Transboundary Trust Space

April 17, 2012

Ensuring of validity in the process of transboundary electronic interaction

(forming of transboundary trust space)

Alexander Sazonov

Regional Commonwealth in the field of communicationswww.en.rcc.org.ru

Noncommercial PartnershipNational Certification Authoritywww.nucrf.ru

Transboundary Trust Space

Presentation plan

I. Introduction. Brief information about the RCC. Primary tasks and directions of activities

II. Problematic. Questions to be discussed

III. RCC approach

IV. RCC proposals

Introduction

Regional Commonwealth in the field of communications (RCC)

December 1991 – heads of CIS states’ Communications Administrations signed Agreement on Establishment of RCC - an organization called upon to carry out cooperation between new independent states in the field of telecommunication and postal communication based on their free will, principles of mutual respect and sovereignty.

October 1992 - the Heads of Government of the CIS countries signed the Agreement on coordination of interstate relations in the field of postal and telecommunication - the RCC is vested with the authority of an interstate coordinating body in the field of postal and telecommunication.

Introduction

RCC primary tasks• extension of mutually beneficial relations between the RCC

Administrations in harmonization of development of networks and communication means

• coordination of issues in scientific and technical policy, radio spectrum management, tariff policy on communications and mutual settlement services, personnel training

• interaction with international organizations in communications and informatization

• mutual information exchange etc.

RCC activity directions

• creation of an enabling environment for cooperation in the field of ICT

• harmonization of legislation and development of standards regulations

• development of new ICT directions

• development of ICT sphere

The Strategy of CIS member states in informatization field:

Problematic

Cardinal problem of the international electronic interaction is to ensure electronic data validity

Questions to be discussed

•What best practices are there to ensure validity of actions performed in the Internet?• Do mechanisms of insurance and judicial protection need to be used when valid actions are performed in the Internet?•What peculiarities of validity ensuring of actions performed in the Internet are there in national and transboundary regimes?

•What necessary and sufficient set of attributes ensures electronic data validity?•What can be a ground for validity ensuring of actions performed in the Internet:- international agreements,- commercial usages,- combination of international regulation and self-regulation.How can we protect rights of natural persons and legal entities – participants of international trade?•What measures can be taken to counteract variousfraudulent behaviors and other abuse from part of mala fide participants of information interaction or cybercrime?•etc.

RCC approach

• What is the best way to ensure trust in information exchange? – To have a opportunity to check trust. How to do it ?

• Through direct access to a data base. In practical terms this means an access for an agency in state A to a data base of an agency in state B. Ideally it allows to interact without documents exchange at all.

• If direct access is not possible, then the solution is to have states A and B appoint trusted parties (trusted services) through which such an access could be done.

• How can authenticity и non-repudiation be ensured? Best practice is to use cryptographic means, public key technology in particular (PKI)

RCC approach

1. On the basis of a single cryptographic algorithm (realization is unlikely).

2. On the basis of different (national) cryptographic algorithms:

a. reciprocal exchange of cryptographic means;

b. use of trusted services (mediator between users of different cryptographic means)

PKI architecture variants

• What trusted services are necessary for electronic commerce – electronic signature, time stamps, accounting/registration of information interaction participants, identification and authentication procedures, data archiving, other (correlation electronic data attributes)?

• Do audit procedures need to be used to monitor activities of operators representing trusted services, and is it necessary to unify regulations of such services provision?

RCC approach

Methodology of the transboundary trust space forming and functioning in the Internet network (TTS Methodology)

Model constructions as a system’s basis:

• Accounting record (record) is data in electronic form recording subject of law legal status or recording an event happened. An accounting record comprises an aggregate of fields containing electronic content and document attributes – a result of trusted services work. Accounting record’s validity is assured by an aggregate of its attributes.

• Register system is a registration information system containing an aggregate of accounting records (primary records are stored), containing information from the interaction participants’ documents of title, with valid electronic transferable records being drawn up or issued on the above grounds.

• Model information process – a set of phases, typical for any information system:

• Activation of alterations in system (authorization, formalization of a request);

• Alterations in system, logging;• Response forming.

RCC approach

Transboundary trust space architecture components• The common trust infrastructure (CTI), consisting of trusted

services

• Register systems (information systems of various state bodies (institutions)), which interact among themselves directly via electronic transferable records, herewith, interaction validity is ensured by trusted services

• Operators of register systems and CTI services

• Auditors of register systems and CTI services operators’ activity

RCC approach

Record (document) - the common trust infrastructure object

RCC approach

Possible variant of trusted services architecture

RCC approach

Signed data validation process example

RCC approach

Using attribute certificates to manage rights vested in negotiable instruments

RCC proposals

Conclusions and suggested way forward

It is proposed to create a working group on issues of validity ensuring in the process of transboundary electronic interaction.

Possible results of group’s work could be:

• UN/CEFACT recommendation concerning forming and functioning of information systems subject to their application in the process of transboundary interaction.

• UNCITRAL (with UN/CEFACT contribution) model convention “On basics of transboundary trust space validity ensuring”.

• A joint project on the basis of the approaches proposed in the TTS Model and TTS Methodology.

Transboundary Trust Space

Thank you for attention!We are open to you views, ideas and critics!

Latest versions of the TTS Model and TTS Methodology are published at the RCC website in section RCC activities –> Informatization -> The transboundary trust space of the CIS member-states

http://www.en.rcc.org.ru/index.php/rcc-activities/informatization-/261211

Speaker

Alexander Sazonovwww.nucrf.ru

sazonov@nucrf.ru

Any questions?NationalCertificationAuthority