Architectural Design of a Conformative Authentication Service for Security Platforms

Hermansson, Mikael

January 2013

Authentication services in security platforms often need to handle different types of systems which have various requirements regarding the authentication. These requirements can often interfere with each other and the issue here is that the authentication service often needs to be manually adjusted to comply with these requirements. Therefore there is a need for a flexible architectural design which enables changes and could open up for new emerging technologies and possibilities. This thesis presents an architectural design of a conformative authentication service based on SAML 2.0 to be used in security platforms. In this thesis a requirements analysis was performed and an architectural design was developed. The architectural design presented in this thesis is conformative in various aspects, e.g. usage of various authentication methods, versatile handling of attributes, handling of various SAML 2.0 profiles, possibilities to participate in various identity federations and handling of legacy systems not supporting SAML. In addition, an evaluation comparing the candidate architectural design presented in this thesis with a currently active architectural design was performed. This evaluation showed that the candidate architectural design was considered better for more usage scenarios.

Authentication Service

Software Architecture

Security Architecture

Identity Management

Electronic Authentication

SAML

Computer Engineering

Datorteknik

La dématérialisation des actes et conventions (de l'expérience française à sa réception par le droit iranien ?) / The Dematerialization of Acts and Agreements (of the French Experience in Terms of Its Reception by Iranian Laws ?)

Kainiya, Mohammad

02 July 2011

La signature électronique se fonde sur des siècles de sciences et d'expérience mais ce n'est qu'à la fin du XXème siècle que les Américains l'ont reconnue. L'Union Européenne à son tour a adopté la signature électronique en 1999. Le législateur français s'est intéressé à une révision essentielle du droit de la preuve. Le 13 mars 2000 une loi portant sur « l'adaptation du droit de la preuve aux technologies de l'information et à la signature électronique » est promulguée par le gouvernement Jospin. Cette loi a ajouté l'alinéa 2 à l'article 1317. Cet alinéa permet d'établir et de conserver les actes authentiques, dans des conditions fixées par Décret en Conseil d'État. Une dernière phase de l’évolution du droit français de la preuve a été franchie par le décret du 10 août 2005. Ce décret a fixé les conditions relatives à l'établissement et à la conservation des actes authentiques sur support électronique. L'apport le plus important de ce décret est qu'il a inventé l'acte authentique électronique à distance encore imparfait à ce jour. A partir d'ici c'était au Conseil Supérieur du Notariat français de développer le système d'établissement et de conservation des actes authentiques en employant la clé sécurisée « Réal » et le système Télé@ctes. Il a également fondé un Minutier Central de très haut niveau de sécurité.C'est au cours des années 2000 à 2003 que le législateur iranien va s'intéresser lui aussi à l'évolution mondiale en s'inspirant des lois des autres pays, en particulier des lois de l'Union Européenne et des États-Unis. Le 8 janvier 2003 il vote une loi sur le commerce électronique et exclut les actes authentiques du champ d'application de cette loi. Le Conseil Supérieur du Notariat Iranien n'a donc pas été autorisé à établir des actes authentiques électroniques. Dans cette thèse nous avons essayé de comparer les régimes juridiques de France et d'Iran, en particulier en manière d'établissement et de conservation des actes authentiques par officier public. / The electronic signature is based on a history of scientific experiments but it is only at the end of the twentieth century that the Americans recognized electronic signature. The European Union, in its turn, adopted the electronic signature in 1999. In The French legislators became involved in a fundamental revision of the laws of the proof. On March 13, 2000, a law carrying “the adaptation of the law of the proof to information technologies and to electronic signature” was promulgated by the Jospin government. This law added the paragraph 2 in the Article 1317 which allows establishing and keeping authentications under the conditions decided by Decree in Council of State. The last phase of the evolution of the French Law of the Proof was completed by the decree of August 10, 2005. This Decree established the conditions relative to the establishment and preservation of electronic authentication. The most important contribution of this Decree was that it invented remote electronic authentication that was still imperfect to that day. From here it was in the High Council of the French Notary’s practice to develop the system of establishment and preservation of authentication. It employed the networks and secured “Real” key, the Télé@ctes system. It established Minutier Central with very high level of security.It was in 2003 when the Iranian legislators became interested in this global trend and inspired by the laws of the other countries, and in particular by laws of the European Union and the United States. On January 8, 2003, Iran approved a law on the e-commerce. the Iranian legislators excluded electronic authentication in this law. In this thesis, we are going to note some important differences between Iran and France.

Signature électronique

Droit de la preuve

Certificat électronique

Conservation

Electronic signature

Law of the proof

Electronic certificate

Preservation

Remote electronic authentication

Servicio para la generación de firma digital y autenticación electrónica usando los certificados digitales contenidos en el DNI electrónico

Vega Caspa, Jessica Carmen, Portugal Vargas, Paulo Cesar

12 June 2021

El presente proyecto de tesis “SERVICIO PARA LA GENERACIÓN DE FIRMA DIGITAL Y AUTENTICACIÓN ELECTRÓNICA USANDO LOS CERTIFICADOS DIGITALES CONTENIDOS EN EL DNI ELECTRÓNICO” busca el desarrollo de un servicio que permita la generación de firma digital de los documentos PDF para que tengan el mismo valor legal que una firma manuscrita, así como también la autenticación electrónica para el ingreso a las aplicaciones web. Este servicio permitirá usar los certificados digitales contenidos en el DNI electrónico del Perú cumpliendo la normativa legal vigente y se podrá integrar de manera fácil, rápida y sencilla a cualquier aplicación web existente o nueva. Para realizar lo antes mencionado, se implementará un servicio para la generación de firma digital, tomando como base lo establecido en la guía de acreditación de aplicaciones de software del INDECOPI, que detalla los requerimientos funcionales que debe de cumplir una aplicación de software de clave pública, el cual interactúa con el DNI electrónico. Parte de estos requerimientos serán también implementados en el servicio de autenticación electrónica, de esta manera se va a asegurar que el servicio cumpla con los requerimientos necesarios para realizar las operaciones de firma digital y autenticación electrónica haciendo uso de los certificados digitales contenidos en el DNI electrónico. La implementación de la solución propuesta contará con el desarrollo de aplicaciones de PC que se ejecutarán en las computadoras, además el desarrollo de aplicaciones web que se conectarán a estas aplicaciones de PC y también se contará con una aplicación web de mantenimiento que gestionará la autorización del uso del servicio. / This thesis project "SERVICE OF GENERATION OF DIGITAL SIGNATURE AND ELECTRONIC AUTHENTICATION USING THE DIGITAL CERTIFICATES CONTAINED IN THE ELECTRONIC DNI” searches the development of a service that allows the generation of digital signature of the PDF documents, so that they have the same legal value as a handwritten signature as well as electronic authentication to enter to web applications. This service will allow the use of the digital certificates contained in the electronic DNI of the Peru complying with current legal regulations and might be integrated easily, quickly, and simply to any existing or new web application. To do the before mentioned, it will be implemented a service for the generation of digital signature, based on what is established in the guide of accreditation of software applications of INDECOPI, which details the functional requirements that must comply with a public key software application, which interacts with the electronic DNI. Part of these requirements will also be implemented in the service of electronic authentication. This way, it will be ensured that the service complies with the necessary requirements to perform the operations of digital signature and electronic authentication by using digital certificates contained in the electronic DNI. The implementation of the proposed solution will include the development of PC applications that will run on computers. Furthermore, the development of web applications that will connect to these PC applications, and there will also be a web application of maintenance that will manage the authorization of the use of the service. / Tesis

Firma digital

Autenticación electrónica

DNI electrónico

Certificado digital

Cero papel

Transformación digital

Digital signature

Electronic authentication

Electronic DNI

Digital certificate

Zero paper

Digital transformation