DOCSLIB.ORG

All-In Signing Service Reference Guide Version 1.X

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
All-In Signing Service Reference Guide Version 1.X All-in Signing Service Reference Guide Version: 2.10 © Copyright This document, its contents and the ideas and concepts referred to therein are confidential and the intellectual property of Swisscom (Switzerland) Ltd. Any use other than the intended use and any disclosure to third parties other than as stated in the terms and conditions of contract is permitted only with the prior written consent of Swisscom (Switzerland) Ltd. 2 C1 - Public Swisscom (Switzerland) Ltd Contents 1 Introduction ...........................................................................................................................................................................................4 1.1 Terms and abbreviations .....................................................................................................................................................5 1.2 Referenced documents .........................................................................................................................................................7 2 Overview and main scenarios .......................................................................................................................................................8 2.1 Overview of Trusted Timestamps and Static CMS Signatures ...........................................................................9 2.2 Overview of On Demand CMS Signatures ...................................................................................................................9 2.2.1 Step-Up authentication ............................................................................................................................................... 10 3 Preconditions and assumptions................................................................................................................................................ 11 3.1 Internet access ....................................................................................................................................................................... 11 3.2 Certificate based client authentication ..................................................................................................................... 11 3.3 Request authorisation ....................................................................................................................................................... 12 4 All-in Signing Service Introduction .......................................................................................................................................... 13 4.1 Communication Modes ..................................................................................................................................................... 13 4.2 Type of Signatures ............................................................................................................................................................... 13 4.3 Adding Trusted Timestamps ........................................................................................................................................... 13 4.4 Adding Revocation Information (long-term signature)...................................................................................... 13 4.5 Declaration of Will (Step-Up Authentication)......................................................................................................... 14 4.6 Batch Processing ................................................................................................................................................................... 14 4.7 Detached Signature and Verification.......................................................................................................................... 14 5 All-in Signing Service Interface .................................................................................................................................................. 15 5.1 Overview ................................................................................................................................................................................... 15 5.1.1 Interface Description ..................................................................................................................................................... 15 5.1.2 HTTP/1.1 Header ............................................................................................................................................................. 15 5.1.3 Swisscom Basic Profile.................................................................................................................................................. 15 5.1.4 Document Hash ............................................................................................................................................................... 15 5.1.5 Signing Options ............................................................................................................................................................... 16 5.1.6 On Demand Certificate Policy and Certification Practice Statement (CP/CPS) .................................. 25 5.2 Trusted Timestamp ............................................................................................................................................................. 26 5.2.1 Trusted Timestamp SignRequest ............................................................................................................................ 26 5.2.2 Trusted Timestamp SignResponse ......................................................................................................................... 26 5.3 CMS Signatures ..................................................................................................................................................................... 29 5.3.1 CMS SignRequest for Static Signatures ................................................................................................................ 29 5.3.2 CMS SignRequest for On Demand Signatures .................................................................................................. 31 5.3.3 CMS SignResponse ......................................................................................................................................................... 32 5.4 Asynchronous Mode ........................................................................................................................................................... 35 5.4.1 SignRequest ....................................................................................................................................................................... 35 5.4.2 SignResponse .................................................................................................................................................................... 35 5.4.3 PendingRequest ............................................................................................................................................................... 36 5.4.4 PendingResponse ............................................................................................................................................................ 37 5.5 CMS On Demand Signatures with Step-Up Authentication ............................................................................ 38 5.5.1 SignRequest ....................................................................................................................................................................... 38 5.5.2 SignResponse .................................................................................................................................................................... 40 5.5.3 PendingRequest ............................................................................................................................................................... 42 5.5.4 PendingResponse ............................................................................................................................................................ 42 5.5.5 SignResponse (SUCCESS) ............................................................................................................................................. 42 5.6 Static Plain Signatures (PKCS#1) ................................................................................................................................... 44 5.7 Fault Response Message ................................................................................................................................................... 45 5.7.1 Wrong Digest Size (example) .................................................................................................................................... 45 5.7.2 Step-Up Authentication: Mobile ID User Account Problem (example) ................................................. 45 2/68 2 C1 - Public Swisscom (Switzerland) Ltd 5.7.3 Step-Up Authentication: User Cancel (example) ............................................................................................. 47 5.7.4 Step-Up Authentication: SerialNumber Mismatch (example) .................................................................. 48 5.8 Best Practices ......................................................................................................................................................................... 49 5.8.1 On Demand Step-Up Pre-Signing Process ..........................................................................................................
Load more

Recommended publications
  • Swisscom Sustainability Report 2018
    Sustainability Report 2018 Annual Report publications Annual Report 2018 Sustainability Report 2018 2018 at a glance The Annual Report, Sustainability Report and 2018 at a glance together make up Swisscom’s reporting on 2018. The three publications are available online at: swisscom.ch/report2018 “Inspiring people” concept The networked world offers countless opportunities that we canbegin to shape today. Top quality, groundbreaking innovation, deep-rooted commitment – we feel lucky to be able to inspire people and to lead them to embrace the opportunities that a networked future offers. The images used in our reporting show how and where we inspired people in 2018: from high in the Alps to people’s homes, in business and in our Swisscom Shops. A big thank-you to all who took the time to pose for these photographs: Pius and Jeanette Jöhl with their kids at the Oberchäseren alp, a houseshare with friends in Zurich (Seraina Cadonau, Anna Spiess, Linard Baer and Johannes Schutz), Ypsomed AG in Burgdorf, Stefan Mauron, our customer Jeannette Furter, and the entire crew at House of Swisscom in Basel. Corporate Responsibility Fulfilling the expectations of our stakeholder groups in a responsible manner. Introduction Stakeholders’ letter ............................................4 Sustainable environment ......................................5 Material issues ...............................................11 Corporate Priorities and objectives up until 2020 .........................13 Responsibility strategy Priorities and objectives up until
    [Show full text]
  • Mobile Data Consumption Continues to Grow – a Majority of Operators Now Rewarded with ARPU
    Industry analysis #3 2019 Mobile data – first half 2019 Mobile data consumption continues to grow – a majority of operators now rewarded with ARPU Taiwan: Unlimited is so last year – Korea: 5G boosts usage Tefficient’s 24th public analysis on the development and drivers of mobile data ranks 115 operators based on average data usage per SIM, total data traffic and revenue per gigabyte in the first half of 2019. tefficient AB www.tefficient.com 5 September 2019 1 The data usage per SIM grew for all; everybody climbed our Christmas tree. More than half of the operators could turn that data usage growth into ARPU growth – for the first time a majority is in green. Read on to see who delivered on “more for more” – and who didn’t. Speaking of which, we take a closer look at the development of one of the unlimited powerhouses – Taiwan. Are people getting tired of mobile data? We also provide insight into South Korea – the world’s leading 5G market. Just how much effect did 5G have on the data usage? tefficient AB www.tefficient.com 5 September 2019 2 Fifteen operators now above 10 GB per SIM per month Figure 1 shows the average mobile data usage for 115 reporting or reported1 mobile operators globally with values for the first half of 2019 or for the full year of 2018. DNA, FI 3, AT Zain, KW Elisa, FI LMT, LV Taiwan Mobile, TW 1) FarEasTone, TW 1) Zain, BH Zain, SA Chunghwa, TW 1) *Telia, FI Jio, IN Nova, IS **Maxis, MY Tele2, LV 3, DK Celcom, MY **Digi, MY **LG Uplus, KR 1) Telenor, SE Zain, JO 3, SE Telia, DK China Unicom, CN (handset) Bite,
    [Show full text]
  • Vodafone Revolutionises Roaming Rules
    VODAFONE REVOLUTIONISES ROAMING RULES VODAFONE ALLOWS CUSTOMERS TO MAKE OVERSEAS CALLS AT DOMESTIC RATES Milan, May 17, 2005 – The Vodafone Group is about to revolutionise roaming prices, responding to customers’ demands for greater transparency and clarity when making or receiving calls whilst abroad. June 1 is to see the launch of Vodafone Passport, the first price plan forming part of the Group’s new Vodafone Travel Promise package. Vodafone Passport enables Vodafone customers who access the Group’s networks to make calls at domestic rates, paying just € 1.00 at the start of each call. The new offering provides Vodafone customers with greater transparency, giving better value for money and eliminating any doubts about cost effectiveness. When overseas Vodafone customers will thus be able to: • Call Italy: at the same prices charged for domestic calls, paying an additional €1.00 per call. • Receive calls: talking free of charge having paid a connection fee of just €1.00. “The nature of the Vodafone Group enables us to offer a veritable revolution in roaming services,” claimed Pietro Guindani, CEO of Vodafone Italia. “Vodafone Passport will make the customer feel at home in any country with a Vodafone network.” The new service will be available in Germany, Greece, Italy, the Netherlands, Spain, Sweden, Fiji and Japan from June 1. Hungary, Malta, Portugal, Ireland, the UK, Albania, Australia and New Zealand will introduce the price plan during the summer. Customers who use the SFR (France), Swisscom (Switzerland) and Proximus (Belgium) networks will also subsequently gain access. Vodafone Passport is the latest innovation created by the Vodafone Group with the aim of making it easier to make mobile calls when abroad and thus increase the use of roaming services.
    [Show full text]
  • Customized Area of Territory – RP126 – Sim Services
    Area of Territory – RP126 Page 1 (3) Version D rel01, 2012-11-21 Appendix 2 Agreement no: M11042701 Customized Area of Territory – RP126 – Sim Services Country Operator Brand GPR S Price Grou p ALAND, FINLAND Alands Mobiltelefon AMT ALBANIA Vodafone Albania Vodafone AUSTRALIA Telstra Corporation Limited Telstra AUSTRALIA Vodafone Network Pty Ltd Vodafone AUSTRIA A1 Telekom Austria AG A1 AUSTRIA Orange Austria Orange Telecommunication GmbH AUSTRIA T-Mobile Austria GmbH T-mobile BELARUS FE “Velcom” Velcom (MDC) BELGIUM Belgacom SA/NV Belgacom (former Proximus) BELGIUM BASE (KPN Orange Belgium) BASE BELGIUM Mobistar S.A. Mobistar BULGARIA Mobiltel M-tel CHINA, PEOPLES REP. China Mobile China Mobile CHINA, PEOPLES REP. China Unicom China Unicom CROATIA Croatian Telecom Inc. Croatian Telecom (former T-Mobile) CYPRUS MTN Cyprus Ltd (Areeba) MTN CYPRUS Cyprus Telecommunications Cytamobile- Vodafone CZECH REPUBLIC Telefónica O2 (EuroTel) Telefónica O2 CZECH REPUBLIC T-Mobile Czech Rep T-mobile CZECH REPUBLIC Vodafone Czech Rep Vodafone DENMARK TDC TDC DENMARK Telenor Denmark Telenor EGYPT Etisalat Misr Etisalat EGYPT Vodafone Egypt Vodafone ESTONIA Elisa Eesti Elisa ESTONIA Estonian Mobile Telephone EMT ESTONIA Tele2 Eesti Tele2 FAROE ISLANDS, THE Faroese Telecom Faroese Telecom FINLAND DNA Finland (fd Networks DNA (Finnet) FINLAND Elisa Finland Elisa FINLAND TeliaSonera Finland TeliaSonera FRANCE Bouygues Telecom Bouygues FRANCE Orange (France Telecom) Orange FRANCE Vivendi SFR Area of Territory – RP126 Page 2 (3) Version D rel01, 2012-11-21 GERMANY E-Plus Mobilfunk E-plus GERMANY Telefonica O2 Germany O2 GERMANY Telekom Deutschland GmbH Telekom (former T-mobile) Deutschland GERMANY Vodafone D2 Vodafone GREECE Vodafone Greece (Panafon) Vodafone GREECE Wind Hellas Wind Telecommunications HUNGARY Pannon GSM Távközlési Pannon HUNGARY Vodafone Hungary Ltd.
    [Show full text]
  • Ensuring Audit Log Accountability Through Hash Based Techniques
    International Journal of Future Computer and Communication, Vol. 1, No. 4, December 2012 Ensuring Audit Log Accountability through Hash Based Techniques Rashmita Jena, M. Aparna, Chinmaya Sahu, Rajeev Ranjan, and Rajesh Atmakuri trying to meet his sales requirements for a fiscal year. He Abstract—Audit logs are now considered good practice and a might attempt to change the transaction dates to make it standard approach for business systems. The integrity of the appear that they had transpired within the previous fiscal year auditing records themselves is critical. By simply storing all the when, in reality, they had not. Consider a school database interactions in a separate audit log does not guarantee the where a student who receives a “F” in one of his subjects, in integrity of the log. Data tampering can be done through unauthorized access and in some cases through authorized users. which he needs at least a “B”, could be highly tempted to try Results of such action can be unpleasant for business and their to dishonestly change his grade to a “B” in the database. This clients. Therefore, a demand for audit log security is needed would be an example of a student who would have to hack more than ever. This paper describes a mechanism based on into the system, unless of course the student somehow had cryptographic hash functions and trusted timestamping that access to the database containing the grade. prevents an outsider or inside intruder from silently corrupting The above discussed examples provide just a few of the the audit log. In addition it is shown that the proposed mechanism can be realized in database systems with little reasons why someone might want to tamper with a database.
    [Show full text]
  • Digital Stamp and Signature Guide
    Division of Land Use Regulation Digital Stamp and Signature Guide Instructions for E‐Submission Digital Signatures Version 1 06/05/2020 File: lur_052 Table of Contents Section 1: State Board of Professional Engineers and Land Surveyors Rules 1.1: 13:40-8.1A DIGITAL SIGNATURES AND SEALS…………………………………………………...1 Section 2: Overview……………………………………………………………………………………………………2 Section 3 Glossary of Terms…………………………………………………………………………………………2 Section 4: How Authentication Works……………………………………………………………………………..2 Section 5: Digital Signing and Sealing Plans-Example 1.………………….…………………………………..4 5.1: Bluebeam REVU Digital Signature and Seal Setup………………………………………………..4 5.2: Bluebeam Signature and Seal – Demonstration………………………………………………...…7 Section 6 Digital Signing and Sealing Plans-Example 2.…………………………………………..…………10 6.1: Adobe Signature and Seal Setup……………………………………………………….…………...10 6.2: Adobe Signature and Seal – Demonstration……………………………………………………....15 Digital Signature and Seal Guide Division of Land Use Regulation The NJ Board of Professional Engineers (PE) and Land Surveyors adopted rules for digital signatures and seals in November of 2015. Any electronic plans submitted to the Division of Land Use Regulation, where a signed and sealed plan is required, shall comply with the NJ Administrative Code governing the State Board of Professional Engineers and Land Surveyors. As a point of reference, below is the section of PE rules applicable to digital signatures and seals: N.J.A.C. 13:40-8.1A DIGITAL SIGNATURES AND SEALS a) A digital signature and seal shall carry the same weight, authority, and effect as a handwritten signature and impression-type seal when the following criteria are met: 1) The digital signing and sealing process satisfies the requirements of the Digital Signature Standard (DSS) established by the National Institute of Standards and Technology, FIPS PUB 186-4, Digital Signature Algorithm Validation System, (2014), which is hereby incorporated by reference, as amended and supplemented.
    [Show full text]
  • Virtualpatent - Enabling the Traceability of Ideas Shared Online Using Decentralized Trusted Timestamping
    Bibliographic Details BibTeX, EndNote… Related Work Authors’ Details VirtualPatent - Enabling the Traceability of Ideas Shared Online using Decentralized Trusted Timestamping Corinna Breitinger Bela Gipp Department of Computer and Department of Computer and Information Science Information Science University of Konstanz University of Konstanz [email protected] [email protected] Abstract Online discussion and sharing platforms have enabled ideas to be disseminated more quickly than ever before. However, there are many good reasons why individuals hesitate to share their ideas online. In academia, for instance, researchers may not want their contribution to be made public until after it has been published to ensure that they are appropriately credited for their work. As a consequence, novel ideas or creative work tend to only be shared within a small circle of trusted peers instead of with wider audiences online. This status quo prevents other experts on a specific topic from contributing to the discussion. In this paper, we present a proof-of-concept implementation of an online discussion and sharing platform that addresses this problem. The web- based application, coined VirtualPatent, automatically timestamps each post a user shares by creating a distributed timestamp on the blockchain of the cryptocurrency Bitcoin – a method for trusted-timestamp creation that we published in a previous paper. Unlike platform-managed timestamps, timestamps stored on the blockchain are persistent and cannot be tampered with. The system thus enables the author of a posting made online to retrospectively prove the exact time that the specific contribution was first put forth in a tamperproof manner – similar to a published paper, but with the simplicity of writing a post on a social media website.
    [Show full text]
  • European Telecoms the Digital Telco
    European Telecoms The Digital Telco - a Big Data ‘re-rater’? Industry Overview Equity | 04 September 2017 New opportunities for Telco in a Digital World Europe Telecommunications So far Telco has been the facilitator of the digital revolution. But telco too must adapt as customer demands change, digital applications proliferate and new disruptive technologies and companies threaten traditional profits. However telco is well positioned to do so, in our view, thanks to its Big Data commodity. New processes, tools and techniques could see telco exploit Big Data to defend and upsell existing revenue streams, driving cost and capex efficiencies. Analysis suggests up to 30% value upside to Euro telco as a potential mid-term re-rating catalyst. Big Data questionnaire indicates Euro Telco progress We asked questions of 13 Euro Telcos on the subject of Big Data. Responses indicate to David Wright >> Research Analyst us that progress could already be significant; the majority of telcos who answered our MLI (UK) +44 20 7995 6355 questions shifted over the past 12m from inconclusive projects to NPV +ve results. Most [email protected] focus at this stage is on Customer Care and Sales & Marketing. However there is still a Haim Israel >> long way to go with most projects still regional and not yet coordinated at Group level. Research Analyst Merrill Lynch (Israel) [email protected] Boosting revenues through data growth and new avenues Frederic Boulan, CFA >> Digitalisation fuelled by Big Data analytics provides telco with a means to better offset Research Analyst MLI (UK) legacy revenue decline and upsell existing customer relationships, while exploring new [email protected] growth opportunities.
    [Show full text]
  • Vmware Swisscom Q1 EN Case Study
    CUSTOMER SUCCESS STORY VMware Enterprise PKS VMware Enterprise PKS VMware NSX-T Data Center is has reduced development enables Swisscom to critical in keeping customer costs and improved time operationalize Kubernetes workloads separate to market for multi-cloud enterprises and service providers Swisscom Uses Kubernetes to Extend its Business on Swisscom is Switzerland’s leading telecom Cloud Choice company and one of its leading IT companies. It is headquartered close to the capital city, Bern. In 2019, 19,300 employees generated Swisscom is Switzerland’s leading telecom company and one of sales of CHF 11,453 million. the most influential IT companies. To bring new digital services to INDUSTRY market faster, Swisscom wants to increase the speed and efficiency Telco & Service Provider of its application development. VMware® Enterprise PKS enables Swisscom to take a leadership position in the emerging LOCATION Bern, Switzerland Kubernetes-as-a-Service (KaaS) market. It reduces development costs, improves development times, and creates freedom of choice VMWARE FOOTPRINT VMware Enterprise PKS around cloud deployments. It also strengthens a long-term, VMware NSX-T Data Center strategic relationship with VMware. VMware vSphere Increase the speed and efficiency of application development RELATED CONTENT • Video Swisscom is a telecom leader, but it recognizes that to compete with new providers with • Blog article disruptive business models, it needs to diversify its revenue streams. To compensate for declining revenue in the telecoms sector, Swisscom has decided to evolve its business model to emphasize customer experience, operational excellence, and new growth. “Revenue from landlines and mobiles is only going one way,” says Olivier Fournier, senior DevOps engineer, Swisscom.
    [Show full text]
  • Volte Launches
    VoLTE Launches Country Operator VoLTE Status VoLTE Launched Egypt Misr VoLTE Launched 01-Nov-18 United States of America Sprint (SoftBank) VoLTE Launched 07-Oct-18 Egypt Etisalat VoLTE Launched 25-Sep-18 South Africa MTN VoLTE Launched 13-Sep-18 Lebanon Alfa (OTMT) VoLTE Launched 12-Sep-18 Freedom Mobile (Shaw VoLTE Launched Canada Communications) 12-Aug-18 Bulgaria VIVACOM VoLTE Launched 07-Aug-18 Bulgaria Telenor (PPF) VoLTE Launched 31-Jul-18 Luxembourg Tango (Proximus) VoLTE Launched 22-Jul-18 Austria 3 (CK Hutchison) VoLTE Launched 10-Jul-18 Chile Movistar (Telefonica) VoLTE Launched 24-Jun-18 Russian Federation MTS (Sistema) VoLTE Launched 20-Jun-18 Belgium Orange VoLTE Launched 10-Jun-18 Austria T-Mobile (Deutsche Telekom) VoLTE Launched 23-May-18 Poland Play (P4) VoLTE Launched 20-May-18 Georgia MagtiCom VoLTE Launched 01-May-18 Ecuador Movistar (Telefonica) VoLTE Launched 10-Apr-18 Bahamas ALIV VoLTE Launched 31-Mar-18 India Vodafone Idea VoLTE Launched 28-Feb-18 IDC (Interdnestrkom), VoLTE Launched Moldova Transnistria 22-Dec-17 Luxembourg POST Luxembourg VoLTE Launched 13-Dec-17 Kenya Faiba (Jamii Telecom) VoLTE Launched 06-Dec-17 Armenia Ucom VoLTE Launched 04-Dec-17 Swaziland Swazi Mobile VoLTE Launched 15-Nov-17 Canada Videotron (Quebecor Media) VoLTE Launched 01-Nov-17 Bahrain Viva (STC) VoLTE Launched 22-Oct-17 Romania Digi Mobil (RCS & RDS) VoLTE Launched 19-Oct-17 Iran MTN Irancell VoLTE Launched 14-Oct-17 Iceland Nova VoLTE Launched 09-Oct-17 Mexico Telcel (America Movil) VoLTE Launched 29-Sep-17 India Airtel (Bharti
    [Show full text]
  • Electronic Signature Formats
    ETSI TS 101 733 V1.3.1 (2002-02) Technical Specification Electronic signature formats 2 ETSI TS 101 733 V1.3.1 (2002-02) Reference RTS/SEC-004009 Keywords IP, electronic signature, security ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N° 348 623 562 00017 - NAF 742 C Association à but non lucratif enregistrée à la Sous-Préfecture de Grasse (06) N° 7803/88 Important notice Individual copies of the present document can be downloaded from: http://www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http://portal.etsi.org/tb/status/status.asp If you find errors in the present document, send your comment to: [email protected] Copyright Notification No part may be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to reproduction in all media. © European Telecommunications Standards Institute 2002. All rights reserved. ETSI 3 ETSI TS 101 733 V1.3.1 (2002-02) Contents Intellectual Property
    [Show full text]
  • NIST SP 800-102, Recommendation for Digital Signature Timeliness
    NIST Special Publication 800-102 Recommendation for Digital Signature Timeliness Elaine Barker Computer Security Division Information Technology Laboratory C O M P U T E R S E C U R I T Y September 2009 U.S. Department of Commerce Gary Locke, Secretary National Institute of Standards and Technology Patrick D. Gallagher, Deputy Director Abstract Establishing the time when a digital signature was generated is often a critical consideration. A signed message that includes the (purported) signing time provides no assurance that the private key was used to sign the message at that time unless the accuracy of the time can be trusted. With the appropriate use of digital signature-based timestamps from a Trusted Timestamp Authority (TTA) and/or verifier-supplied data that is included in the signed message, the signatory can provide some level of assurance about the time that the message was signed. KEY WORDS: digital signatures, timeliness, timestamp, Trusted Timestamp Authority ii Acknowledgements The National Institute of Standards and Technology (NIST) gratefully acknowledges and appreciates contributions by Rich Davis from the National Security Agency concerning the many security issues associated with this Recommendation. NIST also thanks the many contributions by the public and private sectors whose thoughtful and constructive comments improved the quality and usefulness of this publication. iii Table of Contents 1 Introduction................................................................................................ 5 2 Authority...................................................................................................
    [Show full text]