2. Werner Keil Thodoris Bais
Jakarta EE Specification Committee Member Jakarta EE Ambassador, EG Member JSR-385
Let’s meet
@thodorisbais@wernerkeil
3. @thodorisbais@wernerkeil
ABN Amro Bank
Financial sector
Amsterdam
Agile organization
20,000
3000+
400+
Total number of employeesEnterprise bank
Headquarters Development Teams
DevOps / Hybrid cloud Applications
4. Agenda
1. eHealth and eGovernment
2. Signatures and Certificates
3. eBanking and eBusiness
4. DSS Framework
5. Demo
6. Links / Q&A
5. eHealth refers to the use of
information and communications
technologies in healthcare.
https://www.who.int/ehealth/en/
6. eGovernment is the opening up
and adaptation of the public
sector through information and
communication technologies.
14. Authenticity of Author and Data
• Assignment of data to the signer
• Protection against denial by signatory
• Protection of data against manipulation
• On the transmission path
• Through the receiver
21. Advanced Electronic Signature
Electronic signatures, where:
• The owner can be uniquely identified and assigned to the signature
• The signature is generated by means which owner can keep under
their sole control
• It is capable of identifying if accompanying data has changed after
the message was signed
• The signature can be invalidated in the event of such change
22. Scope of Application
An advanced electronic signature holder can also be a company,
service, app, etc.
The advanced electronic signature can therefore be used to sign
documents if there are no legal formalities (personal certificates)
With the advanced electronic signature, mass signatures are
possible, for example to ensure the integrity of documents in the area
of electronic invoicing or archiving (functional certificates)
23. Qualified Electronic Signature
An advanced electronic signature based on a secure signature
creation device and a qualified certificate valid at the time of creation.
Qualified Certificates
• Serial Number
• Reference to Qualified Certificate
• Name of the owner (natural person)
• Signature verification
• Period of validity
• Certification Service
• Usage restrictions
24. Qualified Electronic Signature
with Accreditation
Provision of the PKI by a trust center that has undergone the
voluntary accreditation process.
Accreditation as a quality label provides proof of comprehensively
tested safety.
An accredited Qualified Trust Service Provider (QTSP) manages the
signature creation.
26. Certificates
The assignment of the electronic signature to the owner is carried out
by means of certificates
A certificate is an electronic document linking the public signature
verification key to the name of the holder (natural or legal person)
The most common format for public key certificates is X.509.
27. Signature Formats
There are four main types of signatures:
• XAdES (XML Document)
• CAdES (Common binaries of different kinds)
• PAdES (PDF Document)
• Associated Signature Containers (ASiC)
28. Signature Packaging
Depending on the signature format, different packaging of the
signature and the document are possible:
• Enveloped
• Enveloping
• Detached
• Internally Detached
36. DSS Framework
DSS (Digital Signature Services) is an open-source software library
for electronic signature creation and validation. DSS supports the
creation and verification of interoperable and secure electronic
signatures in line with European legislation.
Three main features can be distinguished within the framework:
• Creation of a Digital Signature
• Extension of a Digital Signature
• Validation of a Digital Signature
37. DSS Framework – Features
• Formats of the signed documents: XML, PDF, DOC, TXT, ZIP,…
• Packaging structures: enveloping, enveloped, detached and
internally-detached
• Forms signatures: XAdES, CAdES, PAdES and ASiC-S/ASiC-E
• Profiles associated to each form of the digital signature
• Trust management
• Revocation data handling (OCSP and CRL sources)
• Certificate chain building
• Signature validation and validation policy
• Validation of the signing certificate
E-government is the opening up and adaptation of the public sector through information and communication technologies.
One distinguishes between:
Internal E-Government - Use of IT within the public sector without any contact with the citizen, such as electronic medical records, exchange between public authorities, healthcare providers, pharmacies, etc.
External E-Government - Web site and services for citizens, patients, customers, companies, ...
Currently, Germany is still at an early stage of the application of e-health or M-Health. There are, however, already some advantages and possibilities to see how both are used or can be used soon. For example for:
Communication over long distances, regardless of location. Especially in rural areas, or where there is a shortage of doctors
Computer-based procedures for the collection, transmission and evaluation of health data.
The monitoring of patients, for example, the chronically ill, or voluntary self-monitoring (Quantified Self)
eIDAS: accessing Dutch government services online
The introduction of the Electronic Identification and Trust Services Regulation (eIDAS) means EU citizens from other member states can access Dutch government services online.
What government services can I access in the Netherlands?
You can use your login details for any approved European electronic identification scheme to access all the same services as Dutch people can using their DigiD. If, for example, you are a German national working in the Netherlands, you can log in using your ‘Neuer Personalausweis’ to:
see how much pension you have built up through the Social Insurance Bank (SVB);
submit your tax return to the Tax and Customs Administration;
check your pension payments to your pension provider;
object to the assessment of the value of your property under the Valuation of Immovable Property Act (WOZ);
BSN ?
The government is encouraging the healthcare sector to expand telehealth (eHealth) services. Below the goals set by the Dutch government:
Access to medical recordsAt least 80% of chronically ill people should have access to their own medical records by 2019, and at least 40% of other members of the population.
Health monitoring
By 2019 75% of chronically ill people and vulnerable elderly people should be able to monitor certain aspects of their own health and share the data with their health provider. This would include things like blood pressure and cholesterol levels.
Online contact with care provider
People receiving care and support at home should be able to communicate with their care provider 24 hours a day via a screen, if they wish.
Support for innovators via online platform
Healthcare innovators wishing to make a new digital application can go to zorgvoorinnoveren.nl (in Dutch), where they will find support to help them develop their idea swiftly and effectively into a working application. The site also has tips on getting funding.
Making digital data sharing easier
The government is consulting with healthcare administrators on standards that should facilitate digital data sharing. They are also talking to suppliers of IT systems.
Sharing eHealth knowhow
The government is bringing healthcare innovators and other parties together. It has established a startup network, for example, which includes healthcare providers, patients and lawyers. The network allows them to share knowledge and help startups and innovations advance to the next stage. Another project uses telehealth to help elderly people live independently for longer.
Personal digital healthcare environment
Some healthcare providers and IT suppliers already offer patients the opportunity to draw up and manage a personal health record (PHR). But safely combining and sharing personal health information is a complex matter, and is currently possible to only a limited extent. Various parties in the healthcare sector are therefore collaborating on a programme to give people more control over their own health.
Time saving
Patients can schedule their own appointment with their care provider online. No need to leave their home if they can arrange an online consultation (e.g. video link)
Insight into own health
A personal digital healthcare environment gives people more insight into their health. If they wish, they can share all or part of their data with a healthcare provider, so that they do not have to repeatedly relate their entire medical history. This allows the healthcare provider to work more effectively, determine the right treatment more quickly, and avoid mistakes. Patients gain more control over their own health thanks to a greater understanding of their health situation.
Lower administrative burden
Doctors have less paperwork and can share information securely and easily with colleagues.
Not all healthcare providers currently offer telehealth. But healthcare providers and patients are becoming more aware of the benefits. Many doctors now offer patients the opportunity to schedule appointments online. Around 46% of patients would like to have online access to their medical records (source: eHealth Monitor 2015), but this can only be done if there are good safeguards for privacy.
IntegrityMessages should not be able to be falsified unnoticed
Identity
A message should be clearly assigned to the sender
AuthenticityThe identity of the sender should be verifiable
ConfidentialityMessages should not be read by unauthorized persons
E-communication entails risks
Who is my counterpart?
Who is reading?
Has anyone changed something?
Solutions: E-Signature & Encryption
Unauthorised third parties cannot read an encrypted message
Electronically signed documents can not be changed unnoticed, neither during transmission nor through the receiver
-Sender can not deny text (e.g., binding offer)
The private key to be kept secret is used to encrypt the hash value of the document (= "Compressed text consisting of a sequence of binary values)
The public key can only be used for decryption and matches only one private key. It can be publicly retrieved and is often sent with the message
The private key to be kept secret is used to encrypt the hash value of the document (= "Compressed text consisting of a sequence of binary values)
The public key can only be used for decryption and matches only one private key. It can be publicly retrieved and is often sent with the message
e-SENS (Electronic Simple European Networked Services)
PSU = Payment Service User
TPP = Third Party Provider
PISP = Payment Initiation Service Provider
AISP = Account Information Service Provider
PIISP = Payment Instrument Issuer Service Provider
ASPSP = Account Servicing Payment Service Providers
XS2A = Access 2 Accounts
NCA = National Competent Authority
CSR = Certificate Signing Request
QTSP = Qualified Trust Service Provider