1

Implementation of ERS by Fraunhofer SITImplementation of ERS by Fraunhofer SIT

Michael Herfert, Fraunhofer-Institute for Secure Information Technology (SIT),Rheinstrasse 75, 64295 Darmstadt, GermanyTel. +49 6151 869 329, Michael.Herfert@sit.fraunhofer.de

2

2001: 2001: ArchiArchiSigSig

2001 German ministry of work (BMWA) sponsors ArchiSig

h1 = h (Dok1)

Dok2 …

h2 = h(Dok2)

Dok1 Dok3 Dok4

h4=h(Dok4)h3 = h(Dok3)

h5 = h(h1|h2) h6 = h(h3|h4)

h7 = h(h5|h6)

TS1 = TimeStamp(h7)

T. Gondrom (Opentext), R. Brandner (InterComponentWare) andU. Pordesch (Fraunhofer SIT) initiate: Evidence Record Syntax (ERS)

3

2004: 2004: ArchiArchiSoftSoft

2001 German ministry of work (BMWA) sponsors ArchiSig

2004Fraunhofer SIT developes ArchiSoft

VerificationClient (Browser)

ArchiSoftServer

Admin-Tool

DMS-Client

DMS-Server

PKI-Services DB

JDBC

TASP

TASP

TASP-Plugin

TASPDMS-ProtocollTSP

LDAP,OCSP

9 312

6

12

3

VerificationClient (Browser)

ArchiSoftServer

Admin-Tool

DMS-Client

DMS-Server

PKI-Services DB

JDBC

TASP

TASP

TASP-Plugin

TASPDMS-ProtocollTSP

LDAP,OCSP

9 312

69 312

6

12

3

ArchiSoft generates Evidence Records

ArchiSoft works with every DMS

4

2004: 2004: ArchiArchiSoft (continued) Soft (continued)

TASP = Trusted Archive Service Protocol (simplicity!)

TSP = Time Stamp Protocol (RFC 3161)

JDBC = Java Database Connectivity

DB = Data base of DMS

Fundamentals:

• DMS client is not modified• DMS server sends ONE

message to ArchiSoft: „please notice: there is a new document“

• The DMS asks for the document when ArchiSoft builds the hash tree

• The DMS can „forget“ any problems of signature renewal, because everything is managed by ArchiSoft

• The document can be verified any time in future

1

2

3

VerificationClient (Browser)

ArchiSoftServer

Admin-Tool

DMS-Client

DMS-Server

PKI-Services DB

JDBC

TASP

TASP

TASP-Plugin

TASPDMS-ProtocollTSP

LDAP,OCSP

9 312

6

12

3

Interoperability: OpenText and Fraunhofer SIT have a common understanding of ERS

5

2005: OPENLiMit gets certified2005: OPENLiMit gets certified

Company based in Switzerland

2001 German ministry of work (BMWA) sponsors ArchiSig

2004Fraunhofer SIT developes ArchiSoft

2005OPENLiMit SignCubes gets certifified for their signature software

develops electronic signature software

6

2005: PTB developes 2005: PTB developes ArchiArchiSafeSafe

2001 German ministry of work (BMWA) sponsors ArchiSig

2004Fraunhofer SIT developes ArchiSoft

2005OPENLiMit SignCubes gets certifified for their signature software

2005

PTB developes the ArchiSafe concept

ArchiSafe creates an XML container for every document

ArchiSafe is very important for the german government

7

2007: OPENLiMit ArchiSoft2007: OPENLiMit ArchiSoft

OPENLiMit ArchiSoft =

ArchiSoft (based on ArchiSig)

+ ArchiSafe

+ OPENLiMit certified software components

OPENLiMit ArchiSoft is important for the

german government

2001 German ministry of work (BMWA) sponsors ArchiSig

2004Fraunhofer SIT developes ArchiSoft

2005OPENLiMit SignCubes gets certifified for their signature software

2005

PTB developes the ArchiSafe concept

2007-2-28OPENLiMit and SIT announce OPENLiMit ArchiSoft

2007-3-15 Prototyp at

8

About Fraunhofer Institute for About Fraunhofer Institute for SSecure ecure IInformation nformation TTechnologyechnology

• Consultancy, independent from any

company

• Security Academy

• Technology studies

• Integration of security into existing

systems

• Development of new security solutions

• Modelling of business processesHead: Prof. Claudia Eckert

SIT offers

Rheinstreet 75, Darmstadt

100 persons80 scientistsbudget: 9,75 Mio Euro