BT Managed Secure Messaging. Non-Repudiation Policy

Transcription

1 BT Managed Secure Messaging Non-Repudiation Policy

2 Contents Page 1 Introduction Scope Terms and Definitions 4 2 Non-Repudiation Categories Non-Repudiation of Origin Non-Repudiation of Receipt 5 3 Non-Repudiation Evidence Types of Evidence Evidence Generation Originator NR Evidence Generation Recipient NR Evidence Generation BT NR Evidence Generation Evidence Retention Evidence Verification Evidence Validity 7 4 Obligations Originator and Recipient Certification Obligations Originator Obligations Recipient Obligations BT Obligations Trusted Third Party Obligations 9 5 Applicable Law and Liability Applicable Law Liabilities 10 6 Dispute Resolution Initiating NR Claim Dispute Resolution 11 7 References 13 8 Glossary of Terms 14 Page 2 of 16

3 9 Authorisation 15 Page 3 of 16

4 1 Introduction The aim of this document is to define the Non-Repudiation Policy for BT Managed Secure Messaging that is operated and managed by BT. It is intended to specify the criteria for the provision of non-repudiation as part of the service. BT owns and operates a secure infrastructure through which services are delivered to BT Managed Secure Messaging customers. The services delivered through BT Managed Secure Messaging benefit from security features based upon a Public Key Infrastructure (PKI). The PKI delivers electronic trust services to members of the BT Managed Secure Messaging community. 1.1 Scope This document describes the Non-Repudiation Policy elements of the PKI for the delivery of services to customers. The document does not provide details of the design or implementation of the PKI capability, but identifies key elements which are relevant to the non-repudiation of services under the BT Managed Secure Messaging. 1.2 Terms and Definitions Term Recipient Originator Trusted Third-Party Gateway BT Managed Secure Messaging Message Usage in this Document Refers to an organisation with which BT has a contract to deliver secure messages from Originators. BT is also a Recipient when it receives messages on behalf of an Originator from a third-party service provider. Refers to an organisation with which BT has a contract to deliver secure messages to Recipients. BT is also an Originator when it sends messages on behalf of a third-party service provider to a Recipient. BT shall act as a Trusted Third-Party between the Originators and the Recipients, as the Certificate Authority (CA). The BT supplied equipment located at Originator and Recipient sites for secure messaging between Originators and Recipients. There are two types of gateways, a soft gateway application or a hardware gateway The totality of all functions provided by BT as an organisation for delivery of the BT Managed Secure Messaging service and includes Certificates that are used by the Originators and Recipients. Information transmitted between an Originator and a Recipient Page 4 of 16

5 2 Non-Repudiation Categories Non-repudiation is the concept of ensuring that a party to a communication cannot later deny having taken part in all or part of a communication. Nonrepudiation helps in settling possible disputes over whether a particular event or action has taken place in a communication by collecting, maintaining, making available and validating irrefutable evidence concerning a claimed event or action to resolve disputes about occurrence or non-occurrence of an event or action. This section defines the Non-Repudiation categories supported by the BT Managed Secure Messaging PKI. In the BT Managed Secure Messaging PKI, an originator submits messages to the originator gateway for secure delivery to the recipient gateway. The recipient gateway delivers received messages to the recipient. The following NR categories shall be supported: Non-repudiation of Origin (NRO) Non-repudiation of Receipt (NRR) 2.1 Non-Repudiation of Origin Non-repudiation of origin shall provide evidence that the originator gateway is indeed the genuine originator of a message delivered to the recipient. Originator gateways shall generate evidence of origin in the form of digitally signed messages. Evidence of origin of messages shall be retained by recipients. 2.2 Non-Repudiation of Receipt Non-repudiation of receipt shall provide evidence that the recipient gateway received a message that was submitted by the originator. Recipient gateways shall generate evidence of receipts in the form of digitally signed receipts. Evidence of receipt of messages shall be retained by originators. Page 5 of 16

6 3 Non-Repudiation Evidence For any non-repudiation, evidence is a crucial focus and this is discussed in the sub-sections below. 3.1 Types of Evidence NR evidence shall include the following: Registration Authority information Certificates all signing certificates issued by the CA Certificate Revocation List (CRL) containing all revoked certificates issued by BT Managed Secure Messaging CA hierarchy and all CRL history (i.e. a revoked certificate may be removed from the live CRL once it has expired) Message data Digital Signatures (digitally signed messages, MDNs, Screen SOAP over https requests and responses) Security context information to identify the message: Date and Time of generation or processing Gateway identification Certificate Identification Message Type (File transfer, Screen SOAP over http(s) etc) 3.2 Evidence Generation Originator NR Evidence Generation Originators shall generate and retain NR evidence relating to all messages transmitted. These shall include: Message data Digital Signatures (digitally signed messages, MDNs, Screen SOAP over https requests and responses) Recipient NR Evidence Generation Recipients shall generate and retain NR evidence relating to all messages it received. These shall include: Message data Digital Signatures (digitally signed messages, MDNs, Screen SOAP over https requests and responses) BT NR Evidence Generation BT shall generate and retain the following NR evidence: Page 6 of 16

7 Registration Authority information Certificates all signing certificates issued by the CA Certificate Revocation List (CRL) containing all revoked certificates and all CRL history 3.3 Evidence Retention BT shall provide a re-verification service for up to 13 years past the end of the provision of the BT MSM Service. Each party (BT, Originators and Recipients) may securely retain their respective NR evidences for re-verification up to a period of 13 years after the evidence generation. 3.4 Evidence Verification BT shall provide a tool for the digital signature verifications. Originators or recipients shall provide the original message and evidence to be verified. Verification shall be performed as documented in [Ref: 3]. 3.5 Evidence Validity The evidence shall be deemed valid if the output of the validation shows that the signature of the message is valid and that the certificate was not revoked or expired at the time of signing. Page 7 of 16

8 4 Obligations 4.1 Originator and Recipient Certification Obligations The originators and Recipients shall notify BT promptly as documented in the CP [Ref: 1] when they require their Certificate to be revoked. The originators and recipients shall notify BT promptly of the following changes to their organisation: Change to the organisation name; Merger resulting in change to the organisation name; De-merger resulting in change to the organisation name; Company going bankrupt or entering into administration; Company ceasing operation; Change of Nominators; Change of Gateway Security Officers (GSOs). 4.2 Originator Obligations The originators shall securely store the evidence of receipt of messages sent to the recipients. The originators shall make available when requested the evidence of receipts of messages that is held by them. 4.3 Recipient Obligations The recipient shall securely store the evidence of origin of messages received from the originators. The recipient shall make available when requested the evidence of origin of messages that is held by them. 4.4 BT Obligations BT shall ensure that Certificates are revoked promptly when a revocation request is received as documented in the CP [Ref: 1]. BT shall ensure that Certificate related evidence is generated and retained: Registration Authority information Certificates all signing certificates issued by the CA Certificate Revocation List (CRL) containing all revoked certificates, and complete history of all CRLs BT shall promptly perform non-repudiation verification when requested by either the originator or recipient. Page 8 of 16

9 4.5 Trusted Third Party Obligations BT shall act as a Trusted Third Party to provide non-repudiation evidence verification in disputes between originators and recipients of BT Managed Secure Messaging. Page 9 of 16

10 5 Applicable Law and Liability 5.1 Applicable Law The law in England shall apply. 5.2 Liabilities Liabilities shall be as agreed in the contracts between BT and each of the parties. BT shall not be liable for any aspect of a dispute between parties, other than for the provision of the non-repudiation service on request from either or both of the parties in dispute. Page 10 of 16

11 6 Dispute Resolution The essence of non-repudiation is the provision of irrefutable evidence to support dispute resolution and BT will endeavour to resolve any potential dispute arising from use of BT Managed Secure Messaging. 6.1 Initiating NR Claim Any originator or recipient who has contracted to use BT Managed Secure Messaging shall initiate a Non-Repudiation claim by contacting BT in writing detailing the circumstances to the following address: Project Manager BT Managed Secure Messaging (MSM) BT Guidion House Harvest Crescent Ancells Business Park Fleet Hampshire GU51 2QP Tel: Fax: msm.support@bt.com 6.2 Dispute Resolution BT shall act as a Trusted Third Party in disputes involving an originator and the recipient. BT shall provide the non-repudiation verification process through validation of evidence using applicable cryptographic key material. This validation will confirm that the evidence is genuine of origin, or of receipt. An originator or recipient may request that BT perform the verification process in respect of specific evidence relating to a dispute or potential dispute. In these circumstances, the requestor shall identify archived evidence in their possession and provide that evidence to BT for the purposes of the verification process. BT shall perform the requested verification process and notify the outcome of that process to the requesting party - see [Ref: 3] for details of verification procedures. If either or both of the originator or recipient fails to fulfil their obligation in respect of the long term archive of evidence and cannot provide the evidence then BT shall not be obliged to perform a non-repudiation verification process and shall not be responsible for any aspect of dispute resolution between the parties. Page 11 of 16

12 If either or both of the originator or recipient does not accept the verified evidence provided by BT, then BT shall not be responsible for any further aspect of disputes resolution between the parties. Page 12 of 16

13 7 References 1. Certificate Policy 2. S3 PKI Design 3. Non-Repudiation Procedures Page 13 of 16

14 8 Glossary of Terms Term PKI NR NRO NRR CA CRL TTP SOAP STP HTTPS GSO MDNs Description Public Key Infrastructure Non-Repudiation Non-repudiation of Origin Non-repudiation of Receipt Certificate Authority Certificate Revocation List Trusted Third Party Simple Object Access Protocol Straight Through Processing Secure Hyper Text Transfer Protocol Gateway Security Officer Message Disposition Notifications Page 14 of 16

15 9 Authorisation Owner Jasper Lanek Issue and Date Issue 1.2 : Dated July 2010 Location of electronic copy P:\ISC\Documents\tScheme\Approved Change Authority Andy Travell Distribution BT Managed Secure Messaging Programme Author Jasper Lanek Audience BT Staff and BT MSM Subscribers Issue Author Date Details of Change 1.0, 1st Draft Jasper Lanek Draft issued for review 1.0 Jasper Lanek 26/02/08 Comments following QA Review 1.1 Jasper Lanek 20/05/08 Replaced BT Secure Messaging Service with new name BT Managed Secure Messaging and removed references to IFM. 1.2 Jasper Lanek July 2010 Minor update to referenced document location and contact Approvals This document requires the following approvals. Signed approval forms are filed in the project files. Name Signature Title Date of Version Issue Andy Travell IFM Project Manager 09/07/ All information in this document is provided in confidence for the sole purpose of adjudication of the document and shall not be used for any other purpose and shall not be published or disclosed wholly or in part to any other party without BT s prior permission in writing and shall be held in safe custody. These obligations shall not apply to information which is published or becomes known legitimately from some source other than BT. Many of the product, service and company names referred to in this document are trademarks or registered trademarks. They are all hereby acknowledged. British Telecommunications plc 2010 Registered Office: 81 Newgate Street, London EC1A 7AJ Page 15 of 16

16 Offices worldwide British Telecommunications plc 2010 Registered office: 81 Newgate Street, London EC1A 7AJ Registered in England No: