In order to activate the message exchange, two public administrations’ Access Points need to establish trust between each other. The trust models of eDelivery are all based on digital certificates.
The way these digital certificates are used in 'run time' to secure the communication between Access Points is shown below.
- The sending Access Point uses its digital certificate to sign the data and documents, it may also encrypt it using the public key of the receiver
- The receiving Access Point confirms the digital signature of the sender and decrypts the data using its digital certificate
- The receiving Access Point sends a signed receipt message to the sending Access Point
Two trust models are available to create, manage, distribute, store and revoke the digital certificates of the Access Points: either PKI model or a mutual exchange model of digital certificates. The communication between SMP and SML components is secured through two-way TLS.
Which components are involved
ETSI - Electronic Signatures and Infrastructures
Trust establishment, what are the benefits
You are certain that data and documents are secured against any modification (integrity).
You are certain that documents are encrypted during the transmission (confidentiality)
You are certain that the origin and the destination of the data and documents are trustworthy
Scalability and Performance
You are certain that the message exchange network will adapt to an increasing number of nodes, as opposed to a stable number of nodes