudFest 2021Axigen
 
Cryptography: zero knowledge proof and multi party computation, OW2online, Ju...
Cryptography: zero knowledge proof and multi party computation, OW2online, Ju...Cryptography: zero knowledge proof and multi party computation, OW2online, Ju...
Cryptography: zero knowledge proof and multi party computation, OW2online, Ju...OW2
 
digital signature for SMS security
digital signature for SMS securitydigital signature for SMS security
digital signature for SMS securityNilu Desai
 
Why and how to implement strong authentication on the web cartes 2010 - pat...
Why and how to implement strong authentication on the web cartes 2010 - pat...Why and how to implement strong authentication on the web cartes 2010 - pat...
Why and how to implement strong authentication on the web cartes 2010 - pat...Keynectis
 
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AliveHow to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AlivePositive Hack Days
 
130522 Analysis of Electronic Signatures in the Cdn Justice Sector
130522 Analysis of Electronic Signatures in the Cdn Justice Sector130522 Analysis of Electronic Signatures in the Cdn Justice Sector
130522 Analysis of Electronic Signatures in the Cdn Justice SectorPatrick Cormier
 
How to secure electronic passports
How to secure electronic passportsHow to secure electronic passports
How to secure electronic passportsRiscure
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikPositive Hack Days
 
How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay aliveqqlan
 
Sergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveSergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveDefconRussia
 

Similar to Are electronic signature assumptions realistic (20)

Pragmatic view on Electronic Signature directive 1999 93
Pragmatic view on Electronic Signature directive 1999 93Pragmatic view on Electronic Signature directive 1999 93
Pragmatic view on Electronic Signature directive 1999 93
 
How do you secure an electronic signature?
How do you secure an electronic signature?How do you secure an electronic signature?
How do you secure an electronic signature?
 
2017.03.30 - e-Signatures Conference for ZertES and eIDAS
2017.03.30 - e-Signatures Conference for ZertES and eIDAS 2017.03.30 - e-Signatures Conference for ZertES and eIDAS
2017.03.30 - e-Signatures Conference for ZertES and eIDAS
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Session 1. e-ID_esign
Session 1. e-ID_esignSession 1. e-ID_esign
Session 1. e-ID_esign
 
Digital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFDigital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDF
 
OWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentationOWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentation
 
Email Interception For The Good Guys | CloudFest 2021
Email Interception For The Good Guys | CloudFest 2021Email Interception For The Good Guys | CloudFest 2021
Email Interception For The Good Guys | CloudFest 2021
 
Cryptography: zero knowledge proof and multi party computation, OW2online, Ju...
Cryptography: zero knowledge proof and multi party computation, OW2online, Ju...Cryptography: zero knowledge proof and multi party computation, OW2online, Ju...
Cryptography: zero knowledge proof and multi party computation, OW2online, Ju...
 
Online bankingsecurity
Online bankingsecurityOnline bankingsecurity
Online bankingsecurity
 
An Online secure ePassport Protocol
An Online secure ePassport ProtocolAn Online secure ePassport Protocol
An Online secure ePassport Protocol
 
digital signature for SMS security
digital signature for SMS securitydigital signature for SMS security
digital signature for SMS security
 
Why and how to implement strong authentication on the web cartes 2010 - pat...
Why and how to implement strong authentication on the web cartes 2010 - pat...Why and how to implement strong authentication on the web cartes 2010 - pat...
Why and how to implement strong authentication on the web cartes 2010 - pat...
 
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AliveHow to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay Alive
 
130522 Analysis of Electronic Signatures in the Cdn Justice Sector
130522 Analysis of Electronic Signatures in the Cdn Justice Sector130522 Analysis of Electronic Signatures in the Cdn Justice Sector
130522 Analysis of Electronic Signatures in the Cdn Justice Sector
 
Cyber law/Business law
Cyber law/Business lawCyber law/Business law
Cyber law/Business law
 
How to secure electronic passports
How to secure electronic passportsHow to secure electronic passports
How to secure electronic passports
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey Gordeychik
 
How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay alive
 
Sergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveSergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay alive
 

More from Pawel Krawczyk

Top DevOps Security Failures
Top DevOps Security FailuresTop DevOps Security Failures
Top DevOps Security FailuresPawel Krawczyk
 
Authenticity and usability
Authenticity and usabilityAuthenticity and usability
Authenticity and usabilityPawel Krawczyk
 
Reading Geek Night 2019
Reading Geek Night 2019Reading Geek Night 2019
Reading Geek Night 2019Pawel Krawczyk
 
Unicode the hero or villain
Unicode the hero or villain Unicode the hero or villain
Unicode the hero or villain Pawel Krawczyk
 
Get rid of TLS certificates - using IPSec for large scale cloud protection
Get rid of TLS certificates - using IPSec for large scale cloud protectionGet rid of TLS certificates - using IPSec for large scale cloud protection
Get rid of TLS certificates - using IPSec for large scale cloud protectionPawel Krawczyk
 
Presentation from CyberGov.pl 2015
Presentation from CyberGov.pl 2015 Presentation from CyberGov.pl 2015
Presentation from CyberGov.pl 2015 Pawel Krawczyk
 
Łukasz Lenart "How secure your web framework is? Based on Apache Struts 2"
Łukasz Lenart "How secure your web framework is? Based on Apache Struts 2"Łukasz Lenart "How secure your web framework is? Based on Apache Struts 2"
Łukasz Lenart "How secure your web framework is? Based on Apache Struts 2"Pawel Krawczyk
 
Leszek Miś "Czy twoj WAF to potrafi"
Leszek Miś "Czy twoj WAF to potrafi"Leszek Miś "Czy twoj WAF to potrafi"
Leszek Miś "Czy twoj WAF to potrafi"Pawel Krawczyk
 
Paweł Krawczyk - Ekonomia bezpieczeństwa
Paweł Krawczyk - Ekonomia bezpieczeństwaPaweł Krawczyk - Ekonomia bezpieczeństwa
Paweł Krawczyk - Ekonomia bezpieczeństwaPawel Krawczyk
 
Dlaczego przejmować się bezpieczeństwem aplikacji (pol)
Dlaczego przejmować się bezpieczeństwem aplikacji (pol)Dlaczego przejmować się bezpieczeństwem aplikacji (pol)
Dlaczego przejmować się bezpieczeństwem aplikacji (pol)Pawel Krawczyk
 
Filtrowanie sieci - Panoptykon
Filtrowanie sieci - PanoptykonFiltrowanie sieci - Panoptykon
Filtrowanie sieci - PanoptykonPawel Krawczyk
 
Why care about application security
Why care about application securityWhy care about application security
Why care about application securityPawel Krawczyk
 
Krawczyk Ekonomia Bezpieczenstwa 2
Krawczyk Ekonomia Bezpieczenstwa 2Krawczyk Ekonomia Bezpieczenstwa 2
Krawczyk Ekonomia Bezpieczenstwa 2Pawel Krawczyk
 
Audyt Wewnetrzny W Zakresie Bezpieczenstwa
Audyt Wewnetrzny W Zakresie BezpieczenstwaAudyt Wewnetrzny W Zakresie Bezpieczenstwa
Audyt Wewnetrzny W Zakresie BezpieczenstwaPawel Krawczyk
 
Kryptografia i mechanizmy bezpieczenstwa
Kryptografia i mechanizmy bezpieczenstwaKryptografia i mechanizmy bezpieczenstwa
Kryptografia i mechanizmy bezpieczenstwaPawel Krawczyk
 
Zaufanie W Systemach Informatycznych
Zaufanie W Systemach InformatycznychZaufanie W Systemach Informatycznych
Zaufanie W Systemach InformatycznychPawel Krawczyk
 
Real Life Information Security
Real Life Information SecurityReal Life Information Security
Real Life Information SecurityPawel Krawczyk
 
Europejskie Ramy Interoperacyjności 2.0
Europejskie Ramy Interoperacyjności 2.0Europejskie Ramy Interoperacyjności 2.0
Europejskie Ramy Interoperacyjności 2.0Pawel Krawczyk
 

More from Pawel Krawczyk (20)

Top DevOps Security Failures
Top DevOps Security FailuresTop DevOps Security Failures
Top DevOps Security Failures
 
Authenticity and usability
Authenticity and usabilityAuthenticity and usability
Authenticity and usability
 
Reading Geek Night 2019
Reading Geek Night 2019Reading Geek Night 2019
Reading Geek Night 2019
 
Effective DevSecOps
Effective DevSecOpsEffective DevSecOps
Effective DevSecOps
 
Unicode the hero or villain
Unicode the hero or villain Unicode the hero or villain
Unicode the hero or villain
 
Get rid of TLS certificates - using IPSec for large scale cloud protection
Get rid of TLS certificates - using IPSec for large scale cloud protectionGet rid of TLS certificates - using IPSec for large scale cloud protection
Get rid of TLS certificates - using IPSec for large scale cloud protection
 
Presentation from CyberGov.pl 2015
Presentation from CyberGov.pl 2015 Presentation from CyberGov.pl 2015
Presentation from CyberGov.pl 2015
 
Łukasz Lenart "How secure your web framework is? Based on Apache Struts 2"
Łukasz Lenart "How secure your web framework is? Based on Apache Struts 2"Łukasz Lenart "How secure your web framework is? Based on Apache Struts 2"
Łukasz Lenart "How secure your web framework is? Based on Apache Struts 2"
 
Leszek Miś "Czy twoj WAF to potrafi"
Leszek Miś "Czy twoj WAF to potrafi"Leszek Miś "Czy twoj WAF to potrafi"
Leszek Miś "Czy twoj WAF to potrafi"
 
Paweł Krawczyk - Ekonomia bezpieczeństwa
Paweł Krawczyk - Ekonomia bezpieczeństwaPaweł Krawczyk - Ekonomia bezpieczeństwa
Paweł Krawczyk - Ekonomia bezpieczeństwa
 
Dlaczego przejmować się bezpieczeństwem aplikacji (pol)
Dlaczego przejmować się bezpieczeństwem aplikacji (pol)Dlaczego przejmować się bezpieczeństwem aplikacji (pol)
Dlaczego przejmować się bezpieczeństwem aplikacji (pol)
 
Filtrowanie sieci - Panoptykon
Filtrowanie sieci - PanoptykonFiltrowanie sieci - Panoptykon
Filtrowanie sieci - Panoptykon
 
Why care about application security
Why care about application securityWhy care about application security
Why care about application security
 
Source Code Scanners
Source Code ScannersSource Code Scanners
Source Code Scanners
 
Krawczyk Ekonomia Bezpieczenstwa 2
Krawczyk Ekonomia Bezpieczenstwa 2Krawczyk Ekonomia Bezpieczenstwa 2
Krawczyk Ekonomia Bezpieczenstwa 2
 
Audyt Wewnetrzny W Zakresie Bezpieczenstwa
Audyt Wewnetrzny W Zakresie BezpieczenstwaAudyt Wewnetrzny W Zakresie Bezpieczenstwa
Audyt Wewnetrzny W Zakresie Bezpieczenstwa
 
Kryptografia i mechanizmy bezpieczenstwa
Kryptografia i mechanizmy bezpieczenstwaKryptografia i mechanizmy bezpieczenstwa
Kryptografia i mechanizmy bezpieczenstwa
 
Zaufanie W Systemach Informatycznych
Zaufanie W Systemach InformatycznychZaufanie W Systemach Informatycznych
Zaufanie W Systemach Informatycznych
 
Real Life Information Security
Real Life Information SecurityReal Life Information Security
Real Life Information Security
 
Europejskie Ramy Interoperacyjności 2.0
Europejskie Ramy Interoperacyjności 2.0Europejskie Ramy Interoperacyjności 2.0
Europejskie Ramy Interoperacyjności 2.0
 

Recently uploaded

Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 

Recently uploaded (20)

Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 

Are electronic signature assumptions realistic

  • 1. Are electronic signature assumptions realistic? Paweł Krawczyk IPSec.pl
  • 2. The Directive • Equivalency to handwritten signature – Which hadwritten signature? • At $10 CC purchase? At wedding contract? At car dealer? At notary? At church? • Sole control of the owner (AdEs 2.2c) – Reality – Polish article 47 • Utopia that turned into fetish
  • 3. Technical standards • CWA 14170:2004 „A typical environment for the first case might be the home or the office, where the individual or the company has direct control of the SCS (e.g. an SCS implemented in a mobile phone). In this case, the security requirements may be met by organisational methods put in place or managed by the signer, and the technical means to ensure achievement of the security requirements may be more relaxed.”
  • 4. Computer in home or office? • Direct control?? • In XXI century??? • This could be valid in 70’s – Pre-BBS, pre-FidoNet, pre-Internet • Reality of „direct control” – RDP, XDMCP, SSH, PoisonIvy... – Direct control from Romania over server in Australia with proxy in USA
  • 5. Results • The Smartcard – €150’000 CC certificate, DPA protection, tamper-proof Is then inserted into... • The Signature Creation System – Pirated Windows, no patches, on admin account and out-of-date antivirus
  • 6. QCA’s response • „Attack is possible, but only if using software non-compliant with recommendations found in „User manual” delivered with QCA products”
  • 8. SEALED 2007 • “Study on the standardisation aspects of eSignature” “The view of PKI taken in these documents is still based on the views from the 1970s and 1980s (an off-line world!) that have to some extent failed in the 1990s for various reasons”
  • 9. What works out there? • Username and • Trusted email – PEC password (UK) (IT), De-mail (DE), • Server-based OCES (DK), TSCP signature (MobiTrust, (USA) Trusted Profile, OCES • Risk-based II) authentication (e- • SMS password Deklaracje) (banks) • 3rd party (EchoSign, • Software digital DocuSign) signature (UK, DK, PL – e-Sąd) • OTP tokens (banks)