Time Stamping Policy
Size: px
Start display at page:

Download "Time Stamping Policy"

Transcription

1 Magyar Telekom Qualified Times Stamping Service Time Stamping Policy Specific object identifier (OID): Version number: Registration number:.. Date of entry into force:

2 Change management Version Date number Description of the change First version (technical working materials) Improved draft Controlled version Version submitted to Magyar Telekom Rt Version submitted to the National Infocommunications Authority Changes made after authority review Final version submitted to the Authority Amendment for Magyar Telekom name change and its consequences Incorporation of the proposals of the external expert review Corrections made according to the comments of the Office of the National Infocommunications Authority Corrections made according to the comments of the 2006 Authority review Amendment according to the comments of the Authority (HL-923-1/2009) Review in connection with the termination of authentication services and the continued provision of qualified time stamping service Changes connected with the implementation of resolution no. EF /2011 of the National Media and Infocommunications Authority and incorporation of the organizational changes Incorporation of statutory, organizational and personnel changes Amendment made by: Zoltán Domokos Controlled by: Dr. Péter Demény Approved by: Péter Mátyás Technology/Technology platform branch Group Legal Directorate Technology/Technology platform branch IT security service technical supervisor Legal consultant Head of department Database and ISP Services 2 (altogether: 28)

3 Contents Change management Introduction The regulation Scopes of the TSP The Service Provider Definition of the time stamping service Standards and regulatory compliance Availability, identification of the TSP Community and applicability General provisions Components of the time stamping service The time stamping service provider Endusers TSP and Time Stamping Service Regulations Connection of the TSP and the Time Stamping Service Regulations Service Provider s regulations concerning the time stamping service Principles of elaboration of TSP and IBSzSz Time Stamping Policy (TSP) Overview Identification Time stamping service user Compliance of the time stamping service Obligations and liability Service Provider s obligations to the endusers Subscriber s obligations Recommendations concerning the stakeholder Liability Requirements for operation Regulation and publication of the time stamping service Regulation of the time stamping service Publication of the time stamping service Key management Generation of the signing key of the time stamping service Protection of the Service Provider s private key Publication of the Service Provider s public key Validity of the Service Provider s key Ending the use of the Service Provider s key Life cycle of the HSM unit Time stamping service (altogether: 28)

4 5.3.1 Time stamp profile Clock synchronization with the UTC Operation and management of the time stamping service Security precautionary measures Classification of components Personnel precautionary measures Physical precautionary measures Operation Management of access authorizations Installation, maintenance of the system Business continuity of the time stamping service Stopping the operation of the Service Provider Regulatory compliance Recording of the data connected with the time stamping service Organization structure Signs, abbreviations and definitions References (altogether: 28)

5 1 Introduction 1.1 The regulation This regulation defines the requirements of the operation of the times tamping service provided by Magyar Telekom Nyrt. as Qualified Time stamping Service Provider (hereafter: service provider), the structure of the time stamp, the rules concerning the time stamping service management and the life cycle of the key management belonging to the time stamp and other general requirements. The full name of the document is: Magyar Telekom Qualified Time Stamping Service Time Stamp Policy Short name of the document: Time Stamp Policy (hereafter: TSP). The procedural and other rules concerning the time stamping service not contained in the TSP are given in the Magyar Telekom Time Stamping Service Regulation (hereafter: IBSzSz) [6]. 1.2 Scopes of the TSP Material scope of the TSP The material scope of the TSP extends to the provision of the service described in the subchapter {1.4 Definition of the time stamping service} and to all the objects and tangible assets connected with this service. Area scope of the TSP The area scope of the TSP extends to the entire territory of Hungary. Time scope of the TSP The TSP has indefinite time scope from the date of entry into force of the version of the regulation shown on the cover page. The time scope of the TSP will end on termination of the time stamping service and/or on entry into force of a new version of the regulation. Personnel scope of the TSP The personnel effect of the TSP extends to each and every member of the user community defined in the subchapter {1.8 Community and applicability}, to every natural person and legal entity and person without legal entity. 5 (altogether: 28)

6 1.3 The Service Provider In the TSP under Service Provider Magyar Telekom Qualified Time Stamping Service Provider (time stamp organization) created by Magyar Telekom Nyrt. - within its own organization - shall be understood. In a legal sense the Service Provider is represented by Magyar Telekom Nyrt. Date of registration of the Service Provider as qualified service provider: 01 October 2004 The data of the Service Provider (Magyar Telekom Nyrt.) are the following: Name: Magyar Telekom Távközlési Nyilvánosan Működő Részvénytársaság Trade register number: CG Registered offices: 1013 Budapest, Krisztina krt. 55. Mail address: 1541 Budapest Telephone: Fax: Website: Availability data of the Qualified Time Stamp Organization are the following: Name: Magyar Telekom Nyrt./ Qualified Time Stamp Organization Address: 1117 Budapest Magyar tudósok körút 9. Telephone: Fax: Mail address: 1541 Budapest Website: zolgaltatas timestamp@telekom.hu The business hours of the Time Stamp Organization are usually 8:00 to 16:00 hours on working days, but on some days it may have different business hours. Outside the above business hours fault reports can be made and certificate of authentication to request time stamp can be withdrawn on the following telephone number: telephone number of the 24-hour duty service: The current data of the Time Stamp Organization can also be checked on the above internet site of the Service Provider. 6 (altogether: 28)

7 The availability data of the other organizations connected with the time stamping service are given in the IBSzSz [6] document. Magyar Telekom performs the certified Timestamp service in accordance with [1],[2],[3] laws and the applicable standards - referred to in the References part. Compliance with the law and the standards is certified by an accredited certifier organization by way of compliance assessment and the activity is supervised by the Trusted Service Supervision Authority (National Media and Info-Communications Authority). 1.4 Definition of the time stamping service According to the definition of the eidas regulation, the electronic time stamp means data in electronic form which binds other data in electronic form to a particular time establishing evidence that the latter data existed at that time; Article 97 (1) of Act CCXXII of 2015 If the document has been provided with qualified electronic signature or stamp, or time stamp, and no other follows from the result of the control of the signature or the stamp or the, it shall be presumed that the content of the document has not changed since the placement of the signature or the stamp or the time stamp. In the course of the time stamping service the Service Provider links a time stamp to the electronic document. The time stamping service provides proof that the data element existed in unchanged from at a given time (proof of existence). If the data element had been signed by the party requesting the data before sending it to the time stamping service provider, then the time stamping service provides proof that the given data element existed and was in the possession of this entity at the given time (proof of possession). The time stamping service provider as third party reliably provides the time stamping service. The time stamping service provider by the Service Provider can be linked to a document provided with enhanced or qualified signature, and can also be used with files not provided with signature. Two types of activity can be connected to the service: time signal provision, which the Service Provider reserves for the time stamping service, for synchronizing with authenticated time source and the time stamping service itself, which the Service Provider provides as qualified time stamping service to its customers (on subscription basis). Two types of basic operation have to be performed in the use of the time stamps: 7 (altogether: 28)

8 time stamping (process) which links the data with time values using cryptographic tools and time stamp control (process) which evaluates the compliance of these connections. In the course of the time stamping service the Service Provider (certifiably) does not learn the content of the time stamped document, it only manages its impression. The Service Provider recommends two types of access to the time stamping service: the first is usually specific - dedicated - access which it typically provides for customers with large traffic 1 the second is internet-based access with which the service can be extended to the widest possible scope of users. In terms of accuracy and security the time stamping infrastructure of the Service Provider complies with the relevant provisions of BM regulation no. 24/2016. (VI.30) [3], and the ETSI EN [4] and the ETSI EN [7] standards. 1.5 Standards and regulatory compliance In content and structure the present TSP is in compliance with the ETSI EN [x], ETSI EN [4] and ETSI EN [7] [7] EU standards for time stamping service providers and time stamping service provision. In terms of content the TSP satisfies the requirements and recommendations of the Hungarian regulations as well as the internal regulations of the Service Provider and uses the [5] technical specifications. The time stamps issued according to this Qualified Time Stamping Policy comply with the requirements of the ETSI EN [4] standard. In the time stamps issued by itself the Service Provider uses its own OID and supports the ETSI time stamping policy (BTSP). 1.6 Availability, identification of the TSP The full name of the document can be found in the subchapter {1.1 Regulation}. The TSP can be identified with the following data: 1 This involves certain technical constraints, for example, it may require the use of leased line communication channels or other specific solutions. 8 (altogether: 28)

9 Specific object identifier (OID):... TSP Found on the cover page of the Registration number:... can be found on the cover page of the TSP Version number:... can be found on the cover page of the TSP Date of entry into force can be found on the cover page of the TSP Technical identifier of the time stamping service:... Magyar Telekom TSA v1.0. The TSP is a public document the timely version of which the Service Provider publishes on the internet at Community and applicability The community belonging to the Service Provider s time stamping service (hereafter: Community) consists of the following: organizations of the Service Provider s time stamping service: - Time Stamping Organizations, as the organization responsible for the operation of the time stamping servers, customer service. Magyar Telekom Technology platform branch, Database and ISP services department ISP group, as operator of the time signal provision service, the endusers {subchapter 2.3}. 9 (altogether: 28)

10 2 General provisions Components of the time stamping service Two types of activity can be connected to the authentic time data: the time stamping service itself, with which as qualified time stamping service the Service Provider supports its external and internal customers (on subscription basis). Time stamping service management processes, authentic time signal provision Two types of basic operation have to be performed in the course of the time stamping service: time stamping (process) which links the data with time values using cryptographic tools and time stamp control (process) which provides the following functions: - evaluates the compliance of the connections used in the time stamping and/or if necessary, intervenes, - supervises the internal synchronization, operation of the time stamping servers, intervenes in case of failure, - ensures the synchronization of the UTC 2 used for the time stamping to the time base, - supervises, maintains the traffic of the time stamping servers, makes the necessary backups, - supervises the authenticity of the time of the time stamps on the basis of the rules described in the subchapter {5.3.2 Clock synchronization with the UTC}. The Service Provider issues the certificates belonging to the key pairs used in the time stamping from Magyar Telekom RootCA For more information about the operation of Magyar Telekom RootCA 2011 see chapter 6 of the IBSzSz[6]. In the course of the time stamping service the Service Provider (certifiably) does not learn the content of the time stamped document, it only manages its impression. In terms of accuracy and security the time stamping infrastructure of the Service Provider complies with the relevant provisions of BM regulation no. 24/2016. (VI.30) [3], and the ETSI EN [4] and the ETSI EN [7] standards. 2 UTC: Coordinated Universal Time 10 (altogether: 28)

11 2.2 The time stamping service provider The time stamping service is provided by the Service Provider specified in the {1.3 The Service Provider} subchapter. 2.3 Endusers The endusers of the time stamping service provided by the Service Provider can be the following: the subscriber who uses the time stamping service on the basis of contract with the Service Provider, the stakeholder. The subscriber can be any natural person or legal entity or organization without legal personality who/which accepts the obligations laid down in the regulations of the Service Provider (in particular in this TSP), and pays for the service. The subscriber is in contractual relationship with the Service Provider in the relevant Time Stamping Service Provision contract in the following: ISzSz [9], in compliance with the General Terms and Condition of Magyar Telekom s Time Stamping Service (hereafter: GTC ) [8] and the TSP documents. The Service Provider communicates with the subscriber primarily through the Time Stamping Organization. Subscriber may use the time stamping service exclusively in the manner and for the purpose determined in the TSP and the ISzSz. The stakeholder can be any natural person or legal entity or organization without legal personality, the member of such Community who is the recipient of the electronic document and who acts with reliance on an authenticated time when controlling the authenticity of the signature and/or the time stamp. 2.4 TSP and Time Stamping Service Regulations Connection of the TSP and the Time Stamping Service Regulations The Service Provider, as qualified time stamping service provider provides the services specified in the {1 Introduction}.. The Service Provider has service regulations for the time stamping service provided by it which go under the short name of: IBSzSz [6]. The legal, commercial and other procedural rules of the time stamping service, not regulated in the TSP, are contained by the Service Provider s effective IBSzSz document. The IBSzSz is a public document the timely version of which the Service Provider publishes on the internet at 11 (altogether: 28)

12 Service Provider s regulations concerning the time stamping service The Service Provider s public regulations concerning the time stamping service are the following: - TSP (this document), - IBSzSz [6], - ÁSzF (GTC) [8] Principles of elaboration of TSP and IBSzSz The TSP contains the requirements for the Service Provider and the time stamping service. The IBSzSz contains the organizational, process and personnel rules supporting concrete implementation, based on and in compliance with the Service Provider s internal and public regulations. 12 (altogether: 28)

13 3 Time Stamping Policy (TSP) 3.1 Overview The Service Provider s time stamping service may be used by the subscribers specified in the {2.3 Endusers} subchapter under contract with the Service Provider for the purpose specified therein. Service Provider will not restrict the use of the time stamping service in the respect of the type or authentication of the electronic document provided with the time stamp.. In the respect of the general rules of operation of the time stamping service the Service Provider follows the[4] standard, while in the respect of the user and time stamp support applications and the profile of the time stamp its structure and content it follows the [7] standard. In the course of the time stamping service,in the respect of communication between the Service Provider and the endusers, the Service Provider complies with the [5] standard, and ensures the accuracy of the time stamping service. As far as accuracy is concerned, the variation must always be smaller than 500 milliseconds. 3.2 Identification The identification and availability of the present TSP are as described in the subchapter {1.6 Availability, identification of the TSP}. Every time stamp contains the OID number of this TSP. 3.3 Time stamping service user The Service Provider s time stamping service may be used by the Community defined in the {1.7 Community and applicability} subchapter, and by Subscribers on the basis of contract with the Service Provider, in the manner defined therein Compliance of the time stamping service Service Provider ensures the compliance of the time stamping service according to the regulatory and technical standards defined in the {1.5 Standards and regulatory compliance} subchapter, through regular audits performed by external and internal auditors. 13 (altogether: 28)

14 4 Obligations and liability It is the fundamental duty of the Service Provider to provide the agreed time stamping service in compliance with this and the other public regulations, contract the [6], [7], [8], [9] documents, and the Service Provider s internal security regulations. The general obligations of the Service Provider are defined in the IBSzSz [6] document {9.6.1 Liability and warranty of the time stamping service provider} subchapter. 4.1 Service Provider s obligations to the endusers In the course of the provision of the time stamping service Service Provider undertakes the following obligations to the endusers: - it ensures that the time stamp response contains, apart from the elements added in the time stamping procedure, the same data as the request. - the issued time stamp does not contain erroneous data, - will not learn the content of the time stamped document, it will only manage its impression, - it will only use the signing key of the time stamp within the framework of time stamping, - it will issue the time stamp with an accuracy inside 500 milliseconds, - ensures the reliability and security of the time stamping service in compliance with the requirements applicable to qualified authentication service providers. - records every important event connected with time stamping, logs these and safely stores the log files. 4.2 Subscriber s obligations The obligations of the subscriber in the context of the Service Provider s time stamping service are determined by the following. To use the time stamping service Subscriber must ensure the infrastructure of communication with Service Provider s time stamping units (e.g. internet or leased line connection), as well as the software application required for using the service, in accordance with the technical conditions agreed with the Service Provider in advance. Service Provider must, through the entire process, cooperate with the subscriber. Subscriber and Service Provid- 14 (altogether: 28)

15 er may agree that Service Provider establish the above-mentioned communication connection and/or provide the software application for a special fee. For the purpose of provision of the time stamping service, Subscriber shall submit to the Service Provider the data necessary for issuing the authentication certificate in accordance with the contract between the parties. Subscriber shall share with its users authorized to use the service and install the authentication certificate received from the representative of the Service Provider; in doing so it shall act with due care to prevent the illegal use of the private key belonging to the certificate (and thus of the service itself). Subscriber shall give information and guidance to its authorized users about the use of the service and the prevention of the illegal use of the private key belonging to the authentication certificate. Subscriber shall, without delay, notify the Service Provider if the private key of the authorization certificate has been compromised or if it has learned about any illegal use thereof. Service Provider waives any liability for damages caused by the illegal use of the authentication certificate. Subscriber shall pay the fee of the time stamping service in accordance with its contract with the Service Provider. The basis of calculation of the fee is successful service of the time stamping request with the authentication certificate. The Service Contract may also dispose otherwise. 4.3 Recommendations concerning the stakeholder In the course of the time stamping service the Service Provider is not in contract with the stakeholder therefore, instead of obligations the Service Provider makes recommendations to the stakeholder. The recommendations for the stakeholder are determined by the IBSZSZ [6] regulation and by the following. If the stakeholder wants reasonably to rely on a time stamp, it is recommended that it control the time stamp as well as the validity of the certificate of the time stamping unit (time stamping server) and/or the validity of the RootCA 2011 certificate of the issuing Magyar Telekom by using the valid revocation status information, in compliance with the regulations. The recommended steps of control of the time stamps issued by the Service Provider are the following: check whether the Service Provider has electronically signed the time stamp, whether the Service Provider s signature has been executed with the key used for the time stamping and whether the certificate belonging to it is valid, 15 (altogether: 28)

16 the users of the time stamp can control the validity of the service provider s certificate on the basis of the CRL published with the frequency determined in the IBSzSz [6] which can be reached on thehttp:// website. 4.4 Liability The liability of the Service Provider is determined in the IBSzSz [6] {9.6} and {9.2 Financial liability, liability insurance} and by the following. The time stamping organization of the Service Provider is responsible for the issue of the authentication certificate for using the time stamping service, for creating the connected key pair and for submission of these to the Subscriber in a safe manner. Service Provider is responsible for the revocation, on the request of the Subscriber, of the authentication certificate for using the service. The liability of the subscriber and the stakeholder is determined in the IBSzSz [6] regulation {9.6.2 Subscriber s liability and warranty} and {9.6.3 Stakeholder s liability} subchapters. 16 (altogether: 28)

17 5 Requirements for operation 5.1 Regulation and publication of the time stamping service Regulation of the time stamping service The Service Provider s IT system supporting its time stamping service, the authentic time signal used in the time stamps are ensured by the infrastructure described in {5.3.2 Clock synchronization with the UTC}. Service Provider publishes the conditions, tariffs and technical conditions of its time stamping service on the internet site. On this site also the signing certificate of the time stamping unit(s) and the relevant CRL are available for downloading. The other details of publication are given in {5.1.2 Publication of the time stamping service} subchapter. Further regulatory issues of the time stamping service are addressed in the IBSzSz [6] regulation Publication of the time stamping service Service Provider publishes the effective version of its Time Stamping Policy of the time stamping service on the internet site. Further contractual documents on the service (ÁSZF, IBSzSz) are also available on this site. Furthermore, on the above site the Service Provider also publishes the certificates of the time stamping units and the RootCA 2011 certificate of the certifying Magyar Telekom. Other information concerning the time stamping service: a) The Service Provider can be reached through the Time Stamping Organization. Further details are contained in {1.3 The Service Provider} subchapter. b) This Time Stamping Policy document can be identified with the OID number on the cover page. Further details are contained in the {1.6 Availability, identification of the TSP} subchapter. 17 (altogether: 28)

18 c) The hash algorithm applicable in the context of the service: the algorithm provided by the effective NMHH resolution. d) Validity time of the Service Provider s time stamp signing key: 5 years, provided that the key is not compromised during that time. e) Accuracy of the time on the time stamp: UTC ± 500 milliseconds (maximum variation). f) Conditions of using the time stamping service: - technical conditions: Subscriber must have the required software application and communication connection. Further details are given in the {5.1.1 Regulation of the time stamping service} subchapter and - legal, commercial conditions: as specified in the {2.3 Endusers} and {4 Obligations and liability} subchapters. g) Subscriber s obligations: Subscriber shall comply with the contractual conditions of using the service, ensure the necessary technical conditions and pay the fees of the service. Further details are contained in {4.2 The Service Provider} subchapter. h) Obligations of the stakeholder: the stakeholder is recommended to make the necessary controls before acting in reliance on the time stamp. Further details are given in {4.3Recommendations concerning the stakeholder}. i) Length of keeping the time stamping service files: for 10 years from the date of their origination or, in case of legal dispute, until closure of the procedure the Service Provider will keep the log files. j) Limitation of the Service Provider s liability: for details see the {4.4 Liability} subchapter. k) Settlement of complaints and legal disputes: complaints may be submitted to the qualified Time Stamping organization of the Service Provider. More details are contained in the ÁSzF [8]. l) External independent auditing organizations: 18 (altogether: 28)

19 5.2 Key management - National Media and Infocommunications Authority (Trusted Supervision), - External independent auditing organization Generation of the signing key of the time stamping service In the respect of key management the Service Provider will provide for the enforcement of the physical, procedural and personal security precautionary measures complying with the known standards, as well as the relevant administrative and management procedures. The details are given in the IBSzSz [6] {6 Technical security precautionary measures} subchapter. The keys of the Time Stamping Organization are generated according to the FIPS standard at level 3, or in the CC EAL 4 tested cryptographic module (Hardware Security Module, hereafter: HSM). The own keys of the time stamping units serving the time stamping service of the Service Provider are generated in the cryptographic module (HSM) and stay in the HSM through their entire life cycle. He cryptographic modules of the time stamping units of the Service Provider comply with the specification given in section of the EU standard [4] Protection of the Service Provider s private key The protection of the Service Provider s private key is in compliance with the requirements for qualified time stamping service providers. More detailed specifications are given in IBSzSz [6] {6.2 Protection of the Service Provider s private keys and requirements for cryptographic modules} subchapter Publication of the Service Provider s public key The validity and reliability of the certificates issued for the TSUs is supervised by the Service Provider throughout the entire chain before importing them into the timestamp units. The certificates of the time stamping unit(s) is available on the website. 19 (altogether: 28)

20 5.2.4 Validity of the Service Provider s key The validity time of the Service Provider s key is 5 years. The period of use of the Service Provider s keys is specified in IBSzSz [6] {6.3.1 Period of use of the certificates and the key pairs} subchapter, and the archivation of the keys is specified in the IBSzSz [6] {6.2.4 Private key archivation} subchapter Ending the use of the Service Provider s key After the expiry of the validity time of the key, the key will be destroyed in compliance with the procedure described in IBSzSz [6] {6.2.9 Method of destruction of the private key}, and the Service Provider will generate new key in accordance with the procedure described in {6.1.1 Key pair generation}. If the Service Provider s key is compromised during its validity time, the Service Provider will provide for immediate revocation of the certificate, immediate destruction of the key and the generation of a new key Life cycle of the HSM unit The delivery, storage and installation of the Service Provider s HSM units shall be done with the observance of strict physical and personnel security measures. The most important facts, properties established in the control, testing and evaluation of the HSM modules are entered in the certificate of the asset. The Service Provider describes the most important security and other requirements concerning the operation of the equipment in the {5.4 Operation and management of the time stamping service} subchapter Time stamping service Time stamp profile The Service Provider ensures the secure issue of the time stamps and the accuracy of the data on the time stamp. The time stamp profile on the basis of the standards [4] and [7] contains the following: Field name Value or rule Version Technical ID of the Service Provider s time stamping service: Magyar Telekom TSA v1.0 so the value of the field is: v (altogether: 28)

21 Version The hash algorithm approved in the time stamp Regulation ID that can be named in the time stamp request (OID) Length of the random number (nonce) shown in the time stamp request Can the service provider s certificate be requested in the time stamp request (certreq) Accuracy Arrangement Regulation ID that can be named in the time stamp request (OID) Hash algorithm used in the time stamp response Signing algorithm used in the time stamp response Time resolution of the time stamp response (gentime) UTC max offset value of the time stamp service Supported access protocol Use of store and forward protocol Size of serial number Unique serial number SHA-256, SHA-384, SHA-512 It is not compulsory to specify, but if specified its value will be identical with the regulation ID specified in the time stamp response. 64 bit Yes 500 milliseconds False The value of the field is the TSP ID effective at the date of issue of the time stamp SHA-256, SHA-384, SHA-512 RSA 0,001 second 500 milliseconds HTTPS Not supported Dynamic length The Service Provider generates a unique serial number, the uniqueness of which serial numbering survives even the eventual interruption of the service. In addition to the above, the content structure of the time stamp satisfies the following requirements: - The time shown on the time stamp is provided by a time base taken from several independent sources, which thus only allows maximum UTC ± 500 milliseconds variation. - the internal clock signal was verified by an expert committee at the start of the time stamping system, with the help of an independent reference time source, - the authenticity of the internal clock is ensured through a GPS unit with external UTC time bases and with synchronization with the Magyar Telekom time base during operation, - the Service Provider signs the time stamp exclusively with the signing key issued for the purpose of time stamping, 21 (altogether: 28)

22 - the time stamp contains the field of the owner of the signing certificate Clock synchronization with the UTC Service Provider ensures that the time data used for the time stamping service are synchronized with the UTC and that its variation from the UTC does not exceed the specified value. The Service Provider s system providing the time signal (Trusted Time Infrastructure, hereafter: TTI ) is established as an integral part of the existing infrastructure of Magyar Telekom. The TTI system established by the Service Provider is a hierarchic time signal supply infrastructure, one of the time sources of which is the reference oscillator (atomic clock) of Magyar Telekom. The levels of the TTI system are the following: - The server at the highest level of the hierarchy synchronizes the reference time to the GPS satellites (which radiate the signal with 1 microsecond accuracy) then, after reaching the synchronized time signal, it adjusts to the high precision synchronous signal provided by the atomic clock of Magyar Telekom. The server to be found at this level continuously logs every event, which is important in case of alert or for the operation of the system. - The firewalls of the time stamping system synchronize with the top level ntp servers (ntp.telekom.intra infrastructure) after key authentication. - At the third level of the hierarchy is the Service Provider unit which, similarly to the first two levels, provides for the generation of the time stamps after time audit and time calibration. The Service Provider unit may divert from the time signal provided by the time server by maximum 500 milliseconds. In case of 500 milliseconds or more diversion the time stamp requests will be rejected as long as the entire system is not synchronized again with the time of the time servers. - The time stamping servers take accurate time signals twice a day which the system precisely logs. The TTI system is placed in geo-redundant manner in high security data centers protected from physical intrusion. 5.4 Operation and management of the time stamping service The Service Provider provides for the enforcement of appropriate physical, procedural and personal security precautionary measures complying with the known standards, as well as the relevant administrative and management procedures. 22 (altogether: 28)

23 5.4.1 Security precautionary measures The relevant security requirements are determined in the IBSzSz [6] {6 Technical security precautionary measures} subchapter Classification of components The Service Provider provides for the exposure classification of the IT system and system components supporting the time stamping service, and for their the appropriate protection according to the classification. The classification of the components and the determination of the risk factors are specified in the Service Provider s document entitled Analysis of risks in the qualified time stamping service system of Magyar Telekom Personnel precautionary measures The personnel requirements of the Service Provider s service are specified in the IBSzSz [6] document {5.2 Procedural precautionary measures} and {5.3 Requirements concerning the personnel} Physical precautionary measures The physical precautionary measures of the time stamping service are described in the IBSzSz [6] document {5.1 Physical requirements} subchapter Operation Service Provider ensures that the IT system and the system components supporting the time stamping service are operated in compliance with appropriately developed rules of operation and other technical documentations, securely and without minimum risk of failure. The detailed descriptions of the operation are given in the Service Provider s internal regulatory documents Management of access authorizations Service Provider ensures that only authorized persons access the IT system supporting the time stamping service. Exclusively authorized personnel may carry out the interventions into the system and any other administrator, installation operations. The management of the authorizations is regulated in the Service Provider s internal regulations. 23 (altogether: 28)

24 5.4.7 Installation, maintenance of the system The installation of the IT system supporting the time stamping service was implemented under the strict supervision of the Service Provider, according to the relevant administration and personnel security measures. In addition to the above, the Service Provider ensures the continuous monitoring, maintenance of the system and repair of the eventual failures. Each change is recorded in the configuration log files. Without the permission of the Service Provider the system and its components may not be reconfigured or the functions of the components changed Business continuity of the time stamping service The Service Provider takes every action necessary to ensure the continuous operation of the time stamping service. The Service Provider has business continuity plan and/or disaster recovery plan which determine the tasks of the Service Provider in case of unexpected events or an eventual disaster. The Service Provider ensures the continuous availability of the time stamping service on the basis of 45 (1) of BM regulation no. 24/2016. ()VI.30 at annual level it guarantees 99.5% availability rate. The occasional service outage may not exceed 3 hours in length Stopping the operation of the Service Provider The Service Provider can end its operation in the following cases: - On the decision of the management body of the Service Provider - On the decision of the authority. The operation of the Service Provider will be stopped in the manner and steps described in the document IBSzSz [6] {5.7 Stopping the time stamping service provider or organization} Regulatory compliance The regulations concerning the time stamping service of the Service Provider are given in the {1.5 Standards and regulatory compliance} subchapter (altogether: 28)

25 Recording of the data connected with the time stamping service During its operation the IT system supporting the Service Provider s time stamping service logs at least the following data: - accesses of the system and messages important for the operation system, - events affecting the configuration of the system components, change of the system, interventions, - communication with local and external time sources and time variation. 5.5 Organization structure In the Magyar Telekom Nyrt. organization the organizations involved in the Service Provider s time stamping service go under the following names: - Time stamping organization: Magyar Telekom Nyrt. Technology platform branch, Database and ISP services department, PKI group, - Also involved in the provision of the service are the Technology platform branch, Database and ISP services department ISP group, as operator of the time signal service. 25 (altogether: 28)

26 6 Signs, abbreviations and definitions The document carries the following signs and abbreviations: TSP: Time Stamping Policy, ISzSz: Time Stamping Service Contract, ÁSzF (GTC): General Terms and Conditions of Contract, IBSzSz: Magyar Telekom Time Stamping Service Regulations OID: Object Identifier (specific document identifier), UTC: Coordinated Universal Time, time base according to the ITU-R TF460-5 recommendation, HSM: Hardware Security Module, Cryptographic unit, TTI: Trusted Time Infrastructure (time signal service infrastructure), { } between these marks reference is made to a given chapter / subchapter of a document. [ ] between these marks document reference numbers are given, see: {7 References} subchapter. Service Provider uses the terms given in the TSP in the following meaning: activation data Term electronic documents subscriber stakeholder recipient party (accepting party) Time Stamping Service Regulations Time stamp time stamping service provider Definition (explanation) data needed for the operation of the cryptographic module that need to be protected (e.g. PIN code, passphrase or manually handled set of keys) a set of data interpreted through an electronic device In case of the time stamping service, the user. recipient of the electronic document who acts in reliance on a given time stamp recipient of the electronic document who acts in reliance on a given time stamp Pursuant to Article 1 of Act CCXXII of 2005 the trust service provider s statement on the detailed procedural or other operating requirements connected with the provision of certain trust services data permanently linked to or logically connected with an electronic document that certifies that the electronic document existed in the same form at the time of placing the time stamp a trust service provider that provide time stamping service 26 (altogether: 28)

27 cryptographic key certificate publication of certificate revocation status certificate revocation list Revocation registers (certificate revocation register) time stamping policy enduser a unique string of signals that controls cryptographic transformation which is needed for performance of the cryptographic transformation, in particular for the creation or verification of electronic signature For the time stamping service the certificates of the time stamping service providers. For the time stamping service information supply to the recipient party on revocation of time stamping certificates. The service can be provided real time or must be based on information updated in predefined intervals. For the time stamping service the electronic list containing the IDs of time stamping certificates revoked for any reason, e.g. invalidated, that is issued by the service provider For the time stamping service the registers of certificates suspended or revoked which contain at least the fact of suspension or revocation and the time of suspension or revocation a set of rules in which the service provider, user or other person (organization) defines the conditions of using a time stamp for a group of users with some common security requirements, or for specified applications the subscriber, the recipient party and the stakeholder 27 (altogether: 28)

28 7 References In this TSP the Service Provider makes reference to the following documents: [1] Regulation (EU) no 910/2014 (23 July 2014) on electronic identification and trust services for electronic transactions in the internal market [2] Act CCXXII of 2015 on the general rules of electronic administration and trust services, [3] Decree 24/2016. (VI.30) BM on the detailed requirements for trust services and their providers, [4] ETSI EN EU standard: Policy and Security Requirements for Trust Service Providers issuing Time-Stamps, [5] IETF RFC 3161 Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP), [6] Magyar Telekom Time Stamping Service Regulations (IBSzSz) --- MAGYAR TELEKOM NYRT. [7] ETSI EN EU standard: Time-stamping protocol and time-stamp token profiles [8] Magyar Telekom Qualified Times Stamping Service General Terms and Conditions of Contract (ÁSzF (GTC) --- Magyar Telekom Nyrt., [9] Magyar Telekom Time Stamping Service Agreement - short name Service Agreement (ISzSz). 28 (altogether: 28)

Similar documents

DIGITALSIGN - CERTIFICADORA DIGITAL, SA.

DIGITALSIGN - CERTIFICADORA DIGITAL, SA. DIGITALSIGN - CERTIFICADORA DIGITAL, SA. TIMESTAMP POLICY VERSION 1.1 21/12/2017 Page 1 / 18 VERSION HISTORY Date Edition n.º Content 10/04/2013 1.0 Initial drafting 21/12/2017 1.1 Revision AUTHORIZATIONS

More information

Trust Services Practice Statement

Trust Services Practice Statement Trust Services Practice Statement TrustWeaver AB V. 1.2 PUBLIC Page 1 IMPORTANT LEGAL NOTICE Copyright 2016, TrustWeaver AB. All rights reserved. This document contains TrustWeaver AB proprietary information,

More information

QUICKSIGN Registration Policy

QUICKSIGN Registration Policy QUICKSIGN Registration Policy Amendment to DOCUSIGN FRANCE s Certificate Policy for using the QUICKSIGN platform as a registration service to identify Subscribers September 27, 2016 QUICKSIGN_Registration_Policy_V1.0

More information

Disclosure text - PDS (PKI Disclosure Statement) for electronic signature and authentication certificates

Disclosure text - PDS (PKI Disclosure Statement) for electronic signature and authentication certificates Disclosure text - PDS (PKI Disclosure Statement) for electronic signature and authentication certificates Index INDEX... 2 1. DISCLOSURE TEXT APPLICABLE TO NATURAL PERSON CERTIFICATES ISSUED ON QSCD...

More information

CertDigital Certification Services Policy

CertDigital Certification Services Policy CertDigital Certification Services Policy Page: 2 ISSUED BY : DEPARTAMENT NAME DATE ELECTRONIC SERVICES COMPARTMENT COMPARTMENT CHIEF 19.03.2011 APPROVED BY : DEPARTMENT NAME DATE MANAGEMENT OF POLICIES

More information

SSL Certificates Certificate Policy (CP)

SSL Certificates Certificate Policy (CP) SSL Certificates Last Revision Date: February 26, 2015 Version 1.0 Revisions Version Date Description of changes Author s Name Draft 17 Jan 2011 Initial Release (Draft) Ivo Vitorino 1.0 26 Feb 2015 Full

More information

Certipost e-timestamping. Time-Stamping Authority Policy. Version 1.0. Effective date

Certipost e-timestamping. Time-Stamping Authority Policy. Version 1.0. Effective date Version 1.0 Effective date 01 09 2008 Object Identification Number (OID) 0.3.2062.7.1.6.2.1.0 Certipost NV ALL RIGHTS RESERVED. 2 23 Contents CONTENTS... 2 INTELLECTUAL PROPERTY RIGHTS... 4 FOREWORD...

More information

CERTIFICATE POLICY CIGNA PKI Certificates

CERTIFICATE POLICY CIGNA PKI Certificates CERTIFICATE POLICY CIGNA PKI Certificates Version: 1.1 Effective Date: August 7, 2001 a Copyright 2001 CIGNA 1. Introduction...3 1.1 Important Note for Relying Parties... 3 1.2 Policy Identification...

More information

TIME STAMP POLICY (TSA)

TIME STAMP POLICY (TSA) TIME STAMP POLICY (TSA) Reference: IZENPE-DPTSA Version Num.: v 1.1 Date: 20 Feb 2018 IZENPE This document is owned by IZENPE. It may only be wholly reproduced Table of Contents Content 1 Introduction

More information

Digital Signatures Act 1

Digital Signatures Act 1 Issuer: Riigikogu Type: act In force from: 01.07.2014 In force until: 25.10.2016 Translation published: 08.07.2014 Digital Signatures Act 1 Amended by the following acts Passed 08.03.2000 RT I 2000, 26,

More information

ING Public Key Infrastructure Technical Certificate Policy

ING Public Key Infrastructure Technical Certificate Policy ING Public Key Infrastructure Technical Certificate Policy Version 5.4 - November 2015 Commissioned by ING PKI Policy Approval Authority (PAA) Additional copies Document version General Of this document

More information

EXBO e-signing Automated for scanned invoices

EXBO e-signing Automated for scanned invoices EXBO e-signing Automated for scanned invoices Signature Policy Document OID: 0.3.2062.7.2.1.12.1.0 Approval Status: Approved Version: 1.0 Page #: 1 of 13 1. Introduction 1.1. Scope This document covers

More information

Policy and Practice Statement DigiSign Time-Stamping Authority

Policy and Practice Statement DigiSign Time-Stamping Authority Policy and Practice Statement DigiSign Time-Stamping Authority Qualified Electronic Time-Stamps compliant with eidas Regulation and national legislation Category: Public Document Language: English Written

More information

DECISION OF THE EUROPEAN CENTRAL BANK

DECISION OF THE EUROPEAN CENTRAL BANK L 74/30 Official Journal of the European Union 16.3.2013 DECISIONS DECISION OF THE EUROPEAN CENTRAL BANK of 11 January 2013 laying down the framework for a public key infrastructure for the European System

More information

ING Corporate PKI G3 Internal Certificate Policy

ING Corporate PKI G3 Internal Certificate Policy ING Corporate PKI G3 Internal Certificate Policy Version 1.0 March 2018 ING Corporate PKI Service Centre Final Version 1.0 Document information Commissioned by Additional copies of this document ING Corporate

More information

SPECIFIC CERTIFICATION PRACTICES AND POLICY OF

SPECIFIC CERTIFICATION PRACTICES AND POLICY OF SPECIFIC CERTIFICATION PRACTICES AND POLICY OF CERTIFICATES OF REPRESENTATIVES OF LEGAL ENTITIES AND OF INSTITUTIONS WITH NO LEGAL ENTITY FROM THE AC REPRESENTACIÓN NAME DATE Prepared by: FNMT-RCM / v1.5

More information

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS

More information

ISO/IEC TR Information technology Security techniques Guidelines for the use and management of Trusted Third Party services

ISO/IEC TR Information technology Security techniques Guidelines for the use and management of Trusted Third Party services This is a preview - click here to buy the full publication TECHNICAL REPORT ISO/IEC TR 14516 First edition 2002-06-15 Information technology Security techniques Guidelines for the use and management of

More information

CERTIFICATION PRACTICE STATEMENT OF KIR for TRUSTED NON-QUALIFIED CERTIFICATES

CERTIFICATION PRACTICE STATEMENT OF KIR for TRUSTED NON-QUALIFIED CERTIFICATES Krajowa Izba Rozliczeniowa S.A. CERTIFICATION PRACTICE STATEMENT OF KIR for TRUSTED NON-QUALIFIED CERTIFICATES Version 1.6 Document history Version number Status Date of issue 1.0 Document approved by

More information

eidas Workshop Return on Experience from Conformity Assessment Bodies - EY June 13, 2016 Contacts: Arvid Vermote

eidas Workshop Return on Experience from Conformity Assessment Bodies - EY June 13, 2016 Contacts: Arvid Vermote eidas Workshop Return on Experience from Conformity Assessment Bodies - EY June 13, 2016 Contacts: Arvid Vermote arvid.vermote@be.ey.com EY eidas Certification scheme Scheme EY CertifyPoint B.V. is currently

More information

The Common Controls Framework BY ADOBE

The Common Controls Framework BY ADOBE The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.

More information

As used in these Rules and unless the context otherwise requires: CMIC shall refer to the Capital Markets Integrity Corporation.

As used in these Rules and unless the context otherwise requires: CMIC shall refer to the Capital Markets Integrity Corporation. Section 1. Short Title These Rules may be cited as the DMA Rules. Section 2. Definition of Terms As used in these Rules and unless the context otherwise requires: Algorithmic Trading shall mean the use

More information

Certipost E-Trust Services. Certificate Policy. for Normalized E-Trust Physical and Legal Persons. Version 1.1. Effective date 12 January 2011

Certipost E-Trust Services. Certificate Policy. for Normalized E-Trust Physical and Legal Persons. Version 1.1. Effective date 12 January 2011 Certipost E-Trust Services Version 1.1 Effective date 12 January 2011 Object Identification Number (OID) 0.3.2062.7.1.1.200.1 Certipost NV ALL RIGHTS RESERVED. 2 17 for Normalised E-Trust Certificates

More information

EUROPEAN STANDARD Electronic Signatures and Infrastructures (ESI); Time-stamping protocol and time-stamp token profiles

EUROPEAN STANDARD Electronic Signatures and Infrastructures (ESI); Time-stamping protocol and time-stamp token profiles Final draft EN 319 422 V1.1.0 (2015-12) EUROPEAN STANDARD Electronic Signatures and Infrastructures (ESI); Time-stamping protocol and time-stamp token profiles 2 Final draft EN 319 422 V1.1.0 (2015-12)

More information

Afilias DNSSEC Practice Statement (DPS) Version

Afilias DNSSEC Practice Statement (DPS) Version Afilias DNSSEC Practice Statement (DPS) Version 1.07 2018-02-26 Page 1 of 8 1. INTRODUCTION 1.1. Overview This document was created using the template provided under the current practicing documentation.

More information

Trust Service Provider Technical Best Practices Considering the EU eidas Regulation (910/2014)

Trust Service Provider Technical Best Practices Considering the EU eidas Regulation (910/2014) Trust Service Provider Technical Best Practices Considering the EU eidas Regulation (910/2014) This document has been developed by representatives of Apple, Google, Microsoft, and Mozilla. Document History

More information

Belgian Certificate Policy & Practice Statement for eid PKI infrastructure Foreigner CA

Belgian Certificate Policy & Practice Statement for eid PKI infrastructure Foreigner CA Belgian Certificate Policy & Practice Statement for eid PKI infrastructure Foreigner CA OID: 2.16.56.1.1.1.7 2.16.56.9.1.1.7 2.16.56.10.1.1.7 2.16.56.12.1.1.7 Company: Certipost Version: 3.0 Status : FINAL

More information

Certification Policy of CERTUM s Certification Services Version 4.0 Effective date: 11 August 2017 Status: archive

Certification Policy of CERTUM s Certification Services Version 4.0 Effective date: 11 August 2017 Status: archive Certification Policy of CERTUM s Certification Services Version 4.0 Effective date: 11 August 2017 Status: archive Asseco Data Systems S.A. Podolska Street 21 81-321 Gdynia, Poland Certum - Powszechne

More information

Volvo Group Certificate Practice Statement

Volvo Group Certificate Practice Statement Volvo Group PKI Documentation Volvo Group Certificate Practice Statement Document name: Volvo Group Certificate Policy Statement Document Owner: Volvo Group AB Corporate Process & IT Issued by: Volvo Group

More information

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.10 Effective Date: June 10, 2013

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.10 Effective Date: June 10, 2013 Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.10 Effective Date: June 10, 2013 Table of Contents 1. Introduction... 5 1.1. Trademarks... 5

More information

Validation Policy r tra is g e R ANF AC MALTA, LTD

Validation Policy r tra is g e R ANF AC MALTA, LTD Maltese Registrar of Companies Number C75870 and VAT number MT ANF AC MALTA, LTD B2 Industry Street, Qormi, QRM 3000 Malta Telephone: (+356) 2299 3100 Fax:(+356) 2299 3101 Web: www.anfacmalta.com Security

More information

ETSI TR V1.1.1 ( )

ETSI TR V1.1.1 ( ) TR 119 400 V1.1.1 (2016-03) TECHNICAL REPORT Electronic Signatures and Infrastructures (ESI); Guidance on the use of standards for trust service providers supporting digital signatures and related services

More information

RULEBOOK ON NUMBER PORTABILITY FOR SERVICES PROVIDED VIA PUBLIC MOBILE COMMUNICATIONS NETWORKS

RULEBOOK ON NUMBER PORTABILITY FOR SERVICES PROVIDED VIA PUBLIC MOBILE COMMUNICATIONS NETWORKS Pursuant to Article 8, paragraph 1, item 1), and Article 79, paragraph 6 of the Law on Electronic Communications ( Official Gazette of RS, nos. 44/10, 60/13-CC Dec. and 62/14) and in regard to the Numbering

More information

Richemont DNS Inc. DNS Practice Statement for the PANERAI Zone. Version 0.2

Richemont DNS Inc. DNS Practice Statement for the PANERAI Zone. Version 0.2 Richemont DNS Inc. DNS Practice Statement for the PANERAI Zone Version 0.2 1 Table of contents 1 INTRODUCTION...6 1.1 Overview... 6 1.2 Document Name and Identification... 6 1.3 Community and Applicability...

More information

FOR QTSPs BASED ON STANDARDS

FOR QTSPs BASED ON STANDARDS THE EU CYBER SECURITY AGENCY FOR QTSPs BASED ON STANDARDS Technical guidelines on trust services DECEMBER 2017 About ENISA The European Union Agency for Network and Information Security (ENISA) is a centre

More information

Certification Practice Statement

Certification Practice Statement SWIFT SWIFT Qualified Certificates Certification Practice Statement This document applies to SWIFT Qualified Certificates issued by SWIFT. This document is effective from 1 July 2016. 17 June 2016 SWIFT

More information

Apple Inc. Certification Authority Certification Practice Statement. Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA

Apple Inc. Certification Authority Certification Practice Statement. Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA Apple Inc. Certification Authority Certification Practice Statement Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA Version 4.0 Effective Date: September 18, 2013 Table of Contents

More information

X.509 Certificate Policy for the New Zealand Government PKI RSA Individual - Software Certificates (Medium Assurance)

X.509 Certificate Policy for the New Zealand Government PKI RSA Individual - Software Certificates (Medium Assurance) X.509 Certificate Policy for the New Zealand Government PKI RSA Individual - Software Certificates (Medium Assurance) Version 0.7 Mar-17 Notice to all parties seeking to rely Reliance on a Certificate

More information

EUROPEAN STANDARD Electronic Signatures and Infrastructures (ESI); Time-stamping protocol and time-stamp profiles

EUROPEAN STANDARD Electronic Signatures and Infrastructures (ESI); Time-stamping protocol and time-stamp profiles Draft EN 319 422 V1.0.0 (2015-06) EUROPEAN STANDARD Electronic Signatures and Infrastructures (ESI); Time-stamping protocol and time-stamp profiles 2 Draft EN 319 422 V1.0.0 (2015-06) Reference DEN/ESI-0019422

More information

Avira Certification Authority Policy

Avira Certification Authority Policy Avira Certification Authority Policy Version: 1.0 Status: Draft Updated: 2010-03-09 Copyright: Avira GmbH Author: omas Merkel Introduction is document describes the Certification Policy (CP) of Avira Certification

More information

ON THE PROVISION OF CERTIFICATES FOR WEBSITE AUTHENTICATION BY BORICA AD

ON THE PROVISION OF CERTIFICATES FOR WEBSITE AUTHENTICATION BY BORICA AD POLICY ON THE PROVISION OF CERTIFICATES FOR WEBSITE AUTHENTICATION BY BORICA AD (B-Trust QCP-eIDAS Web SSL) Version 1.0 Effective date: July 1, 2018 Document history Version Author (s) Date Status Comment

More information

ACGISS Public Employee Certificates

ACGISS Public Employee Certificates ACGISS Public Employee Certificates Certification policy V 2.0.1 (February 2017) Social Security IT Department c/ Doctor Tolosa Latour s/n 28041 Madrid Change control Version Observations Date 1.0 Original

More information

Digi-Sign Certification Services Limited Certification Practice Statement (OID: )

Digi-Sign Certification Services Limited Certification Practice Statement (OID: ) Digi-Sign Certification Services Limited Certification Practice Statement (OID: 1.3.6.1.4.1.8420.1.3.6) In support of Digi-Sign CA as a Recognized Certification Authority December 2015 Copyright and Patent

More information

ACCV Certification Practice Statement (CPS)

ACCV Certification Practice Statement (CPS) (CPS) Date: 20/05/2017 Version: 4.0.1 Estado: APPROVED No. of pages: 56 OID: 1.3.6.1.4.1.8149.2.4.0 Classification: PUBLIC File: ACCV-CPS-V4.0-EN-2017.doc Prepared by: Agencia de Tecnología y Certificación

More information

Time-Stamping Authority. Policy and Practice Statement. exceet Secure Solutions GmbH

Time-Stamping Authority. Policy and Practice Statement. exceet Secure Solutions GmbH Time-Stamping Authority Policy and Practice Statement exceet Secure Solutions GmbH Author: exceet Secure Solutions GmbH, J. Krumm exceet Secure Solutions GmbH, A. Kotte exceet Secure Solutions GmbH, P.

More information

Certification Practice Statement

Certification Practice Statement Contents 1. Outline 1 Certification Practice Statement Ver. 1.6 Dec 2013 1.1 Background & Purpose 1 1.1.1 Electronic Signature Certification System 1 1.1.2 Certification Practice Statement 1 1.1.3 Introduction

More information

Hohenstein Laboratories GmbH & Co. KG Schloss Hohenstein Boennigheim Germany

Hohenstein Laboratories GmbH & Co. KG Schloss Hohenstein Boennigheim Germany Certification Body Products Hohenstein Laboratories GmbH & Co. KG Schloss Hohenstein 74357 Boennigheim Germany File: APPLICATION for award of the GS safety mark for a HuPF assessment (for products) for

More information

IFY e-signing Automated for scanned invoices

IFY e-signing Automated for scanned invoices IFY e-signing Automated for scanned invoices Signature Policy Document OID: 0.3.2062.7.2.1.13.1.0 Approval Status: Approved Version: 1.0 Page #: 1 of 13 1. Introduction 1.1. Scope This document covers

More information

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.18 Effective Date: August 16, 2017 Table of Contents 1. Introduction... 5 1.1. Trademarks...

More information

Certification Practice Statement certsign SSL EV CA Class 3. for SSL EV Certificates. Version 1.0. Date: 31 January 2018

Certification Practice Statement certsign SSL EV CA Class 3. for SSL EV Certificates. Version 1.0. Date: 31 January 2018 Certification Practice Statement certsign SSL EV CA Class 3 for SSL EV Certificates Version 1.0 Date: 31 January 2018 1 Important Notice This document is property of CERTSIGN SA Distribution and reproduction

More information

Sándor Szőke, Dr. Microsec Ltd. Migration of national PKI Services to eidas conformant Trust Services case study in Hungary

Sándor Szőke, Dr. Microsec Ltd. Migration of national PKI Services to eidas conformant Trust Services case study in Hungary Sándor Szőke, Dr. Microsec Ltd. Migration of national PKI Services to eidas conformant Trust Services case study in Hungary Introduction Private Hungarian IT company since 1984 Custom specific IT system

More information

ZETES TSP QUALIFIED CA

ZETES TSP QUALIFIED CA ZETES TSP QUALIFIED CA Certification Practice Statement for the ZETES TSP Qualified CA Publication date : 17/05/2017 Effective date : 22/05/2017 Document OID : 1.3.6.1.4.1.47718.2.1.1.2 Version : 1.2 21/04/2017

More information

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure 1.0 INTRODUCTION 1.1 Overview The Federal Reserve Banks operate a public key infrastructure (PKI) that manages

More information

Apple Inc. Certification Authority Certification Practice Statement

Apple Inc. Certification Authority Certification Practice Statement Apple Inc. Certification Authority Certification Practice Statement Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA Apple Application Integration - G3 Sub-CA Version 6.3 Effective

More information

PEFC N 04 Requirements for certification bodies and accreditation bodies

PEFC N 04 Requirements for certification bodies and accreditation bodies PEFC N 04 Requirements for certification and accreditation Organisation Articles of Association for PEFC Norway Forest certification PEFC N 01 Norwegian PEFC certification system for sustainable forestry

More information

Information Security Policy

Information Security Policy April 2016 Table of Contents PURPOSE AND SCOPE 5 I. CONFIDENTIAL INFORMATION 5 II. SCOPE 6 ORGANIZATION OF INFORMATION SECURITY 6 I. RESPONSIBILITY FOR INFORMATION SECURITY 6 II. COMMUNICATIONS REGARDING

More information

APPROVAL PROCESS TO BE FOLLOWED FOR PROVISIONAL ACCREDITATION OF CBs UNDER FM CERTIFICATION SCHEME

APPROVAL PROCESS TO BE FOLLOWED FOR PROVISIONAL ACCREDITATION OF CBs UNDER FM CERTIFICATION SCHEME APPROVAL PROCESS TO BE FOLLOWED FOR PROVISIONAL ACCREDITATION OF CBs UNDER FM CERTIFICATION SCHEME Contents Scope... 3 A. Application for the Notification of the Certification Body... 3 B. Approval from

More information

Apple Inc. Certification Authority Certification Practice Statement

Apple Inc. Certification Authority Certification Practice Statement Apple Inc. Certification Authority Certification Practice Statement Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA Apple Application Integration - G3 Sub-CA Version 6.2 Effective

More information

CORPME TRUST SERVICE PROVIDER

CORPME TRUST SERVICE PROVIDER CORPME TRUST SERVICE PROVIDER QUALIFIED CERTIFICATE OF ADMINISTRATIVE POSITION USE LICENSE In..,.. 20... Mr/Mrs/Ms/Miss.........., with DNI/NIF/National Passport nº., e-mail........., phone number....,

More information

(1) Jisc (Company Registration Number ) whose registered office is at One Castlepark, Tower Hill, Bristol, BS2 0JA ( JISC ); and

(1) Jisc (Company Registration Number ) whose registered office is at One Castlepark, Tower Hill, Bristol, BS2 0JA ( JISC ); and SUB-LRA AGREEMENT BETWEEN: (1) Jisc (Company Registration Number 05747339) whose registered office is at One Castlepark, Tower Hill, Bristol, BS2 0JA ( JISC ); and (2) You, the Organisation using the Jisc

More information

Apple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

Apple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc. Apple Inc. Certificate Policy and Certification Practice Statement Version 1.0 Effective Date: March 12, 2015 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2. Table of acronyms... 4 1.3.

More information

Testing and Certification Regulations For an SA8000 Applicant Status Certification

Testing and Certification Regulations For an SA8000 Applicant Status Certification TSSA_CCU_43 a 1 of 5 Testing and Regulations 1. General Terms and Conditions 1.1. These Testing and Regulations apply to auditing and certification by TÜV SÜD South Asia Pvt. Ltd. (hereinafter referred

More information

Entrust SSL Web Server Certificate Subscription Agreement

Entrust SSL Web Server Certificate Subscription Agreement Entrust SSL Web Server Certificate Subscription Agreement ATTENTION - READ CAREFULLY: THIS SUBSCRIPTION AGREEMENT (THIS "AGREEMENT") IS A LEGAL CONTRACT BETWEEN THE PERSON, ENTITY, OR ORGANIZATION NAMED

More information

Public Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman

Public Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman Public Key Infrastructure PKI National Digital Certification Center Information Technology Authority Sultanate of Oman Agenda Objectives PKI Features etrust Components Government eservices Oman National

More information

Minimum Requirements For The Operation of Management System Certification Bodies

Minimum Requirements For The Operation of Management System Certification Bodies ETHIOPIAN NATIONAL ACCREDITATION OFFICE Minimum Requirements For The Operation of Management System Certification Bodies April 2011 Page 1 of 11 No. Content Page 1. Introduction 2 2. Scope 2 3. Definitions

More information

Checklist According to ISO IEC 17065:2012 for bodies certifying products, process and services

Checklist According to ISO IEC 17065:2012 for bodies certifying products, process and services Name of Certifying Body Address of Certifying Body Case number Date of assessment With several locations Yes No Assessed locations: (Name)/Address: (Name)/Address: (Name)/Address: Assessed area (technical

More information

e-authentication guidelines for esign- Online Electronic Signature Service

e-authentication guidelines for esign- Online Electronic Signature Service e-authentication guidelines for esign- Online Electronic Signature Service (Issued under Electronic Signature or Electronic Authentication Technique and Procedure Rules, 2015) Version 1.3 April 2017 Controller

More information

ADIENT VENDOR SECURITY STANDARD

ADIENT VENDOR SECURITY STANDARD Contents 1. Scope and General Considerations... 1 2. Definitions... 1 3. Governance... 2 3.1 Personnel... 2 3.2 Sub-Contractors... 2 3.3. Development of Applications... 2 4. Technical and Organizational

More information

Regulations for Compulsory Product Certification

Regulations for Compulsory Product Certification Regulations for Compulsory Product Certification Chapter I General Provisions Article 1 Based on relevant laws and regulations covering product safety licensing and product quality certification so as

More information

Certificate Policy (ETSI EN ) Version 1.1

Certificate Policy (ETSI EN ) Version 1.1 Certificate Policy (ETSI EN 319 411-2) Version 1.1 IDnow GmbH Auenstr. 100 80469 Munich 09.06.2017 IDnow Certificate Policy (ETSI EN 319 411-2) Version 1.1 Date 09.06.2017 Author Armin Bauer, IDnow GmbH

More information

Certification Practice Statement of CERTUM s Certification Services Version 3.6 Date: 13 of September, 2013 Status: valid

Certification Practice Statement of CERTUM s Certification Services Version 3.6 Date: 13 of September, 2013 Status: valid Certification Practice Statement of CERTUM s Certification Services Version 3.6 Date: 13 of September, 2013 Status: valid Unizeto Technologies S.A. CERTUM Powszechne Centrum Certyfikacji Królowej Korony

More information

WISeKey SA ADVANCED SERVICES ISSUING CERTIFICATION AUTHORITY CERTIFICATION PRACTICE STATEMENT

WISeKey SA ADVANCED SERVICES ISSUING CERTIFICATION AUTHORITY CERTIFICATION PRACTICE STATEMENT WISeKey SA ADVANCED SERVICES ISSUING CERTIFICATION AUTHORITY CERTIFICATION PRACTICE STATEMENT Version 1.1 Effective Date: 05 December 2008 WISeKey S.A. 2000-2008 WISeKey hereby grants non-exclusive permission

More information

WORKSHOP CWA AGREEMENT November 2001

WORKSHOP CWA AGREEMENT November 2001 EUROPEAN COMMITTEE FOR STANDARDIZATION COMITÉ EUROPÉEN DE NORMALISATION EUROPÄISCHES KOMITEE FÜR NORMUNG WORKSHOP CWA 14167-1 AGREEMENT November 2001 ICS 03.120.20; 35.040 Security Requirements for Trustworthy

More information

Cosmos POFESSIONALS OF SAFETY ENGINEERING

Cosmos POFESSIONALS OF SAFETY ENGINEERING Japan-Europe Comparison of Legal Frameworks for Electronic Signatures July 4 th, 2017@Japan-Europe Internet Trust Symposium Soshi Hamaguchi, Corporation eidas Regulation and e-signature Act Definition

More information

POLICY ON THE PROVISION OF QUALIFIED CERTIFICATES FOR ADVANCED ELECTRONIC SIGNATURE/SEAL BY BORICA AD. (B-Trust QCP-eIDAS АES/АESeal) Version 1.

POLICY ON THE PROVISION OF QUALIFIED CERTIFICATES FOR ADVANCED ELECTRONIC SIGNATURE/SEAL BY BORICA AD. (B-Trust QCP-eIDAS АES/АESeal) Version 1. POLICY ON THE PROVISION OF QUALIFIED CERTIFICATES BY BORICA AD (B-Trust QCP-eIDAS АES/АESeal) Version 1.0 Effective: July 1, 2018 Document history Version Author(s) Date Status Comment 1.0 Dimitar Nikolov

More information

Guidance for Requirements for qualified trust service providers: trustworthy systems and products

Guidance for Requirements for qualified trust service providers: trustworthy systems and products Guidance for Requirements for qualified trust service providers: trustworthy systems and products Note on using the guidance: examples are used throughout they are not normative or exclusive, but there

More information

AlphaSSL Certification Practice Statement

AlphaSSL Certification Practice Statement AlphaSSL Certification Practice Statement Date: December 16th 2008 Version: v1.2 Table of Contents DOCUMENT HISTORY... 3 ACKNOWLEDGMENTS... 3 1.0 INTRODUCTION... 4 1.1 OVERVIEW... 4 1.2 ALPHASSL CERTIFICATE

More information

PostSignum CA Certification Policy applicable to qualified certificates for electronic signature

PostSignum CA Certification Policy applicable to qualified certificates for electronic signature PostSignum CA Certification Policy applicable to qualified certificates for electronic signature Version 1.1 7565 Page 1/61 TABLE OF CONTENTS 1 Introduction... 5 1.1 Overview... 5 1.2 Document Name and

More information

ILNAS/PSCQ/Pr004 Qualification of technical assessors

ILNAS/PSCQ/Pr004 Qualification of technical assessors Version 1.1 21.6.2016 Page 1 of 6 ILNAS/PSCQ/Pr004 Qualification of technical assessors Modifications: review of the document 1, avenue du Swing L-4367 Belvaux Tél.: (+352) 247 743-53 Fax: (+352) 247 943-50

More information

Information technology Security techniques Information security controls for the energy utility industry

Information technology Security techniques Information security controls for the energy utility industry INTERNATIONAL STANDARD ISO/IEC 27019 First edition 2017-10 Information technology Security techniques Information security controls for the energy utility industry Technologies de l'information Techniques

More information

Rules for LNE Certification of Management Systems

Rules for LNE Certification of Management Systems Rules for LNE Certification of Management Systems Application date: March 10 th, 2017 Rev. 040716 RULES FOR LNE CERTIFICATION OF MANAGEMENT SYSTEMS CONTENTS 1. PURPOSE... 3 2. SCOPE... 3 3. DEFINITION

More information

TeliaSonera Gateway Certificate Policy and Certification Practice Statement

TeliaSonera Gateway Certificate Policy and Certification Practice Statement TeliaSonera Gateway Certificate Policy and Certification Practice Statement v. 1.2 TeliaSonera Gateway Certificate Policy and Certification Practice Statement TeliaSonera Gateway CA v1 OID 1.3.6.1.4.1.271.2.3.1.1.16

More information

National Identity Exchange Federation. Trustmark Signing Certificate Policy. Version 1.0. Published October 3, 2014 Revised March 30, 2016

National Identity Exchange Federation. Trustmark Signing Certificate Policy. Version 1.0. Published October 3, 2014 Revised March 30, 2016 National Identity Exchange Federation Trustmark Signing Certificate Policy Version 1.0 Published October 3, 2014 Revised March 30, 2016 Copyright 2016, Georgia Tech Research Institute Table of Contents

More information

ÉMI-TÜV SÜD. Regulation of product certification and use of ÉMI-TÜV SÜD KERMI. certification mark. ÉMI TÜV SÜD Ltd.

ÉMI-TÜV SÜD. Regulation of product certification and use of ÉMI-TÜV SÜD KERMI. certification mark. ÉMI TÜV SÜD Ltd. Regulation of product certification and use of ÉMI-TÜV SÜD KERMI certification mark ÉMI TÜV SÜD Ltd. KERMI Department Budapest, 01.09.2017. Notified Body 1417 KERMI Department Rn.: 13-09-072640 Tax nr:

More information

CIRA DNSSEC PRACTICE STATEMENT

CIRA DNSSEC PRACTICE STATEMENT CIRA DNSSEC PRACTICE STATEMENT 1. Introduction This DNSSEC Practice Statement ( DPS ) is a statement of security practices and provisions made by the Canadian Internet Registration Authority (CIRA). These

More information

ISO/IEC INTERNATIONAL STANDARD

ISO/IEC INTERNATIONAL STANDARD INTERNATIONAL STANDARD ISO/IEC 15945 First edition 2002-02-01 Information technology Security techniques Specification of TTP services to support the application of digital signatures Technologies de l'information

More information

Entrust WAP Server Certificate Relying Party Agreement

Entrust WAP Server Certificate Relying Party Agreement Entrust WAP Server Certificate Relying Party Agreement The WAP/WTLS specification v1.1 does not provide a means for certificate revocation checking. The following Relying Party Agreement" provides further

More information

CRITERIA FOR CERTIFICATION BODY ACCREDITATION IN THE FIELD OF RISK BASED INSPECTION MANAGEMENT SYSTEMS

CRITERIA FOR CERTIFICATION BODY ACCREDITATION IN THE FIELD OF RISK BASED INSPECTION MANAGEMENT SYSTEMS CRITERIA FOR CERTIFICATION BODY ACCREDITATION IN THE FIELD OF RISK BASED INSPECTION MANAGEMENT SYSTEMS Approved By: Executive: Accreditation: Mpho Phaloane Revised By: RBI STC Working Group Members Date

More information

THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY. November 2015 Version 4.0. Copyright , The Walt Disney Company

THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY. November 2015 Version 4.0. Copyright , The Walt Disney Company THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY November 2015 Version 4.0 Copyright 2006-2015, The Walt Disney Company Version Control Version Revision Date Revision Description Revised

More information

eidas compliant Trust Services with Utimaco HSMs

eidas compliant Trust Services with Utimaco HSMs eidas compliant Trust Services with Utimaco HSMs March 15, 2018 Dieter Bong Product Manager Utimaco HSM Business Unit Aachen, Germany 2018 eidas-compliant Trust Services with Utimaco HSMs Page 1 eidas

More information

Information technology Security techniques Requirements for bodies providing audit and certification of information security management systems

Information technology Security techniques Requirements for bodies providing audit and certification of information security management systems Provläsningsexemplar / Preview INTERNATIONAL STANDARD ISO/IEC 27006 Third edition 2015-10-01 Information technology Security techniques Requirements for bodies providing audit and certification of information

More information

SPECIAL CONDITIONS FOR SO YOU START DEDICATED SERVER RENTAL Latest version dated 03/12/2013

SPECIAL CONDITIONS FOR SO YOU START DEDICATED SERVER RENTAL Latest version dated 03/12/2013 SPECIAL CONDITIONS FOR SO YOU START DEDICATED SERVER RENTAL Latest version dated 03/12/2013 ARTICLE 1: PURPOSE The purpose of these Special Conditions, which supplement the So You Start General Conditions

More information

IT Security Evaluation and Certification Scheme Document

IT Security Evaluation and Certification Scheme Document IT Security Evaluation and Certification Scheme Document June 2015 CCS-01 Information-technology Promotion Agency, Japan (IPA) IT Security Evaluation and Certification Scheme (CCS-01) i / ii Table of Contents

More information

Handwritten signatures are EOL Panos Vassiliadis

Handwritten signatures are EOL Panos Vassiliadis Handwritten signatures are EOL Panos Vassiliadis Managing Director The use of paper would be reduced and maybe eliminated in offices by 1995 and all documents would be on computer and electronic due to

More information

GlobalSign Certification Practice Statement

GlobalSign Certification Practice Statement GlobalSign Certification Practice Statement Date: May 12th 2010 Version: v.6.7 Table of Contents DOCUMENT HISTORY... 3 HISTORY... 3 ACKNOWLEDGMENTS... 4 1.0 INTRODUCTION... 5 1.1 OVERVIEW... 6 1.2 GLOBALSIGN

More information

CALIFORNIA INDEPENDENT SYSTEM OPERATOR CORPORATION FERC ELECTRIC TARIFF ORIGINAL VOLUME NO. III Original Sheet No. 977 METERING PROTOCOL

CALIFORNIA INDEPENDENT SYSTEM OPERATOR CORPORATION FERC ELECTRIC TARIFF ORIGINAL VOLUME NO. III Original Sheet No. 977 METERING PROTOCOL ORIGINAL VOLUME NO. III Original Sheet No. 977 METERING PROTOCOL ORIGINAL VOLUME NO. III Original Sheet No. 978 METERING PROTOCOL Table of Contents MP 1 OBJECTIVES, DEFINITIONS AND SCOPE MP 1.1 Objective

More information

OpenADR Alliance Certificate Policy. OpenADR-CP-I

OpenADR Alliance Certificate Policy. OpenADR-CP-I Notice This document is a cooperative effort undertaken at the direction of the OpenADR Alliance and NetworkFX, Inc. for the benefit of the OpenADR Alliance. Neither party is responsible for any liability

More information

CEN & ETSI standards & eidas Compliance

CEN & ETSI standards & eidas Compliance CEN & ETSI standards & eidas Compliance Nick Pope - Thales Vice Chair, ETSI TC Electronic Signature & Infrastructures Jan Ulrik Kjærsgaard Cryptomathic Editor CEN EN 419 241-2 (Remote Signing) eidas and

More information

Timber Products Inspection, Inc.

Timber Products Inspection, Inc. Timber Products Inspection, Inc. Product Certification Public Document Timber Products Inspection, Inc. P.O. Box 919 Conyers, GA 30012 Phone: (770) 922-8000 Fax: (770) 922-1290 TP Product Certification

More information

GlobalSign Certification Practice Statement

GlobalSign Certification Practice Statement GlobalSign Certification Practice Statement Date: May 12th 2009 Version: v.6.5 Table of Contents DOCUMENT HISTORY... 3 HISTORY... 3 ACKNOWLEDGMENTS... 4 1.0 INTRODUCTION... 5 1.1 OVERVIEW... 6 1.2 GLOBALSIGN

More information
2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback