- From: Mountie Lee <mountie@paygate.net>
- Date: Thu, 25 Apr 2013 14:38:41 -0700
- To: Nick Van den Bleeken <Nick.Van.den.Bleeken@inventivegroup.com>
- Cc: "arun@mozilla.com" <arun@mozilla.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
- Message-ID: <CAE-+aYLo+bsi4KxKJV=iNZ+EVgG881FCJ_cvZW4E2w8Dw5h4Sg@mail.gmail.com>
Hi. the use case of EU is very similar to Korean banking use case. users have their key and certificate (the certificate is issued by trusted CA). store the key to secure location (like smartcard or secure USB dongle...) sign the document with user's decision. it reflect same behavior of real world. the key is under user's control. already I mentioned the Gap that "who own the key?" we need agreement for this gap. regards mountie. On Wed, Apr 24, 2013 at 9:42 AM, Nick Van den Bleeken < Nick.Van.den.Bleeken@inventivegroup.com> wrote: > A company wants to provide a web interface to sign a contract using a > digital signature which is legally binding in the European Union (which is > admissible as court evidence). > > This will require the use of an 'advanced electronic signature' as > defined in directive 1999/93/EC of the European Parliament and of the > Council. The key should be associated with a qualified certificate (issued > by a certified certificate authority), issued using the most stringent > processes and using the most secure type of keys (and therefore embedded in > an hardware device like a smart card or an USB dongle). > > The requirement for secure hardware prompted several European countries > to issue electronic identity cards to their citizens. Currently Austria, > Belgium, Estonia, Finland, Germany, Italy, Portugal, Spain and Sweden issue > electronic identity cards and more countries are planning on issuing them. > > These cards, many of them issued mandatory, create a large group of > users with access to secure hardware and a certificate ready to create > legally binding electronic signatures. Governments have begun using these > cards in web applications for the retrieval of official documents like > birth certificates (after authentication) or submitting online tax forms > (requiring a signature). Many more use cases for government and corporate > applications can be thought of, but in this paper we will be focussing on > signing documents. > > Requirements: > * Use the private key to perform basic cryptographic operations > * Export the certificate, including its certificate chain (the website has > to validate that the public key was issued by a certified certificate > authority) > * Specify the list certified certificate authorities when querying for a > certificate > > Kind regards, > > Nick Van den Bleeken > R&D Manager > > Phone: +32 3 425 41 02 > Office fax: +32 3 821 01 71 > nick.van.den.bleeken@inventivegroup.com > www.inventivedesigners.com > > > > > ------------------------------ > > Inventive Designers' Email Disclaimer: > http://www.inventivedesigners.com/email-disclaimer > -- Mountie Lee PayGate CTO, CISSP Tel : +82 2 2140 2700 E-Mail : mountie@paygate.net ======================================= PayGate Inc. THE STANDARD FOR ONLINE PAYMENT for Korea, Japan, China, and the World
Attachments
- image/png attachment: image002.png
- image/png attachment: image003.png
- image/png attachment: image001.png
Received on Thursday, 25 April 2013 21:39:30 UTC