EU e-signature standardisation mandate m460

Transcription

1 EU e-signature standardisation mandate m460 A Rationalised Framework for Electronic Signature Standardisation Prof. Riccardo Genghini CEN-ETSI Coordination Group Chairman ETSI-ESI Chairman ETSI All rights reserved

2 Digital Impact Digitalisation is becoming the deepest and widest ranging innovation in human history: it changes language it changes costumes it is changing law it is changing the moral code it is even changing human body 2

3 The near future Digitalisation is becoming the deepest and widest ranging innovation in human history: it changes language it changes costumes it is changing law it is changing the moral code it is even changing human body 3

4 The near future Digitalisation is becoming the deepest and widest ranging innovation in human history: it changes language it changes costumes it is changing law it is changing the moral code it is even changing human body 4

5 Some old slides

6 Some old slides: Assumptions

7 Some old slides: Goals

8 Some old slides: Problems

9 9 The solution: Co-regulation

10 10 Some old slides: 2001 EESSI

11 Some old slides: 2013 El-Sig CG El-Sig CG Electronic Signature Coordination Group

12 M460 (rationalised) description ETSI TR (43 pages) afts/tr_119000v rationalised_framework_document_stabledraft.pdf 12

13 Questions & Contact 13 ETSI All rights reserved

14 Towards a more consistent framework More sound esignature Market through The rationalisation of the legal framework The rationalisation of the standardisation framework The rationalisation of the trust framework Political decision Policy on IAS (incl. Revision of DIR 1999/93/EC...) Feasibility study on IAS Policy Mandate M CD 2010/425/EU updating CD 2009/767/EC on Trusted Lists 14 today

15 Rationalised esig Std Framework Issuing certificates Time-stamping Signing Servers Validation Services Rules & procedures Formats Signature Creation / Validation Protection Profiles TSPs supporting esignature 4 6 Trust Service Status Lists Providers 1 Signature Creation & Validation Trust Application Service Providers 5 List of TSP services approved (supervised) by National Bodies (e.g. Trusted Lists) Registered Long term preservation XAdES (XML) CAdES (CMS) PAdES (PDF) AdES in Mobile envmts ASiC (containers) SSCDs (e.g. SC) HSMs & other SCDs Signature Creation and other related Devices 2 3 Cryptographic Suites Key generation Hash functions Signature algorithms Key lengths ETSI All rights reserved

16 Consolidated view on the Work Plan Trust Service Status Lists Providers TSPs supporting esignature Trust Application Service Providers TSP Certificates TSSP SGSP SVSP Registered Information Preservation Signature Creation & Validation CAdES XAdES PAdES ASiC Signature Creation and other Related Devices SSCD Other SCDs Cryptographic Suites Suites Requirements Classify standards by: 16 ETSI All rights reserved Functional Area & Sub-Area Document type Consistent numbering scheme (i.e. EN x19000 series)

17 STF425 on a Rationalised Std Framework for esig Consistent numbering proposal (i.e series) DD L 19xxx-z-w Vm.a.b Where DD indicates the deliverable type in the standardisation process ( SR, TS, TR, EN) L 0 for SR, 1 for TS and TR, 3 for EN (ETSI specific) 4 for CEN documents 19 indicates the series of standardisation documents related to e-signatures xxx indicates the serial number ( ) Xxx identifies the area (0-6) xxx identifies a sub-area (0-generic) xxx identifies the type of document (0-; 1-PR; 2-TS; 3-CA; 4-IT) -z-w identify respectively multi-parts and sub-parts Vm.a.b identifies version numbering ETSI will use them by now CEN has booked series 17 ETSI All rights reserved

18 M/460 Phase 2 Phase 2 of the execution of the CEN and ETSI answer to mandate M/460 will be organised into three phases: Phase 2a: Coordinating the fulfilment of the Rationalised Framework for electronic signature standards as defined in Phase 1a and in line with M/460, and executing tasks that requires ETSI-CEN experts. ETSI driven, Mode 4 collaboration, Phase 2b: CEN activities, with regards to the Policy & Security Requirements (EN 419 2x1), the (EN 419 2x2) and the (EN 419 2x3) documents of the Signature Creation Devices area, the Security (Protection) Profiles for Trustworthy Systems used by TSPs supporting esignatures (EN , EN , EN , EN ) and the s for Profiles for TSP supporting esignatures (EN , EN , EN , EN ). Phase 2c: ETSI, covering the rest of the Rationalised Framework standardisation documents. PART 1 PART 2 PART 3 PART 4 PART 5 18 ETSI All rights reserved

19 Openness of EU standards The EU Standards on Electronic Signatures and PKIs have been adopted worldwide: ASIA PKI Consortium Africa PKI Forum Arab PKI Forum US Bridge CA has cross referenced them They are open to the contributions of all stakeholders In ETSI also non EU legal entities can participate. Currently: Japan Network Security Association Adobe (US public company) Turkish National CA Etc. 19 ETSI All rights reserved

20 Usefulness/Usability of EU standards Harmonised Trust-service Status Information (TSL) Current ETSI TS Future ETSI EN Secure Signature Creation Device Current Cen CWA Future Cen EN ETSI EN Qualified Certificate Current ETSI TS a.o Future ETSI EN (Annexes 1-4) Qualified Certificate Security Policy Current ETSI TS Future ETSI EN (Annexes 1-6) Signature Format Current ETSI several TSs a.o Future ETSI EN ETSI All rights reserved

21 Technic al Specifications Technic al Specifications Technic al Specifications Technic al Specifications Conclusions & Challenges Don t forget the big picture : digitalizing is not (cannot) be just about doing the same things on-line. Change has to be accepted and managed(planned) to digitalize successfully Don t try to re-invent the wheel: EU standards are open, transparent, accepted and used globally In digital business/government it is necessary to meet the REAL NEEDS of the users: because in order to function, digitalization needs (on the other side of the net) ACTIVE USERS 21 ETSI All rights reserved TSPs supporting esignature Signature Creation Devices Trust Service Status Lists Providers Signature Creation & Validation Trust Application Service Providers TSP Certificates TSSP SGSP SVSP Registered Information Preservation SSCD CAdES XAdES PAdES ASiC Other SCDs Cryptographic Suites Suites Requirements

22 Questions & Contact Riccardo Genghini Thank you! 22 ETSI All rights reserved