IAS2. Electronic signatures & electronic seals Up-dates - feedbacks from :
|
|
- Gwenda Hill
- 5 years ago
- Views:
Transcription
1 IAS2 Study to support the implementation of a pan-european framework on electronic identification and trust services for electronic transactions in the internal market Electronic signatures & electronic seals Up-dates - feedbacks from : - previous workshop - ETSI plug-tests and CEN/ETSI progresses - stakeholders: EC and markets reactions SMART 2012/0001 Workshop 29 January 2015
2 eseals and esignature: secondary legislation GENERAL (note: S for seal and signature) IA 27/37 4 Electronic signatures/seals in public services EC may establish ref. sdts for presumption of conformity IA 27/37 5 Format for AdES by 2015/09/18 EC shall define reference formats QUALIFIED DEVICES (QSCD) IA 29 2 /39 1 Reference numbers of standards for QSCD EC may establish for presumption of conformity Annex II IA 30 3/39 2 Stds for security assessment of QSCD EC shall establish list of standards for DA 30 4 / Specific criteria to be met by the designated bodies EC shall be empowered to define criteria IA 31 3 / 39 3 Format and procedure for the notification of certified QSCDs by MS to EC EC may define formats & procedures VALIDATION & PRESERVATION EC may establish ref. sdts for presumption of conformity IA 32 3 / 40 Reference numbers of standards for the validation of qualified electronic signatures/seals IA 33 3 /40 Reference numbers of standards for qualified validation service for QES IA 34 3 / 40 Reference numbers of standards for the qualified preservation service for qualified electronic signatures/seals
3 IA 27/37 4 Electronic signatures in public services Reference numbers of standards for advanced electronic signatures does not imply that compliance with these standards is in any way mandatory or that advanced signatures cannot be created through other means it is likely that the act will focus principally on security features of advanced electronic signatures (security aspects of the signature, crypto algorithms, security requirements on the computing environment, etc.). IA relates to advanced electronic signatures recognition at least for certain formats will also need to conform to the IA 27.5 focus on three specific types of AdES (all can be remote ): AdES (further denoted AdES) without certificate (cannot be excluded) or with non-qualified certificate (it cannot be presumed that the concept of certificates in the future needs to be restricted to PKI-certificates only) AdES based on a QC, (further denoted AdES/QC) and QES. created by signature creation data, with a signature creation device (challenge for validation): suspension without obliteration should also offer a way of assessing the security level of a submitted AdES (link LoA s eid)
4 IA 27/37 4 Electronic signatures in public services
5 IA 27/37 4 Electronic signatures in public services XAdES, CAdES, PAdES PKI based signatures; IA 27/37.4: what AdES is Built on existing or under edition RFCs, CEN/ETSI/ISO standards Electronic data IA 27/37.5: how AdES shall be built Built on Decision 2011/130/EC amended by 2014/148/EU to insure a smooth transition from the Directive toward the Regulation requirements Built on ETSI formats
6 QSCD a SCDev first SCDev: -signature creation data container, -signature creation application, the SCA, i.e. amongst other the application triggering the use of the signature creation data («trusted path») -user authentication toward signature creation data container Environment: to be secured by signatory and / or TSP Driving Application Signature Creation Application (e.g. hash compt.) Creation data container Device QSCD: CERTIFIED Auth. Module! SCDev can be a product or a service (Q)TSP can be entrusted to manage the signature creation (data) on behalf of the signatory, provided signatory has sole control, (key backups allowed) SCDev (Art 3 22 / 3 31) SCDev for AdES (Art 27 / 37 4) QSCD (Annex II - Art 29 2 / 39 1) Certified components (Art 30 / 39)
7 (Q)SCD products and / or services
8 QSCD harmonised secondary legislation Mandatory Optional Member State 0. Designates (art 30 1 / 39 2) According to DA 30 4 / Notifies DB s address, name (art 30.2 / 39 2) 2. Notifies certified devices & certification changes (art 31 1 / 39 3), EU Formats (IA 31 / 39 3) Commission Publishes List of DBs List of certified devices DBs (C(A)B) in MS Labs, Auditors Certifies (art 30 1 / 39 2) According to IA 30 3 / 39 2 Devices Reqs. For certified components (art 30/39) Wh. 56 Reqs. SCDev for AdES (Art 27/37 4) Reqs. QSCD (Annex II - Art 29 2 / 39 1) Scope of QSCD wider than the scope of certification of QSCD: (Q)SCD means more than keeping the electronic signature creation data (i.e. it is a SCDev). Annex II (QSCD) adds reqs. (not limited to SCD container) whereas 56: scope of certification obligation should exclude signature creation applications QTSP entrusted for the care of qualified electronic signature creation device: supervision and audit Different scenarii wider scope than for certification: timing? standards should enable to isolate requirements for QSCD components subject to certification from the other requirements on other QSCD s components and/or its environment.
9 QSCD harmonised secondary legislation Assumptions: standards referred to in art (a) are standards for the security assessment of information technology products (e.g. CC). Such standards should support the definition of security levels (e.g. EAL 3, 4, ). security evaluation process refers to a process, described in the standards for the security assessment of information technology products, that enables to certify or evaluate an underlying standard (or security requirements) used to certify the QSCD (e.g. a CC certified PP). This process is not under the hand of the DB. It may additionally refer to the method of evaluation of the QSCD based on the so defined underlying standards. underlying standards used to certify the QSCD are the criteria, security requirements in particular, against which the QSCD will be certified by the DB to be listed: either in the list referred to in IA2 29 2, together with other standards that go beyond the scope of certification only and/or that may exist beyond the framework of the standards for the security assessment of information technology products listed under IA 30 3, in quality of standards against which one can presume conformance to (a part of) Annex II and/or in IA 30 3 (a) as the reference standards allowed by the standards for the security assessment of information technology products which is the heart of IA 30 3.
10 QSCD harmonised secondary legislation Issue: the activation of 30 3 (b) in the case of an on-going security evaluation process for a particular underlying standard or when there is no available underlying standards for the QSCD to be evaluated should, not be impeded by the standard(s) referred to in 30 3 (a): It should be clear that when a QSCD cannot be mapped as the target of evaluation of any available allowed underlying standards, a member state or its designated body should be allowed to propose an alternative standard with security requirements adapted to the QSCD solution en question. E.g. if underlying standards only cover the cases of smart-cards, and a signing server QSCD needs to be evaluated, the activation of 30 3 (b) is possible.
11 QSCD harmonised secondary legislation Member State DBs (C(A)B) in MS Designates (DA 30 4 / 39 2) Accreditation track Labs, Auditors REG. (EU) No 765/2008 may be Accredits accredited by as skilled for IT products certification (ISO 17065) Requires a sectorial certification scheme EA 2 WAYS CD. No EC/2000/709 Does not require a part. cert. scheme Cert.Body: by law or ISO accredited by NAB or conform to CC Annex lists conform (licenced) labs (e.g , impartial, skilled, etc.) SOGIS MRA - CCRA Common Criteria signs Certifies (IA 30 3 / 39 2) Certification track Guidance CEM & Guidance (ex CWA 14172) Devices Reqs. for certified components (art 30/39) - PP for QSCD (e.g. based on SSCD PP) and/or new PPs tbd, OR - National rules (e.g. for Signing Server), OR - Annex II REG. 910/2014 limited to scope of certification - CC Certified PP for SSCD - New CC Certified PP for QSCD (e.g. based on SSCD PP, for signing server, ) Supervised if TSP managed. Not CC only 11
12 QSCD harmonised secondary legislation Pros & cons of proposed tracks: Common Criteria: Very complete / structured framework Existing frameword for SSCD quasi plug and play Might not cover all solutions: CC does not contain security evaluation criteria pertaining to administrative security measures not related directly to the IT security functionality. However, it is recognised that significant security can often be achieved through or supported by administrative measures such as organisational, personnel, physical, and procedural controls Difficulties to activate Art 30 3 (b); requires to show that no PP is suitable BUT the device to be evaluated is a QSCD candidate Cost of evaluations Mutual recognition through agreements not necessarily signed by all MS Regu 765/2008: Applicable to all MS Suitable for security trough administrative measures such as organisational, personnel, physical, and procedural controls Cost of evaluation? Difficulties to activate Art 30 3 (b); requires to show that no underlying standard is suitable BUT the device to be evaluated is a QSCD candidate and what about proving the levels equivalence?
13 QSCD harmonised secondary legislation In both cases: Positionning of underlying standards wrt requirements for SCD, QSCD (annex II) and QSCD certification (in onion form?) Could solve the supervision / certification timing by allowing first the certification and then the supervision on how the certified device is implemented withn a QTSP specific environment Are these track standard(s) as required by Art 30 3? Time to market (certified PP, sectoral scheme) Can the IA go beyong listing standard(s) and cares for the activation for Art 30 3 (b)? How?
14 IA 32 3 / 40 Validation of QES - Key point: confirmation of diverse features or qualities of the signature at the time of signing is intrinsically linked to different elements and proofs associated with the signature and to the way they have been preserved - Perfectly legally valid QES may never be technically verifiable in the absence of certain signature information (proofs of existence, etc.); the more the validation report can be clear to this regard (e.g. explaining or weighting the actual risk according to the missing information), the better for the signature market as this may avoid blind rejection of QES that would have actually deserve acceptation in many business cases. - Ideally need to refer to a standard detailing how to process a QES in order to verify the points (a) to (h) in article 32.1 (relying on a detailed algorithm describing all the steps to be performed for each point). It shall identify all necessary inputs (in particular, depending on the position of the date of validation with regard to the QES milestones)
15 Validation of QES open points Risk of rejection of valid signatures acceptation of invalid signatures an algorithm is deterministic some elements are at the border of the validation algorithm (i.e. ETSI ) and the signature validation policy (i.e. ETSI ) to be customised according to business cases. Need to limit indeterminations : shift as far as possible from algorithm to policy Important to consider in the algorithm ONLY these elements for compliance with Article 32
16 Validation of QES open points Elements to position: weak cryptographic suites a «personnal» choice OR a non-conformity to Art 26? the certificate chain or path validity all path valid (RFC 5280 like) OR only the signatory certificate valid, under certain conditions? proof of the signing time with regard to expiration/revocation digital signatures rely heavily on the revocation services for ensuring trust in the system (and in the same vein, to a certain extend, on the guarantee given by the CA that a certain certificate is valid for a certain period) The validation that a certificate was valid at the time of signing requires the validation that the certificate was not expired of revoked at the time of signing. However, one can discuss the type of proofs related to this time of signing: self-claim versus trusted (qualified?) timestamp: a matter of policy? time of the proof of existence: creation (as per Regulation always possible?) or (first) validation (ETSI like)?
17 Preservation of QES Key points in extending the trustworthiness of the QES beyond its technological validity period Extending the trustworthiness Supposes a certain continuum in time -> requires a validation (whoever does it) the definition of end of the technological validity period Strictly speaking, refers to underlying technology, not to the technical validity (i.e. not to validation as per Art 32) Recital 61: guarantee that [QES] can be validated irrespective of future technological changes : may also cover obsolescence of current display techniques etc. the consideration of the signed data Essence of any ES lies in link with signed data; cannot meet Art objective without the assurance that the signed data is preserved (by whoever does it) and can be retrieved (by whoever does it) so that what is done by the TSP will indeed lead to effective & verifiable trustworthiness of the QES. the consideration of ancillary services and the business perspective Market of QPS: only do preservation of QES versus full service archiving, and also with differences in duration of the period.
18 Preservation of QES Ideal preservation service: should be possible to call a preservation service far before the end of the technological validity period of a QES. check that the QES is trustworthy requires a validation of the QES, then: completion of the received signature into a more resilient form (i.e. maximal resilience level described in IA 27.4, -A zero risk approach ), and/or preservation within a hash tree, or any other type of preservation. assurance that the signed data is being preserved link between QES & signed data can be a hash (with all limitations on the techniques), or certain traces of the act of signing (procedures ). The signature preservation alone means nothing. QES preservation provider must be able to establish the link QES / signed data in an unambiguous way value added service responsibility in converting supporting media when technologies used to read, validate and display QES and related proofs are becoming obsolete? duration of service (long, very long terms) TSP to clearly indicate the boundaries between the service it offers and ancillary services
19 Preservation of QES Proofs that needs to be gathered; two candidates ETSI advanced form of XAdES, PAdES and CAdES provide solution for preserving signature using a sequence of time stamps. Evidence Record (ERS) syntax (IETF RFCs 4998 and 6283), that uses Merkle Hash Trees (only one time stamp is required for a complete re-signing cycle). Note: There is no contradiction between these documents, efforts are ongoing to make them converge. Both methods rely on time stamps and hash functions and shall consider risks: on hash functions that might arise from the attack on asymmetric algorithms (e.g. quantum computing) monitoring crypto, use of two timestamps based on distinct hash functions, from 2 providers, etc. Protection of the preserved data ETSI : security requirements for TSP. Cover the protection of data against loss, disaster etc. and privacy. A specific policy (or profile from the above mentioned QTSP policy) shall also be proposed for qualified preservation service for QES. This policy shall address the specific requirements and measures to be taken against technology obsolescence (at least as recommendations).
European Commission s proposal for a Regulation on Electronic identification and trust services for electronic transactions in the EU internal market
European Commission s proposal for a Regulation on Electronic identification and trust services for electronic transactions in the EU internal market Gérard GALLER Policy Officer European Commission -
More informationeias Study on an electronic identification, authentication and signature policy SUPERVISION Presentation on status
eias Study on an electronic identification, authentication and signature policy SUPERVISION Presentation on status in the context of COM(2012) 238 Proposal for a Regulation on electronic identification
More informationETSI ESI and Signature Validation Services
ETSI ESI and Signature Validation Services Presented by: Andrea Röck For: Universign and ETSI STF 524 expert 24.10.2018 CA day ETSI 2018 Agenda Update on standardisation under eidas Signature validation
More informationETSI Electronic Signatures and Infrastructures (ESI) TC
ETSI Electronic Signatures and Infrastructures (ESI) TC Presented by Andrea Caccia, ETSI/ESI liaison to ISO SC27 ( a.caccia @ kworks.it ) ETSI 2011. All rights reserved ETSI TC ESI - Electronic Signatures
More informationCountdown to eidas. Date: 19/04/2016 Auteur: CTIE Révision: 1.0 Ref: EIDAS_CTIE_4 Page 1
Countdown to eidas Date: 19/04/2016 Auteur: CTIE Révision: 1.0 Ref: EIDAS_CTIE_4 Page 1 About CTIE (Centre des Technologies de l'information de l'etat) Provides centralised IT services for all public administrations
More informationGuidance for Requirements for qualified trust service providers: trustworthy systems and products
Guidance for Requirements for qualified trust service providers: trustworthy systems and products Note on using the guidance: examples are used throughout they are not normative or exclusive, but there
More informationUPDATE ON CEN & ETSI STANDARDISATION ON SIGNATURES
UPDATE ON CEN & ETSI STANDARDISATION ON SIGNATURES Workshop eidas Trust Services: 6 months on after the switch-over 19 December 2016 Riccardo Genghini, TC ESI chairman Topics eidas Standards Status ETSI
More informationeidas Workshop Return on Experience from Conformity Assessment Bodies - EY June 13, 2016 Contacts: Arvid Vermote
eidas Workshop Return on Experience from Conformity Assessment Bodies - EY June 13, 2016 Contacts: Arvid Vermote arvid.vermote@be.ey.com EY eidas Certification scheme Scheme EY CertifyPoint B.V. is currently
More informationElectronic signature framework
R E P U B L I C O F S E R B I A Negotation Team for the Accession of Republic of Serbia to the European Union Working Group for Chapter 10 Information society and media Electronic signature framework Contents
More informationETSI TR V1.1.1 ( )
TR 119 400 V1.1.1 (2016-03) TECHNICAL REPORT Electronic Signatures and Infrastructures (ESI); Guidance on the use of standards for trust service providers supporting digital signatures and related services
More informationCosmos POFESSIONALS OF SAFETY ENGINEERING
Japan-Europe Comparison of Legal Frameworks for Electronic Signatures July 4 th, 2017@Japan-Europe Internet Trust Symposium Soshi Hamaguchi, Corporation eidas Regulation and e-signature Act Definition
More informationFOR QTSPs BASED ON STANDARDS
THE EU CYBER SECURITY AGENCY FOR QTSPs BASED ON STANDARDS Technical guidelines on trust services DECEMBER 2017 About ENISA The European Union Agency for Network and Information Security (ENISA) is a centre
More informationeidas Regulation eid and assurance levels Outcome of eias study
eidas Regulation eid and assurance levels Outcome of eias study Dr. Marijke De Soete Security4Biz (Belgium) ETSI eidas Workshop 24 June 2015 Sophia Antipolis eidas Regulation Regulation on electronic identification
More informationSpanish Information Technology Security Evaluation and Certification Scheme
Spanish Information Technology Security Evaluation and Certification Scheme IT-009 Remote Qualified Electronic Signature Creation Device Evaluation Methodology Version 1.0 January 2017 Documento del Esquema
More informationeidas Regulation (EU) 910/2014 eidas implementation State of Play
eidas Regulation (EU) 910/2014 eidas implementation State of Play CA-Day 19 September 2016 Elena Alampi DG CONNECT, European Commission elena.alampi@ec.europa.eu eidas The Regulation in a nutshell 2 MAIN
More informationSession 1. esignature and eseal validation landscape. Presented by Sylvie Lacroix esignature and eseal validation workshop, Jan
Session 1 e and eseal validation landscape Presented by Sylvie Lacroix e and eseal validation workshop, Jan 10 2018 Legal Framework: eidas Regulation and e Validation as a (qualified) Trust Service (link
More informationETSI European CA DAY TRUST SERVICE PROVIDER (TSP) CONFORMITY ASSESSMENT FRAMEWORK. Presented by Nick Pope, ETSI STF 427 Leader
ETSI European CA DAY TRUST SERVICE PROVIDER (TSP) CONFORMITY ASSESSMENT FRAMEWORK Presented by Nick Pope, ETSI STF 427 Leader ETSI 2012 All rights reserved Topics Background ETSI Activities / Link to Mandate
More informationARTICLE 29 DATA PROTECTION WORKING PARTY
ARTICLE 29 DATA PROTECTION WORKING PARTY 18/EN WP261 Article 29 Working Party Draft Guidelines on the accreditation of certification bodies under Regulation (EU) 2016/679 Adopted on 6 february 2018 1 THE
More informationEXBO e-signing Automated for scanned invoices
EXBO e-signing Automated for scanned invoices Signature Policy Document OID: 0.3.2062.7.2.1.12.1.0 Approval Status: Approved Version: 1.0 Page #: 1 of 13 1. Introduction 1.1. Scope This document covers
More informationDIGITALSIGN - CERTIFICADORA DIGITAL, SA.
DIGITALSIGN - CERTIFICADORA DIGITAL, SA. TIMESTAMP POLICY VERSION 1.1 21/12/2017 Page 1 / 18 VERSION HISTORY Date Edition n.º Content 10/04/2013 1.0 Initial drafting 21/12/2017 1.1 Revision AUTHORIZATIONS
More informationILNAS/PSCQ/Pr004 Qualification of technical assessors
Version 1.1 21.6.2016 Page 1 of 6 ILNAS/PSCQ/Pr004 Qualification of technical assessors Modifications: review of the document 1, avenue du Swing L-4367 Belvaux Tél.: (+352) 247 743-53 Fax: (+352) 247 943-50
More informationSSL/TSL EV Certificates
SSL/TSL EV Certificates CA/Browser Forum Exploratory seminar on e-signatures for e-business in the South Mediterranean region 11-12 November 2013, Amman, Jordan Moudrick DADASHOW CEO, Skaitmeninio Sertifikavimo
More informationGuidelines 4/2018 on the accreditation of certification bodies under Article 43 of the General Data Protection Regulation (2016/679)
Guidelines 4/2018 on the accreditation of certification bodies under Article 43 of the General Data Protection Regulation (2016/679) Adopted on 4 December 2018 Adopted 1 Contents 1 Introduction... 3 2
More informationTest Signature Policy Version 1.0
Test Signature Policy Version 1.0 This document describes the policy requirements for the creation of test signatures. 04-10-2018 Name COMPL_POL_TestSignaturePolicy OID 1.3.6.1.4.1.49274.1.1.5.1.0 Applicable
More informationEU e-signature standardisation mandate m460
EU e-signature standardisation mandate m460 A Rationalised Framework for Electronic Signature Standardisation Prof. Riccardo Genghini CEN-ETSI Coordination Group Chairman ETSI-ESI Chairman ETSI 2013. All
More informationETSI TC ESI WORK ON ELECTRONIC REGISTERED DELIVERY SERVICES AND REGISTERED ELECTRONIC MAIL
ETSI TC ESI WORK ON ELECTRONIC REGISTERED DELIVERY SERVICES AND REGISTERED ELECTRONIC MAIL Luca Boldrin, Juan Carlos Cruellas, Santino Foti, Paloma Llaneza, Kornél Réti Agenda STF 523 concept and context
More informationCEN & ETSI standards & eidas Compliance
CEN & ETSI standards & eidas Compliance Nick Pope - Thales Vice Chair, ETSI TC Electronic Signature & Infrastructures Jan Ulrik Kjærsgaard Cryptomathic Editor CEN EN 419 241-2 (Remote Signing) eidas and
More informationEUROPEAN ACCREDITATION LEGAL FRAMEWORK
EUROPEAN ACCREDITATION LEGAL FRAMEWORK ECIBC Plenary 2016 Ed Wieles 24 November 2016 CONTENTS European model on Accreditation Requirements for Accreditation bodies Harmonised standards for accreditation
More informationIFY e-signing Automated for scanned invoices
IFY e-signing Automated for scanned invoices Signature Policy Document OID: 0.3.2062.7.2.1.13.1.0 Approval Status: Approved Version: 1.0 Page #: 1 of 13 1. Introduction 1.1. Scope This document covers
More informationGuidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation 2016/679
Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation 2016/679 Adopted on 23 January 2019 1 Table of contents 1.1 Scope of the
More informationQUICKSIGN Registration Policy
QUICKSIGN Registration Policy Amendment to DOCUSIGN FRANCE s Certificate Policy for using the QUICKSIGN platform as a registration service to identify Subscribers September 27, 2016 QUICKSIGN_Registration_Policy_V1.0
More informationGuidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation 2016/679
Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation 2016/679 Adopted on 25 May 2018 Contents 1. Introduction... 2 1.1. Scope
More informationUtimaco eidas Update. June Thorsten Groetker CTO. Utimaco HSM Business Unit Aachen, Germany 2017 Utimaco eidas Update, June 2017 Page 1
Utimaco eidas Update June 2017 Thorsten Groetker CTO Utimaco HSM Business Unit Aachen, Germany 2017 Utimaco eidas Update, June 2017 Page 1 eidas Agenda Recap eidas, Trust Services, Standardization Signature
More informationQualified Validation Policy
Registro Registro Nacional Nacional de Asociaciones. de Asociaciones. Número Número 171.443. 171.443. CIF G-63287510. CIF G-63287510. ANF Autoridad de Certificación Paseo de la Castellana, 79-28046 - Madrid
More informationDisclosure text - PDS (PKI Disclosure Statement) for electronic signature and authentication certificates
Disclosure text - PDS (PKI Disclosure Statement) for electronic signature and authentication certificates Index INDEX... 2 1. DISCLOSURE TEXT APPLICABLE TO NATURAL PERSON CERTIFICATES ISSUED ON QSCD...
More informationDigital Signatures Act 1
Issuer: Riigikogu Type: act In force from: 01.07.2014 In force until: 25.10.2016 Translation published: 08.07.2014 Digital Signatures Act 1 Amended by the following acts Passed 08.03.2000 RT I 2000, 26,
More informationACCREDITATION: A BRIEFING FOR GOVERNMENTS AND REGULATORS
ACCREDITATION: A BRIEFING FOR GOVERNMENTS AND REGULATORS Accreditation is continuously gaining recognition as an important technical tool in the delivery of objectives across an increasing range of policy
More informationeidas Regulation in the context of Cybersecurity: Electronic seals and website certificates: Two sides of a (gold) medal?
eidas Regulation in the context of Cybersecurity: Electronic seals and website certificates: Two sides of a (gold) medal? public 1 AGENDA 1. eidas Strategic View 2. Website Certificates 3. Electronic Seals
More informationWORKSHOP CWA AGREEMENT November 2001
EUROPEAN COMMITTEE FOR STANDARDIZATION COMITÉ EUROPÉEN DE NORMALISATION EUROPÄISCHES KOMITEE FÜR NORMUNG WORKSHOP CWA 14167-1 AGREEMENT November 2001 ICS 03.120.20; 35.040 Security Requirements for Trustworthy
More informationTrust Services Practice Statement
Trust Services Practice Statement TrustWeaver AB V. 1.2 PUBLIC Page 1 IMPORTANT LEGAL NOTICE Copyright 2016, TrustWeaver AB. All rights reserved. This document contains TrustWeaver AB proprietary information,
More informationSecurity guidelines on the appropriate use of qualified electronic seals Guidance for users
Security guidelines on the appropriate use of qualified electronic seals Guidance for users VERSION 2.0 FINAL DECEMBER 2016 www.enisa.europa.eu European Union Agency For Network And Information Security
More informationSPECIFIC CERTIFICATION PRACTICES AND POLICY OF
SPECIFIC CERTIFICATION PRACTICES AND POLICY OF CERTIFICATES OF REPRESENTATIVES OF LEGAL ENTITIES AND OF INSTITUTIONS WITH NO LEGAL ENTITY FROM THE AC REPRESENTACIÓN NAME DATE Prepared by: FNMT-RCM / v1.5
More informationProtection Profiles for Signing Devices
www.thales-esecurity.com Protection Profiles for Signing Devices Report on CEN Standardisation Activities on Security of Electronic Signatures 2 / Topics EU Legislation driving standardisation for Electronic
More informationTrust Service Provider Technical Best Practices Considering the EU eidas Regulation (910/2014)
Trust Service Provider Technical Best Practices Considering the EU eidas Regulation (910/2014) This document has been developed by representatives of Apple, Google, Microsoft, and Mozilla. Document History
More informationInteroperable Qualified Certificate Profiles
Study on Cross-Border Interoperability esignatures of (CROBIES) Interoperable Qualified Certificate Profiles A report to the European Commission from SEALED, time.lex and Siemens Disclaimer The views expressed
More informationSándor Szőke, Dr. Microsec Ltd. Migration of national PKI Services to eidas conformant Trust Services case study in Hungary
Sándor Szőke, Dr. Microsec Ltd. Migration of national PKI Services to eidas conformant Trust Services case study in Hungary Introduction Private Hungarian IT company since 1984 Custom specific IT system
More informationOverview & Specification
Electronic Signature Overview & Specification Version: 1.0 Author: Qatar Public Key Infrastructure Section Document Classification: PUBLIC Published Date: May 2018 Version: 1.0 Page 1 of 31 Document Information
More informationENISA s Position on the NIS Directive
ENISA s Position on the NIS Directive 1 Introduction This note briefly summarises ENISA s position on the NIS Directive. It provides the background to the Directive, explains its significance, provides
More informationResilience, Deterrence and Defence: Building strong cybersecurity for the EU
Resilience, Deterrence and Defence: Building strong cybersecurity for the EU 1 Building strong cybersecurity for the EU: Resilience, Deterrence and Defence From reactive to pro-active and cross-policy
More informationeidas & e-delivery CE Midsummer Conference "The role of policy decisions in the postal & delivery industry", Copenhagen (DK), 12 June 2017
eidas & e-delivery CE Midsummer Conference "The role of policy decisions in the postal & delivery industry", Copenhagen (DK), 12 June 2017 Andrea Servida DG CONNECT, European Commission Unit "egovernment
More informationThe Accreditation and Verification Regulation - Verification report
EUROPEAN COMMISSION DIRECTORATE-GENERAL CLIMATE ACTION Directorate A - International and Climate Strategy CLIMA.A.3 - Monitoring, Reporting, Verification Guidance Document The Accreditation and Verification
More informationComparison of Electronic Signature between Europe and Japan: Possibiltiy of Mutual Recognition
Comparison of Electronic Signature between Europe and Japan: Possibiltiy of Mutual Recognition 1 Soshi Hamaguchi, 1 Toshiyuki Kinoshita, 2 Satoru Tezuka 1 Tokyo University of Technology, Tokyo, Japan,
More informationSAS Rules for Accreditation Purposes in the context of Notification - Designation of Conformity Assessment Bodies (CAB)
Federal Department of Economic Affairs, Education and Research EAER State Secretariat for Economic Affairs SECO Swiss Accreditation Service SAS SAS Rules for Accreditation Purposes in the context of Notification
More informationKrajowa Izba Rozliczeniowa S.A.
Conformity Assessment Report: Conformity Certificate and Summary T-Systems.031.0257.U.10.2018 Trust Service Provider: Krajowa Izba Rozliczeniowa S.A. Conformity Certificate T-Systems.031.0257.06.2017 Attachment
More informationNew cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017
in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017 European Union Agency for Network and Information Security Positioning ENISA activities CAPACITY Hands on activities POLICY Support MS & COM
More informationIT Security Evaluation and Certification Scheme Document
IT Security Evaluation and Certification Scheme Document June 2015 CCS-01 Information-technology Promotion Agency, Japan (IPA) IT Security Evaluation and Certification Scheme (CCS-01) i / ii Table of Contents
More informationIdentity Documents Personalisation Centre. Conformity Assessment Report: Conformity Certificate and Summary. T-Systems
Conformity Assessment Report: Conformity Certificate and Summary T-Systems.031.0258.05.2017 Trust Service Provider: Identity Documents Personalisation Centre Conformity Certificate T-Systems.031.0258.05.2017
More informationZETES TSP QUALIFIED CA
ZETES TSP QUALIFIED CA Certification Practice Statement for the ZETES TSP Qualified CA Publication date : 17/05/2017 Effective date : 22/05/2017 Document OID : 1.3.6.1.4.1.47718.2.1.1.2 Version : 1.2 21/04/2017
More informationDECISION OF THE EUROPEAN CENTRAL BANK
L 74/30 Official Journal of the European Union 16.3.2013 DECISIONS DECISION OF THE EUROPEAN CENTRAL BANK of 11 January 2013 laying down the framework for a public key infrastructure for the European System
More informationAPPROVAL PROCESS TO BE FOLLOWED FOR PROVISIONAL ACCREDITATION OF CBs UNDER FM CERTIFICATION SCHEME
APPROVAL PROCESS TO BE FOLLOWED FOR PROVISIONAL ACCREDITATION OF CBs UNDER FM CERTIFICATION SCHEME Contents Scope... 3 A. Application for the Notification of the Certification Body... 3 B. Approval from
More informationDigital Certificates. PKI and other TTPs. 3.3
Digital Certificates. PKI and other TTPs. 3.3 1 Certification-service providers Spanish Law 59/03 Art. 2.2 or Directive 1999/93/EC Art. 2.11: Certification-service providers means an entity or a legal
More informationTechnical guidelines implementing eidas
Technical guidelines implementing eidas Sławek Górniak CA/Day Berlin 19 th September 2016 European Union Agency for Network and Information Security About ENISA 2 Positioning ENISA activities 3 ENISA and
More informationConformity Assessment Report: Conformity Certificate and Summary. T-Systems Trust Service Provider: Connect Solutions
Conformity Assessment Report: Conformity Certificate and Summary T-Systems.031.0262.12.2017 Trust Service Provider: Connect Solutions Conformity Certificate T-Systems.031.0262.12.2017 pursuant to Article
More informationDraft ETSI EN V1.0.0 ( )
Draft EN 319 102-1 V1.0.0 (2015-07) EUROPEAN STANDARD Electronic Signatures and Infrastructures (ESI); Procedures for Creation and Validation of AdES Digital Signatures; Part 1: Creation and Validation
More informationBase Standard Program ISO Trustworthy Digital Repositories MS CB Application for Accreditation
Base Standard Program ISO 16363 Trustworthy Digital Repositories MS CB Application for Accreditation FA 5041 Authority: Accreditation Manager Effective: 2017/08/25 Section 1: CB Name, Contact Information,
More informationEUROPEAN STANDARD Electronic Signatures and Infrastructures (ESI); Certificate Profiles; Part 5: QCStatements
EN 319 412-5 V2.1.1 (2016-02) EUROPEAN STANDARD Electronic Signatures and Infrastructures (ESI); Certificate Profiles; Part 5: QCStatements 2 EN 319 412-5 V2.1.1 (2016-02) Reference REN/ESI-0019412-5v211
More informationThe current status of Esi TC and the future of electronic signatures
SG&A ETSI FUTURE WORKSHOP Sophia Antipolis, 16th January 2006 The current status of Esi TC and the future of electronic signatures Riccardo Genghini, Chairman of Etsi Esi TC riccardo.genghini@sng.it The
More informationRECOMMENDATION FOR USE
Page 1 of 23 TITLE CONTENT OF EC CERTIFICATE/ QMS-APPROVAL/ ISV ORIGINATOR NB-RAIL SUB-GROUP STRATEGY SUBJECT RELATED TO DIRECTIVE 2008/57/EC (AS AMENDED BY 2009/131/EC, 2011/18/EU, 2010/713/EU, 2013/9/EU,
More informationMay English version. General guidelines for electronic signature verification
CEN WORKSHOP CWA 14171 May 2004 AGREEMENT ICS 03.160; 35.040 Supersedes CWA 14171:2001 English version General guidelines for electronic signature verification This CEN Workshop Agreement has been drafted
More informationCERTIFICATE OF CONFORMITY. The certification body LSTI. declares LUXTRUST SA IVY BUILDING L-8308 CAPELLEN - LUXEMBOURG
Conformity Assessment Body Trust Service Providers ISO 27001 LA ISO 27001 LI ISO 27001 RM ISO 27005 CERTIFICATE OF CONFORMITY The certification body LSTI declares LUXTRUST SA IVY BUILDING L-8308 CAPELLEN
More informationASSURANCE CONTINUITY: CCRA REQUIREMENTS
ASSURANCE CONTINUITY: CCRA REQUIREMENTS VERSION 2.1 JUNE 2012 1 INTRODUCTION...3 1.1 SCOPE...3 1.2 APPROACH...3 1.3 CONTENTS...3 2 TECHNICAL CONCEPTS...4 2.1 ASSURANCE CONTINUITY PURPOSE...4 2.2 TERMINOLOGY...4
More informationCERTIFICATION BODY (CB) APPROVAL REQUIREMENTS FOR THE IFFO RESPONSIBLE SUPPLY (IFFO RS) AUDITS AND CERTIFICATION
CERTIFICATION BODY (CB) APPROVAL REQUIREMENTS FOR THE IFFO RESPONSIBLE SUPPLY (IFFO RS) AUDITS AND CERTIFICATION Introduction The IFFO RS Certification Programme is a third party, independent and accredited
More informationDigital Signatures: How Close Is Europe to Truly Interoperable Solutions?
Digital Signatures: How Close Is Europe to Truly Interoperable Solutions? Konstantinos Rantos Kavala Institute of Technology, Kavala GR-65404, Greece krantos@teikav.edu.gr Abstract. Digital signatures
More informationScheme for accreditation, approval and authorization to Access Security-related Repair and Maintenance Information (RMI) SERMI operations group
Scheme for accreditation, approval and authorization to Access Security-related Repair and Maintenance Information (RMI) SERMI operations group May 2016 Table of contents 1 Scope... 4 2 Normative references...
More informationProtection profiles for TSP Cryptographic modules - Part 5
CEN/TC 224 Date: 2016-11-29 (v0.15) Proposed draft for Evaluation of pren 419 221-5 CEN/TC 224 Secretariat: AFNOR Protection profiles for TSP Cryptographic modules - Part 5 Cryptographic Module for Trust
More informationETSI EN V1.1.1 ( )
EN 319 102-1 V1.1.1 (2016-05) EUROPEAN STANDARD Electronic Signatures and Infrastructures (ESI); Procedures for Creation and Validation of AdES Digital Signatures; Part 1: Creation and Validation 2 EN
More informationETSI TS V1.2.1 ( ) Technical Specification
TS 102 778-3 V1.2.1 (2010-07) Technical Specification Electronic Signatures and Infrastructures (ESI); PDF Advanced Electronic Signature Profiles; Part 3: PAdES Enhanced - PAdES-BES and PAdES-EPES Profiles
More informatione-authentication guidelines for esign- Online Electronic Signature Service
e-authentication guidelines for esign- Online Electronic Signature Service (Issued under Electronic Signature or Electronic Authentication Technique and Procedure Rules, 2015) Version 1.3 April 2017 Controller
More informationCertificate. Certificate number: Certified by EY CertifyPoint since: July 10, 2018
Certificate Certificate number: 2018-016 Certified by EY CertifyPoint since: July 10, 2018 Based on certification examination in conformity with defined requirements in ISO/IEC 17065:2012 and ETSI EN 319
More informationConformity Assessment Report: Conformity Certificate and Summary. T-Systems U Trust Service Provider: Connect Solutions
Conformity Assessment Report: Conformity Certificate and Summary T-Systems.031.0262.U.08.2018 Trust Service Provider: Connect Solutions Conformity Certificate T-Systems.031.0262.12.2017 Attachment No.
More informationThe Basic Terms and Legal Aspects of The ESA from The Practical and Security Points of View
The Basic Terms and Legal Aspects of The ESA from The Practical and Security Points of View Abstract Ján Matejka matejka@ilaw.cas.cz The Institute of State and Law of the Czech Academy of Sciences Pavel
More informationPEFC N 04 Requirements for certification bodies and accreditation bodies
PEFC N 04 Requirements for certification and accreditation Organisation Articles of Association for PEFC Norway Forest certification PEFC N 01 Norwegian PEFC certification system for sustainable forestry
More informationEDPB Certification Guidelines
EDPB Certification Guidelines Public Consultation: Comments submitted by SCOPE Europe bvba/sprl Published and Submitted: 10. July 2018 1 About SCOPE Europe sprl SCOPE Europe is a subsidiary of Selbstregulierung
More informationS. Scholz / K. Meyer / J.E. Nielsen / Harald Drück/J.Fernández/E.Prado/L.Nelson Page 1 of 7
Global Solar Certification Network Working Rules Annex A. Requirements for Certification Bodies and their subcontracted laboratories, inspection bodies and inspectors Date: 2017/03/07 Document number:
More informationUELMA Exploring Authentication Options Nov 4, 2011
UELMA Exploring Authentication Options Nov 4, 2011 A U T H E N T I C A T I O N M E T H O D S P R E L I M I N A R Y R E P O R T B R A D L E E C H A N G X C E N T I A L G R O U P B R A D @ X C E N T I A
More informationTECHNICAL REPORT Electronic Signatures and Infrastructures (ESI); Guidance on the use of standards for cryptographic suites
TR 119 300 V1.2.1 (2016-03) TECHNICAL REPORT Electronic Signatures and Infrastructures (ESI); Guidance on the use of standards for cryptographic suites 2 TR 119 300 V1.2.1 (2016-03) Reference RTR/ESI-0019300v121
More informationKrajowa Izba Rozliczeniowa S.A.
Conformity Assessment Report: Conformity Certificate and Summary T-Systems.031.0257.U.12.2018 Trust Service Provider: Krajowa Izba Rozliczeniowa S.A. Conformity Certificate T-Systems.031.0257.06.2017 Attachment
More informationCertificate Policy for Deployment and Operation of European Cooperative Intelligent Transport Systems (C-ITS)
Result of C-ITS Platform Phase II Certificate Policy for Deployment and Operation of European Cooperative Intelligent Transport Systems (C-ITS) RELEASE 1.1 JUNE 2018 Certificate Policy for Deployment and
More informationINAB Mandatory and Guidance Documents Policy and Index
INAB Mandatory and Guidance s Policy and Index This publication is aimed at assisting in determining what documents are relevant to various organisations and at providing contact points for accessing such
More informationEUROPEAN STANDARD Electronic Signatures and Infrastructures (ESI); Time-stamping protocol and time-stamp token profiles
Final draft EN 319 422 V1.1.0 (2015-12) EUROPEAN STANDARD Electronic Signatures and Infrastructures (ESI); Time-stamping protocol and time-stamp token profiles 2 Final draft EN 319 422 V1.1.0 (2015-12)
More informationETSI TS V1.2.1 ( )
TECHNICAL SPECIFICATION Electronic Signatures and Infrastructures (ESI); Procedures for Creation and Validation of AdES Digital Signatures; Part 1: Creation and Validation 2 Reference RTS/ESI-0019102-1-TSversion
More informationTime Stamping Policy
Magyar Telekom Qualified Times Stamping Service Time Stamping Policy Specific object identifier (OID):... 1.3.6.1.4.1.17835.7.1.2.11.3.12.2.0 Version number:... 2.0 Registration number:.. Date of entry
More informationSLOVAK FOREST CERTIFICATION SYSTEM September 1, 2008
SLOVAK FOREST CERTIFICATION SYSTEM September 1, 2008 REQUIREMENTS FOR CERTIFICATION BODIES CONDUCTING FOREST CERTIFICATION AND CHAIN - OF - CUSTODY OF WOOD VERIFICATION SFCS 1005:2004 Effective as of September
More informationETSI STF 412 AUDIT GUIDELINES FOR EVC (24 TH JAN 2012)
ETSI STF 412 AUDIT GUIDELINES FOR EVC (24 TH JAN 2012) Guidance on TS 102 042 for Issuing Extended Validation Certificates Presented by Arno Fiedler ETSI 2011. All rights reserved STF 412/438 TEAM 2 ETSI
More informationData Protection. Code of Conduct for Cloud Infrastructure Service Providers
Data Protection Code of Conduct for Cloud Infrastructure Service Providers 27 JANUARY 2017 Introduction... 3 1 Structure of the Code... 5 2 Purpose... 6 3 Scope... 7 4 Data Protection Requirements... 9
More informationPTSPAS Product Assessment HAPAS Equivalent in accordance with MCHW SHW Volume 1 Clause and
1. Policy It is the policy of Pavement Testing Services Ltd (hereafter PTS) to operate its certification/ assessment services in a non-discriminatory manner. PTS shall not use procedures / processes to
More informationTowards the Certification for IoT
Towards the Certification for IoT IoT Week Geneva, 6-9 of June 2017 Session: GDPR&IoT Avv. Lucio Scudiero Researcher on data protection law Personal Data Protection Officer Certification in the GDPR Data
More informationeidas-compliant signing of PDF
PDF Days Europe 2018 eidas-compliant signing of PDF Technical implications of eidas conformance in PDF processing Bernd Wild intarsys AG, Member of the Board of A Presentation 2018 by!11 72% of EU individuals
More informationeidas compliant Trust Services with Utimaco HSMs
eidas compliant Trust Services with Utimaco HSMs March 15, 2018 Dieter Bong Product Manager Utimaco HSM Business Unit Aachen, Germany 2018 eidas-compliant Trust Services with Utimaco HSMs Page 1 eidas
More informationSecurity Aspects of Trust Services Providers
Security Aspects of Trust Services Providers Please replace background with image European Union Agency for Network and Information Security 24 th September 2013 www.enisa.europa.eu Today s agenda 09:30-10:00
More information