ID Cyber Identity Ltd bannermap
dot
dot
news
up
dot dot
E-Health
Since 2012:

PKI-Consulting in eHealth

>> Read more
border
up
dot dot
Swiss UIDB ISO6523 listed
May 2013:

Swiss Unique Business Identification Number is now ISO6523 registered.

>> Read more
border
up
dot dot
Giesecke & Devrient
November 2012:

We have presented at the G+D Security Forum.

>> Read more
border
dot
bord
dot dot
border
dot

News

E-Health

eHealth
Since 2012:

Since 2012 Adrian Mueller (ID Cyber-Identity Ltd) is consulting as a PKI expert in a large eHealth project in Germany.

Swiss Unique Business Identification Number ISO/IEC 6523 certified

Swiss Federal Administration
May 2013:

The official Swiss Federal Swiss Unique Business Identification Number (UIDB) is now certified under ISO/IEC 6523. It has been implemented and is managed by the statistical office of the Swiss federal administration to provide unique identification of business entities. Its purpose is to identify an enterprise quickly, unambiguously and on a permanent basis.

The UIDB and other characteristics of the identified organizations are managed in a specific UIDB register. The main characteristics (e.g. status or address) are publicly accessible.

ISO/IEC 6523 "Structure for the identification of organizations and organization parts" is an ISO/IEC-standard that deals with meta-identification. More about ISO/IEC 6523 can be found here.

The certification under ISO/IEC 6523 comprehends the allocation of an International Code Designator (ICD) of the value "0183" to the UIDB. The ICD is the meta-identifier issued according to ISO/IEC 6523.

The UIDB is also known as
Schweizer Unternehmens-ldentifikationsnummer - UID (German),
Numéro d'identification suisse des entreprises - IDE (French),
Numero d'identificazione svizzero delle imprese - IDI (Italian).

Presentation at the 5. Giesecke & Devrient Security Forum

Giesecke & Devrient
November 2012:

We have presented our company and UNIVERSE® (UNique Identification and VERification SErvice) at the 5. Giesecke & Devrient Security Forum in Munich. ID Cyber-Identity Ltd was chosen out of a multitude of applicants to present itself and its services.

The Giesecke & Devrient Security Forum was organized in collaboration with Munich Network.
Read more about the Giesecke & Devrient Security Forum.

CWA 16464-1, ELECTRONIC INVOICING - Part 1: Addressing and Routing Status Review

CEN
May 2012:

The CEN Workshop Agreement (CWA) 16464-1 approved by representatives of interested parties has been published by the Comité Européen de Normalisation (CEN).

A pan-European or global network for sending and receiving eBusiness messages needs a consistent addressing system. Within a framework of Conformance criteria for Interoperability between Electronic Invoicing Services, the scope of CWA 16464-1 is therefore predominantly to examine the present day selection, differentiation and usage of party identifiers in Addressing and Routing of eInvoices and eBusiness messages in Europe to foster interoperability across Service Providers.

The focus is on the so-called 4-corner model where both buyer and supplier can freely use different intermediaries and the two intermediaries exchange Invoices with each other on behalf of their clients.

To achieve a wider framework for the automatic exchange of electronic invoices and related eBusiness documents, the key requirements on Electronic Invoicing aim at more open Routing and Addressing principles to be used to enhance interoperability between trading partners, both SMEs and larger organizations. Some main requirements are the following:
  • free choice of the intermediary;
  • separation of the message envelope (header) from message content;
  • Existing unique business identifiers and numbering conventions should be used where possible e.g. GLN of GS1, D-U-N-S numbers of D&B, VAT numbers etc.
Automatic messaging between parties is based on the principle of a three layer model. Each layer performs a specific function independent of the layers above or below it:
  • (a) Content: For the automatic processing of the eDocument it contains all sorts of identifiers. But the contained identifiers should not be used for routing. Therefore it can be encrypted. (figurative: the content of a letter)
  • (b) Messaging (envelope, header): It contains the logical identifiers for endpoint addresses (where messages are to be delivered), i.e. consistent business identifiers e.g. GLN of GS1, D-U-N-S numbers of D&B or official (e.g. VAT) numbers. (figurative: the envelope of a letter containing the postal address)
  • (c) Transport: It covers identifiers on the technical network protocol used for the transmission of electronic data. These technical identifiers or addresses are based on the network protocol used. Examples are the Internet, the SWIFT network and packet switching networks such as X.25. (figurative: letter box, post office, express, Air Mail for physical transport)
Since the topic is addressing and routing the focus of the CWA 16464-1 is on the Messaging Level. It provides a clear understanding of business identifiers and numbering schemes using meta-identification according to the standard ISO 6523.

The mapping of such identifiers in the messaging level (b) to technical identifiers like an Internet address in the transport level (c) can be made transparent. The resulting directories are set up and are maintained by the Electronic Invoicing Services according to the needs of their customers. The question of a public service for such directories is left open.

Specific information is provided about current approaches for identifying participants and how to cope with Directory services.

Possible solutions concerning Standards for identification schemes are outlined. Especially the ISO 6523 Standard is outlined.

Recommendations for further work mainly concerning Directory services are outlined. Adrian Mueller is Main Author of this CWA.

It can be downloaded at CEN (Comité Européen de Normalisation).

Amendment of Swiss Law on Electronic Signature - ZertES

Swiss Federal Administration
May 2012:

The existing Swiss Law on Electronic Signature (ZertES) of December 2003 shall be replaced by a new version which adopts the new developments of using digital certificates for signature and authentication. Certificate holders can be natural persons and enterprises referenced by an official unique enterprise identification number (Swiss UID).
The focus of the existing law is on the qualified electronic signature based on a qualified digital certificate which fulfils very specific criteria. This qualified electronic signature is equivalent to a hand-written signature by a natural person according to the Code of Obligation Art. 14. In case of dispute concerning an electronic signature the holder of the relevant qualified certificate is liable against a third party unless he can prove the he did not sign (reversal of evidence).
This focus does not meet the requirements of today's eCommerce and eGovernment i.e. authentication of partners, automatic mass signature of documents, code signing and other applications of digital certificates. Therefore, the new law defines two different classes of digital certificates applicable for different applications:
  • The qualified certificate expanded by standardised attributes (like proxy) for applying qualified electronic signatures by natural persons according to Code of Obligation Art. 14.
  • The regulated certificate expanded by standardised attributes for applying a regulated signature and for authentication.
    Certificate holders can be natural persons and enterprises referenced by an official unique enterprise identification number (UID); in case of signing by a natural person the signature is not equivalent to a hand-written signature according to Code of Obligation Art. 14. However, this certificate is an official certificate for authentication of partners, automatic mass signature of documents, code signing and other applications issued by a legally recognised provider.
The evidentiary value of a qualified or regulated signature can be enhanced by time stamping. With respect to the certificate holder's liability reversal of evidence applies for qualified and also for regulated certificates however only for signing. This strong liability is stipulated in the proposed new version of Code of Obligation Art 59a. The line of reasoning is that the value of the new regulated certificate is almost nil without this strict liability.
The proposal for the AMENDMENT OF LAW ON ELECTRONIC SIGNATURE (ZertES) is open for comment until June 30. Our comment is:
  • The proposed new law itself fulfils the requirements of eCommerce and eGovernment of today since it is based on the concept of different classes of certificates applied for different applications. The problems arise from the surrounding legislation for liability.
  • The drawback is in the new version of Code of Obligation Art 59a which extends reversal of evidence also for the holder of a regulated certificate in case of signing. (If the regulated certificate is used for authentication normal liability applies.)
  • We think the statement that the value of the new regulated certificate is almost nil without reversal of evidence is not correct. Since it is a certificate issued by a legally recognised provider normal liability according to Code of Obligation Art. 41 ff is sufficient.
  • Our suggestion is to restrict liability in Code of Obligation Art 59a to qualified certificates only, i.e. keeping the existing formulation of Code of Obligation Art. 59a.
Our comment in German about " Neufassung des Bundesgesetze über die elektronische Signatur, ZertES " can be downloaded here. PDF

Update of eCH-0048 PKI-Certificate Classes

eCH
May 2012:

In order to set up trustworthy relationships for eGovernment and eCommerce X-509 certificates are used. They are not restricted to digitally signing documents but they are also used for authentication, code signing and encryption. The standard eCH-0048 PKI-Certificate Classes addresses all application fields.
The standard eCH-0048 PKI-Certificate Classes This eCH standard distinguishes basically four different classes. The criteria for the differentiation are the trust level and the function of the certificate.
  • The trust level concerns the registered and certified attributes of the certificate holder (natural or legal person, machine, process, role and others); i.e. the quality of the registration.
  • The function concerns the technical parameters according to the X.509 standard which regulate the usage of the certificate (electronic signature, non-repudiation, authentification, e-mail encryption, code signing and others).
The integration and documentation of the process from the application for a certificate to its issuing and the availability of information concerning its validity specify the different Certificate Classes.
The standard co-authored by Adrian Mueller (ID Cyber-Identity Ltd) is available (in German) at the eCH website.

CWA "Addressing and Routing Status Review" approved

CEN
15 February 2012:

The final plenary meeting of the CEN (European Committee for Standardization) Workshop on electronic invoicing (phase 3) was held on of 15 February 2012 in Brussels.
At this meeting the CEN Workshop Agreement (CWA) " Addressing and Routing Status Review" was adopted together with the other CWA's developed in the workshop.
The final version of CEN Workshop Agreement (CWA) " Addressing and Routing Status Review" will be available for download on the CEN server via the CEN website or the dedicated e-Invoice Gateway within short time.

Consultation on SuisseID specification

eCH
February 2012:

We have participated in the consultation on the new version of the specification for the SuisseID within eCH. SuisseID is a harmonized product for authentication and electronic signature based on PKI-technology in Switzerland.
eCH is the Swiss association for standardization in eGovernment. ID Cyber-Identity Ltd is an active member of eCH.

The new SuisseID-specification version 1.5 can be found on the eCH website.
Our comments can be found here.

PEPPOL Starter Kit released

PEPPOL
January 2012:

The PEPPOL (Pan-European Public Procurement OnLine) consortium has released a "Starter Kit". This document explains the different aspects of PEPPOL in order to facilitate the implementation of PEPPOL solutions for eTendering and eProcurement.
Read more about the "Starter Kit" on the PEPPOL website.

The system for the identification and addressing of participants within PEPPOL is based on the ISO/IEC 6523 standard.

CWA "Addressing and Routing Status Review" presentation

CEN
December 2011:

On 12 December 2011 the public meeting of the CEN (European Committee for Standardization) Workshop on electronic invoicing (phase 3) was held in Brussels. The CEN Workshop Agreement (CWA) " Addressing and Routing Status Review" was presented at this meeting and a discussion about the use of the Legal Entity Identifier (LEI), Global Location Number (GLN) or Value Added Tax (VAT) numbers for the purpose of addressing e-invoicing participants took place.
The official publication of th CWA will be in February 2012 alongside the other work results from the phase 3 of the CEN e-voicing Workshop.

Draft CWA "Addressing and Routing Status Review"

CEN
August 2011:

Within the CEN Workshop on e-invoicing phase 3 the Workgroup 3 "Interoperability" has released its results as draft CEN Workshop Agreements (CWA's) for public review. The CWA "Addressing and Routing Status Review" deals with the topics of "Addressing" of participants in eInvoicing (and in eCommerce in general), i.e. finding them in the network and the routing of the messages to these participants.
The Paper focuses on the identifiers used for addressing which can be summarized with the following two questions:
  • What are the identifiers currently used for addressing and how are the identification schemes they use specified?
  • How can we reconcile these identifiers to the network endpoint addresses the messages are routed to?

The Draft CWA can be downloaded from the CEN website.

UPDATE:
Only a few days after publication the Addressing and Routing draft has already had a remarkable resonance in the eBusiness community. Read the comments:

Update on ISO 17442 "Legal Entity Identifier (LEI)"

ISO
3 August 2011:

The Workgroup 6 of the ISO Technical Committee 68 "Financial Services" has published an update on their work on the draft standard ISO 17442 "Legal Entity Identifier (LEI)". The LEI is a unique business identifier which shall identify actors in financial transactions.
SWIFT has been selected as issuing organization/registration authority for the LEI and the target end date for completion of the LEI standard is January 2012.

The presentation on the update can be downloaded from the website of the Securities Industry and Financial Markets Association (SIFMA).

New ISO/IEC 6523 Registration Authority

ISO/IEC JTC1
March 2011:

ISO/IEC JTC 1/SC 32 secretariat (under the auspices of the American National Standards Institution, ANSI) is the new Registration Authority for International Code Designator (ICD) values according to since March 2011. It has taken over this activitity from British Standards Institution (BSI).

PEPPOL "Policy and recommendations for the use of Identifiers" Version 2.0

PEPPOL
January 2011:

Within the PEPPOL (Pan-European Public Procurement Online) project a "Policy and recommendations for the use of Identifiers" is maintained.
The document defines a set of identifier schemes that will be used in the context of the PEPPOL infrastructure and specifies the format in which these identifiers have to be used.
The according identifiers are applied within the exchanged business documents as well as for the addressing within the PEPPOL transport infrastructure.
In January 2011 the version 2.0 of this Policy was released. The Policy is available on the PEPPOL website.

The Swiss UID-register is online

Swiss Administration
11 January 2011:

The Swiss Law on the company identification number (UIDG) is in force since the beginning of the year 2011.
This law mandates the operating of a register which is publicly accessible.
The register can be queried at www.uid.admin.ch.

OASIS ebCore Party Id Type Technical Specification released

OASIS
5 October 2010:

The final version "OASIS ebCore Party Id Type Technical Specification v1.0" has been released. Please click here to download the specification from the OASIS website.

Comment on the Swiss ordinance on the company identification number / "Verordnung über die Unternehmens-Identifikationsnummer (UIDV)"

Swiss Administration
29 July 2010:

We have submitted a comment on the draft Swiss ordinance on the company identification number / "Verordnung über die Unternehmens-Identifikationsnummer (UIDV)" to the Swiss adminstration.

Our major concern is that according measures shall be performed that this number can be introduced smoothly in an international context. Especially should the ordinance allow the usage of a the two-letter code "CH" (the so called ISO 3166 alpha-2 code) for B2B use instead of the alpha-3 code "CHE"
In addition, an example in the accompanying report about the usage of "adminstrative numbers" for VAT-purposes should be updated.

You can download our detailed comment on UIDV from this website (German language).

Comment on OASIS ebCore Party Id Type Technical Specification v 1.0.2

OASIS
4 June 2010:

We have submitted a comment on the Committee Draft 02 of "OASIS ebCore Party Id Type Technical Specification Version 1.0" from the ebCore Technical Commmittee of OASIS (Organization for the Advancement of Structured Information Standards).

Our major comment can be summarized as follows:
The specification is focused on the usage of the Party Identifier Type as attribute values in XML-tags.
With minor adaptions to the specification, the area of application of this promising spec can be extended.
Examples are the inclusion of business identifiers as URNs in HTTP-header values, in X.509 certificates etc.

Our detailed comment can be downloaded from the OASIS comment list archive.

For details about the "OASIS ebCore Party Id Type Technical Specification Version 1.0" please see below.

Public Review of OASIS ebCore Party Id Type Technical Specification v1.0

OASIS
14 April 2010:

The ebCore Technical Commmittee of OASIS (Organization for the Advancement of Structured Information Standards) has issued the "OASIS ebCore Party Id Type Technical Specification Version 1.0". The specification is now in OASIS public review.

The abstract of the document states the following:
"A mechanism for the identification of business partners in XML business documents and XML message headers based on URN-based identifier types is required in many electronic business exchanges. This specification specifies a formal URN-based mechanism for referencing party types from the ISO 6523, ISO 9735 and ISO 20022 identification scheme catalogs using the oasis URN namespace. Sample applications include (but are not limited to): ebXML message headers; ebXML collaboration protocol profiles and agreements; UBL, UN/CEFACT and OAGIS XML business documents; and the UN/CEFACT SBDH."

The specification references the CWA 16036 on "Cyber-Identity: Unique Identification of organizations and parts thereof".

Please click here to download the specification from the OASIS website.

Information about the Public Review of the specification can be found in the anouncement on the OASIS Mailing List Directory.

Comment on Final Report of Expert Group on eInvoicing

EU
1 March 2010:

We have submitted a comment on the Final Report of Expert Group on eInvoicing.

For details about the report, please see below.

Please click here to download our comment.

Final Report of Expert Group on eInvoicing

EU
31 November 2009:

The European Commission's Expert Group on eInvoicing has released its final report. It provides a set of recommendations for a European Electronic Invoicing Framework, supporting the uptake of cross border interoperable eInvoicing solutions, with a particular focus for uptake among SMEs.
This includes the guidance recommendation 5.5.5 "Addressing and Routing" which stresses that existing identification schemes should be used for this purpose and that a discussion based on the CEN CWA on Cyber-Identity shall be convened.
Background information and a download link can be found on the EC DG Enterprise website and on the Single Market thematic website.

Please click here for a direct download of the report.

CWA on Cyber-Identity released

CEN
November 2009:

The CEN (Comité Européen de Normalisation) CWA (CEN Workshop Agreement) 16036 on "Cyber-Identity: Unique Identification of organizations and parts thereof" has been released.
It deals with unique identifiers of organizations (and parts thereof) which point to information related to the organization (or a part thereof). They are provided by registration authorities like GS1, D&B or Commercial Registries. This also comprehends a reliable routing and addressing scheme. Verifying such addressed information by a Trusted Third Party opens up a new range of applications in the areas of eCommerce, Supply chain, eInvoicing, conformity assessment.
We have provided substantial input to this document.

You can read a summary of CWA 16036 (7 pages).

And you can download CWA 16036 from the CEN FTP server.

dot

dot
treelogix media SA - CH 6934 Bioggio