European Federated Validation Service Study. Solution Profile Safelayer TrustedX Platform
|
|
- Andrea Poole
- 5 years ago
- Views:
Transcription
1 European Federated Validation Service Study Solution Profile Safelayer TrustedX Platform
2 This report / paper was prepared for the IDABC programme by: Author s name: Indicated in the solution profile below, under contact information Coordinated by: Hans Graux (time.lex), Christian Staffe (Siemens), Eric Meyvis (Siemens) Contract No. 1, Framework contract ENTR/05/58-SECURITY, Specific contract N 14 Disclaimer The views expressed in this document are purely those of the writer and may not, in any circumstances, be interpreted as stating an official position of the European Commission. The European Commission does not guarantee the accuracy of the information included in this study, nor does it accept any responsibility for any use thereof. Reference herein to any specific products, specifications, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favouring by the European Commission. All care has been taken by the author to ensure that s/he has obtained, where necessary, permission to use any parts of manuscripts including illustrations, maps, and graphs, on which intellectual property rights already exist from the titular holder(s) of such rights or from her/his or their legal representative. This paper can be downloaded from the IDABC website: European Communities, 2009 Reproduction is authorised, except for commercial purposes, provided the source is acknowledged. 2
3 Executive summary The European Federated Validation Service (EFVS) Study was initiated by IDABC in order to assess the feasibility of specific measures to ensure the availability of a European scale federated electronic signature verification functionality. As a first step in the EFVS Study, information has been collected on twenty existing solutions that already provide all or some of the functionalities associated with European signature verification functionality, or that could provide valuable insights on how such an EFVS could be organised. This has been done by drafting standardised profiles of the identified solutions, focusing specifically on how each of these solutions (a) determine the validity of signature certificates; (b) verify electronic signatures created using these certificates; and (c) provide specific guarantees to their customers on the outcomes of these processes. The present document contains the solution profile for: the TrustedX platform, a product of Safelayer Secure Communications S.A.. 3
4 Table of Contents EXECUTIVE SUMMARY 3 1 DOCUMENTS APPLICABLE DOCUMENTS REFERENCE DOCUMENTS 5 2 GLOSSARY DEFINITIONS ACRONYMS 8 SOLUTION PROFILE SAFELAYER TRUSTEDX PLATFORM 9 4
5 1 Documents 1.1 Applicable Documents [AD1] Framework Contract ENTR/05/58-SECURITY 1.2 Reference Documents [RD1] [RD2] [RD3] Project Management and Quality Plan (EFVS SC14 PMQP) DIRECTIVE 1999/93/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 13 December 1999 on a Community framework for electronic signatures n.pdf Preliminary Study on Mutual Recognition of esignatures for egovernment applications 5
6 2 Glossary 2.1 Definitions In the course of this report, a number of key notions are frequently referred to. To avoid any ambiguity, the following definitions apply to these notions and should also be used by the correspondents. o Entity: anyone or anything that is characterised through the measurement of its attributes in an eidm system. This includes natural persons, legal persons and associations without legal personality; it includes both nationals and non-nationals of any given country. o eidm system: the organisational and technical infrastructure used for the definition, designation and administration of identity attributes of entities. This Profile will only elaborate on eidm systems that are considered a key part of the national eidm strategy. Decentralised solutions (state/region/province/commune ) can be included in the scope of this Profile if they are considered a key part of the national eidm strategy. o eidm token (or token ): any hardware or software or combination thereof that contains credentials, i.e. information attesting to the integrity of identity attributes. Examples include smart cards/usb sticks/cell phones containing PKI certificates, o Authentication 1 : the corroboration of the claimed identity of an entity and a set of its observed attributes. (i.e. the notion is used as a synonym of entity authentication ). o Authorisation: the process of determining, by evaluation of applicable permissions, whether an authenticated entity is allowed to have access to a particular resource. o Unique identifiers: an attribute or a set of attributes of an entity which uniquely identifies the entity within a certain context. Examples may include national numbers, certificate numbers, etc. o Official registers: data collections held and maintained by public authorities, in which the identity attributes of a clearly defined subset of entities is managed, and to which a particular legal of factual trust is attached (i.e. which are generally assumed to be correct). This includes National Registers, tax registers, company registers, etc. o egovernment application: any interactive public service using electronic means which is offered entirely or partially by or on the authority of a public administration, for the mutual 1 For the purposes of this Profile, the notion of authentication is considered to be synonymous with entity authentication, as opposed to data authentication. The notion of identification should be avoided to avoid confusion. 6
7 benefit of the end user (which may include citizens, legal persons and/or other administrations) and the public administration. Any form of electronic service (including stand-alone software, web applications, and proprietary interfaces offered locally (e.g. at a local office counter using an electronic device)) can be considered an egovernment application, provided that a certain degree of interactivity is included. Interactivity requires that a transaction between the parties must be involved; one-way communication by a public administration (such as the publication of standardised forms on a website) does not suffice. o esignature: data in electronic form which are attached to or logically associated with other electronic data and which serve as a method of authentication with regard to this data. Note that this also includes non-pki solutions. o Advanced electronic signature: an electronic signature which meets the following requirements: (a) it is uniquely linked to the signatory; (b) it is capable of identifying the signatory; (c) it is created using means that the signatory can maintain under his sole control; and (d) it is linked to the data to which it relates in such a manner that any subsequent change of the data is detectable; Again, this definition may cover non-pki solutions. o Qualified electronic signature: advanced electronic signatures which are based on a qualified certificate and which are created by a secure-signature-creation device, as defined in the esignatures Directive 2. o Validation: the corroboration of whether an esignature was valid at the time of signing. 2 See 7
8 2.2 Acronyms A2A... Administration to Administration A2B... Administration to Businesses A2C... Administration to Citizens CA... Certification Authority CRL... Certificate Revocation Lists CSP... Certificate Service Provider eid... Electronic Identity eidm... Electronic Identity Management IAM... Identity and Authentication Management IDM... Identity Management OCSP... Online Certificate Status Protocol OTP... One-Time Password PKCS... Public-Key Cryptography Standards PKI... Public Key Infrastructure SA... Supervision Authority SOAP... Simple Object Access Protocol SCVP... Server-based Certificate Validation Protocol SSCD... Secure Signature Creation Device USB... Universal Serial Bus TTP... Trusted Third Party XAdES... XML Advanced Electronic Signature XML... extensible Markup Language XML-DSIG... XML Digital Signature 8
9 Solution Profile Safelayer TrustedX Platform Name and organisation (Name of the solution and of the organisation managing it) TrustedX platform is a product of Safelayer Secure Communications S.A. Reference (on-line source) (Preferably a link to the relevant website, if available) TrustedX product information: Knowledge, demos and testing Labs: Contact information (Contact info of the person who provided the information) Jordi Buch Safelayer Secure Communications S.A. jbt@safelayer.com /
10 Scope of the solution Services offered (What services does the solution offer to a relying party? This should include most notably the three basic services above validation of certificates, verification of the signature, and ensuring trustworthiness and legal liability but may also cover additional services e.g. semantic services, archiving of documents/signatures, maintenance, time stamping, security/reliability metrics for the security level of the signature and the certificate, Services that are not currently available but which are planned for the future may also be indicated. ) TrustedX is a Trust Development Platform that provides trust and security mechanisms in Service-Oriented Architectures (SOA). In a plethora of existing security and trust domains, TrustedX emerges as the key component for governments and corporations to centrally, policybased, define, deploy and enforce what they exactly trust. TrustedX is designed to: Provide a complete and uniform group of authentication, electronic signature and encryption services, based on and governed by policies. Provide a common web service access, based on OASIS DSS standard, in a data, format and protocol independent fashion, specially, for digital certificate validation, digital signature verification, digital signature creation and digital signature preservation. Provide a common trust and interoperability framework for different external security domains (i.e, for all the recognized CAs, AAs, TSAs and/or VAs). Provide the capacity to define Level of Assurance (LoA) of i) authentication mechanisms, ii) trusted entities (i.e. CAs, AAs, VAs and/or TSAs) and iii) digital signatures, allowing the classification and interpretation of the information trust level. LoA management is based on the well-known OMB/NIST metric from USA, which has also been adopted by IDABC and other initiatives in Europe. Provide a common semantic trust framework for authentication and digital signature. Centrally control event auditing. Incorporate electronic time-stamping and digital signature archive and custody services to guarantee the non repudiation of data. Conform to maximum levels of security awareness and assurance. TrustedX platform is currently being certified Common Criteria EAL 4+. The functions of TrustedX (accessible from the SOAP/WS or REST/WS protocols) are grouped in different services: Authentication and authorization services, to exchange authentication and authorization information between the corporate applications and/or the external security domains. This provides a single sign-on (SSO) mechanism under the OASIS defined standards. Digital certificate validation service, allowing the trust management of multiple CAs and 10
11 providing uniform semantic parsing of certificates. Standard certificate validation and customized mechanisms are also supported. Electronic signature service, that supports most signature formats for electronic documents, s and web messaging. Supported formats include: multiple signatures, signatures with time stamps and long-term signatures (for validating a signature past the expiry date of the digital certificates). The key management service guarantees the secure administration of user/application keystores (on disk or HSM). This administration includes generating and importing keys, generating the certification requests and importing certificates. The auditing and accounting service uniformly and securely centralizes log information (generated by the platform's service components through the consumption of services). The entity and object management service provides a uniform view (in XML format) of the objects and entities managed by the platform. Therefore, the data formats (XML, ASN.1, Text, etc.) and the information sources (LDAP, SQL, files, etc.) used by the platform are completely masked. The integration gateway defines and connects successive XML data transformations (through interacting with platform services). The platform acts then as a trust gateway (between processes, application and networks) integrating applications in a non-intrusive manner. The following service components are also available: The data encryption service provides asymmetric key encryption for protecting electronic documents, s and Web Messaging. This service can also incorporate the key custody function to control access to encrypted data. The archiving and electronic signature custody component protects documents and maintains cryptographic reliability for later verification and retrieval. The archiving functions automatically process electronic signature metadata. Application domain (e.g. sector or application types) (Is the solution usable in any sector or application field (i.e. is it generic in scope), or is it currently limited to a specific sector, application or domain? If it is currently restricted, would it be possible to extend the solution to other sectors, applications or domains? What would need to be changed?) TrustedX is a horizontal and sector independent platform used in large corporations, the administration, insurance and health, defence, banking/finance and certificate services providers (CSPs) or Trusted Third Parties (TTP) that are located in various markets and provide trust services to other entities. TrustedX is suitable for providing security and trust in all application fields (i.e. e-procurement, e-contracting, e-invoicing, e-banking, e-government, e-learning, etc ). CAs covered by the solution (How many CAs are presently covered by the solution, and which ones? Do they include CAs 11
12 established in multiple countries or states?) TrustedX supports any CA that follows ITU-T X.509v3 and certificate profiles specified by IETF and ETSI. Regarding the verification of the status of the digital certificates, ITU-T CRLs, IETF OCSP protocol and customized mechanisms are supported. Interoperability of our technology with global CAs and third party technologies has been extensively proven in different sector implementations, as well as in different R&D and interoperability projects at European and International/Global level. Extensibility of the solution (Can additional CAs be integrated into the solution? If so, are there restrictions? Have such extensions been done in the past yet, or are any extensions currently planned?) By design, TrustedX does not limit the number or any other aspect of CAs, or the semantics or policies of CAs in any way either. TrustedX has a powerful GUI and framework to manage (define, add, edit and remove) CAs, as well as to define trust rules and policies around these CAs. TrustedX integrates off-the-shelf a sophisticated trust manager based on PKI digital certificates, which provides the capacity to define different validation policies and to classify the recognized CAs (providing a level of assurance for each one, together with a labelled description). Business model/cost model of the solution (How is the solution funded? Is it envisaged as a for-profit model? Who pays contributions, and for what type of services? What profits (if any) are made with the services provided by the solution? Upon request of the correspondent, any communicated price information or other commercially sensitive information will not be disclosed.) The product can be licensed at corporate level (to secure information exchange of the company and entities that have a relationship -employees, customers, partners, providers, etc.-), for certificate services providers (to provide electronic signature services and act as a trusted thirdparty for two or more entities) or for governments and administrations to secure the information exchange among agencies and/or citizens. 12
13 Technical approach Validation approach (Does the solution validate signature certificates, electronic signatures based on a hash value of the signed document(s), or signed documents with embedded signatures (attached signatures - enveloping or enveloped signatures detached signatures)? What is the maturity of the solution i.e. can it be classified as a known technical approach, such as a trusted list, bridge, or validation platform?) TrustedX supports electronic signature services as specified in the OASIS Digital Signature Service (DSS) standard, contemplating a series of profiles adapted to the following scenarios: Verification of electronic signatures Generation of electronic signatures Non-repudiation of electronic signatures Archive and custody of electronic signatures Note that TrustedX also incorporates a series of authentication and data protection services, extending the OASIS Digital Signature Service (DSS) specifications through an additional series of profiles (see below). The input data will depend on the format of signature one wants to verify or generate. The data can be the document (or digital certificate) or the document hash. All standardized signature formats and types are supported: (i) attached signatures - enveloping or enveloped signatures detached signatures, (ii) simple signatures, sequential signatures or parallel signatures. Architecture: TrustedX platform consists of a set of service components that handles, among other, a complete set of validation functionality. The validation service components are as follows (some of them are optional): TrustedX Digital Signature Verification. Digital signature verification service (including advanced or long-term digital signatures) regardless of the supplier, or the certificate and signature format verification mechanisms. This service includes signature certificate validation. TrustedX Digital non-repudiation. Advanced digital signature service adding reliable time and revocation information to previously signed documents as a basis for long-term digital signatures, in accordance with ETSI Advanced Electronic Signature (AdES) recommendations. TrustedX Digital Signature Custody. Archiving and custody service for the digital 13
14 signatures of documents that maintains their validity for long periods of time, thus implementing long-term digital signatures. TrustedX Digital Signature. Document digital signature service allowing the generation of standardized signature formats. TrustedX is considered an advanced validation platform that can be used to manage different trust models. As said before, additional service components are included in the platform (some of them are optional). Minimal configuration requirements are needed for TrustedX Authentication & Authorization, Key Management, Entity Profiler and Integration Gateway. The services of the platform can be extended with Digital Encryption and Data Encryption Custody With regard to certificates (How does the validation of certificates work based on OCSP, CRLs, or both? What certificate profiles are supported by the solution?) When validating digital certificates and signatures, TrustedX determines the level of trust of the certificate based on the diagnostic of the underlying certificate chain. This diagnosis is expressed using LoA levels as decimal values (i.e. 0-3) and LoA labels as strings (i.e. Government, Corporative, Finance, etc...), considering the overall strength of a chain is equal to the strength of its weakest link. Thus, applications can avoid any indication of complexity associated with the signature s trust (certificates, CRLs, OCSPs, etc.) and simply and exclusively focus on a decimal value and text string. As said before, TrustedX can be configured to trust any number of CAs, Vas and TSAs, following any structure, whether hierarchical or crossed/federated. It supports standard validation mechanisms based on CRL, OCSP and customised mechanisms (for example, federated validation platforms, a query to a local information service, etc..) and establishes different trust levels for each of the different CAs, VAs or TSAs. Furthermore, TrustedX allows defining different certificate validation policies enabling the management of different groups of recognized CAs and/or the certification policies. TrustedX extends the ITU-T X509v3 certificate validation procedure allowing the complete definition of the semantic parsing of certificates and revocation information. The flexibility of this system enables the provision of information required for the business process, including the data not contained in certificates (for example, in LDAP or external databases), in a uniform way, regardless of the type of certificate (abstracting the applications from any different X.509 profiles peculiarities that are usually present in the various certification service providers). Any semantic information extraction from security objects, namely: certificates, CRLs, OCSP responses and TimeStamp objects, is conducted in XML/XSL from a configuration panel and without the need of programming, updating or upgrading the platforms. For instance, a typical use-case is the extraction of the fiscal identification code from a certificate. For any CA, this code is usually located in a different place in the certificate: any attribute in the subject DN, private extensions, etc. In TrustedX this scenario is very easily handled without a line of code. 14
15 With regard to signatures (What signature formats are supported by the solution - PKCS #7, CMS, XML signatures, PDF signatures, XAdES, CAdES, or others?) The signature formats supported by TrustedX are: Generic XML documents. Supports XML-DSig, XML-Encryption and XAdES (advanced digital signature format standardised by W3C and ETSI). Allows enveloping, embedded or separated signatures including signatures by reference of any node of an XML document. OASIS WS-Security (SOAP message security) is also supported by TrustedX. Documents with generic format. Supports PKCS#7/CMS and CAdES (advanced digital signature format standardised by ETSI). The S/MIME format used to protect s, also supported by TrustedX, is an example of PKCS#7/CMS use. Allows simple and multiple signatures (sequential or parallel), in enveloping or separated signature format. PDF documents. Supports the signature format that is natively embedded in PDF documents (PDF Signature). Support for TS (PAdES) will be included soon. When verifying signatures, the TrustedX certificate policy verification is applied (see previous section for more information). Signature verification/generation is also policy based, being possible to restrict the signature policy, signature type, the cryptographic algorisms, the updating policy (i.e. to incorporate a time stamp or archive format) and to define additional semantics parsing parameters. Interoperability of ETSI signature formats has been tested in different ECOM and ETSI CAdES/XAdES PLUGTEST INTEROP events. Multi-signatures (Is the solution capable of validating multiple signatures on a document? Does it support independent signatures (co-signatures) and/or overall countersignatures?) Based on the type of signature to be verified, the processes performed are as follows: For PKCS #7/CMS and CAdES signatures, simple and multiple signatures (sequential or parallel) are allowed in enveloped or detached signature format. For XML-DSig and XAdES signatures, enveloped, enveloping and detached signatures may be produced, including signatures by reference at any node of an XML document. 15
16 Logging and auditing (Is the use of the solution logged, and if so, to what extent? Do users of the solution have the possibility to perform audits or to gain access to independent auditing reports?) The product incorporates a central logs and audits management system for all the events generated by all the platform s service components. The system log can be extended to external log modules. The TrustedX log information can be accessed by external applications for auditing or monitoring purposes or by its own GUI console. TrustedX integrates of-the-shell an authorization and control access system than enforces authorization policies to any entity/user that access TrustedX services. In particular, the access to auditing information is also controlled by the system and reporting can be tailored as a per user granularity. Restrictions imposed on CAs (What technical requirements are imposed on CAs, e.g. with regard to standards, formats or certificate profiles that they need to adopt? This includes e.g. the inclusion of certain information in signature certificates that is necessary in specific sectors.) There are no restrictions in ITU-T X.509v3 certificate profiles, supporting also the extensions defined by IETF and ETSI for qualified certificates or for proprietary uses. As detailed before, in addition TrustedX provides full semantic processing capabilities of the certificates. Usage of the solution by relying parties (How do relying parties use the solution? Are there software components which they need to integrate into their own systems, is it a web service, etc.) TrustedX has been conceived, designed and implemented as a business component (service) within the SOA architecture. By presenting itself with this philosophy, any business process will take advantage of the security and trust functionalities provided by TrustedX, which can be used either as service provider (request/response) or as Gateway (reception/resending). The following figure shows TrustedX in an SOA architecture: 16
17 The following access interfaces are provided: SOAP/WS: As a direct web service, or for example using AXIS or.net tools and/or manipulating the requests and responses using XPath and XSLT. Support for the OASIS DSS standard is one of its outstanding features. REST/WS, SOAP/WS: Using the integration gateway that enables XML traffic to be processed, delegating in TrustedX the usual data processing capacity (to transform, sign, verify, encipher, decipher, authenticate, authorise, etc.) which will be executed in pipeline to achieve the required data output. TrustedX API: Through an integration API so that applications can use the TrustedX services transparently, using both the Web Services standards and the OASIS DSS standard. Technical flexibility (Given the technical characteristics outlined above, could the technical requirements of the 17
18 solution be changed to increase its flexibility (e.g. by supporting other signature standards, validation methods, certificate profiles, etc...))? TrustedX is one of the most comprehensive security platforms in the market, offering not only a complete support of digital signature functionality, but also authentication and encryption functionality. The product supports most of the standards and has the possibility to incorporate new functionality with new service components. New versions of the product are regularly provided; incorporating new standards versions, new functionality and new service components. Status of the project/actual usage of the solution (What is the status of the project (e.g. in development, prototyped, in production, etc.). What is the actual usage of the solution (e.g. in terms of relying parties adopting the solution to validate electronic signatures) and what are the impacts of its use? How many transactions, how many certificates does it handle?) The first commercial version of TrustedX (version 2.1) was introduced 3Q-2005 into the Spanish market, starting the distribution through a selected set of partners and presenting the solution to strategic Safelayer customers. Currently TrustedX is used in applications for egovernment, ehealth, efinance/einsurance and large corporations, including signature services applications by Certificate Service Providers. Safelayer is the Spanish market leader and has partners across EMEA and LATAM markets. TrustedX platform is a mature solution that is in production by large relying parties since It handles thousands of transactions per day including signature generation and verification for einvoice, eprocurement, protecting messages and documents among corporations, and semantically validating different eids (certificates) issued by multiple CAs, among them, DNIe (Spanish eid), CERES/FNMT for fiscal electronic transactions, etc. TrustedX was laureated with The TeleTrusT Innovation Award 2007, for providing an innovative and trustworthy solution for electronic business connections that achieves real benefit and takes up a pioneering task in the diffusion of applications with integrated security. At present the product is up and running in more that 20 administration, finance and large corporation s projects, in Spain and other countries. As remark, performance of the solution depends mainly on processor capacity, PKI characteristics and type/size of documents. In a 2 x Quad Core (2.66GHz) in a high availability environments the performance is approximately 200 signature/verifications per second for 100KB documents. NOTE. Each transaction includes the time for authentication, authorization, service policy evaluation, service execution and audit logging. 18
19 Legal approach Relationship with the CAs 3 (What requirements does a CA need to meet before being able to accede to the solution? Specifically, which processes and procedures have been foreseen to vet CAs? What kind of agreements are put in place with the CAs, and what are the main issues addressed in these agreements?) The legal requirements that a CA needs to meet must be established by the operator/user of the solution based on TrustedX. From the product perspective, TrustedX allows implementing the required security policies regarding certification validation and digital signature, among others, and offers the possibility to manage the level of trust of each CA, and in general of each trust entity like VAs or TSAs. Relationship with the relying parties (How does a relying party get the right to use the solution? What kind of agreements are put in place in relation with the relying parties, and which services can be offered to the relying parties via these agreements?) From the legal perspective, the relationship with the relying parties has to be established by the operator/user of the solution based on TrustedX. From the technical perspective, TrustedX facilitates the implementation of established agreements, providing a powerful and flexible policy based system. Using the TrustedX policy manager, PKI parameters for each relying party can be fully established. Reliability of the signature certificates (What procedures does the solution put in place to determine the reliability of signature certificates? Are certificate policies checked? Are supervision/accreditation schemes considered? Have specific security criteria been defined, and does the solution support multiple levels of reliability? If so, can the solution distinguish between qualified and nonqualified signature certificates?) 3 Within the EU, the term CA should be taken to mean a certification service provider as defined in article 2.11 of the esignatures Directive (Directive 1999/93/EC) and outside the EU, this means a Certification Authority in the technical sense, i.e. an entity issuing signature certificates to third parties. 19
20 Please, see next section. Legal value of the signatures (Can the solution make a statement on the legal value of signatures? If so, what factors are taken into account? If multiple degrees of validity are supported by the system (i.e. a statement on the reliability of the signature as a whole is provided), then how are these reliability levels defined and communicated to the relying party? Can the solution identify if a signature can be considered a qualified signature (i.e. if it is an advanced electronic signature based on a qualified certificate created by using a secure signature creation device, as defined in the esignatures Directive)? Finally, if the certificate policies contain restrictions on the use of the signatures (e.g. limitation to transactions of a certain amount or exclusion of certain sectors), then are these restrictions taken into account when communicating the legal value of the signature?) TrustedX implements the technical procedures and can be configured to provide the information necessary to declare the validity of the signature of the certificate. The product is not preset to declare the legality of the signatures of signature certificates, it will depend on how it is configured and how it is used by the operator/user of the solution based on TrustedX. As described in previous sections, the trust management is one of the main benefits provided by TrustedX. Once a set of CAs are recognized, policies can be defined to specify the certificate validation mechanism (CRL, OCSP or other), check the certificate policy (i.e. to force qualified certificates), the signature policy or the cryptographic algorithms. Additional controls, like the role of the signer, commitment and places of signature can also be checked. Furthermore, TrustedX will provide applications with the trust information regarding all the CAs, indicating to business processes which the trust level of the certificate or the signature is, and providing labelled information (i.e. qualified certificate). Based on the well-known OMB/NIST LoA levels and now adopted by IDABC and other European initiatives, TrustedX extends this concept to digital signatures in order to classify the perceived trust and reliability of the signatures. TrustedX validation and verification policies can be configured to summarize signature trust and reliability in four levels: level 0, for low assurance, level 1, for intermediate assurance, level 2, for high assurance, and level 3, for very high assurance. For instance, qualified signatures are usually at level 3. Concerning restrictions in certificate policies or any other information included in the certificates, all this data can be configured to be handled by TrustedX and further transferred to the application as additional information concerning the digital signature. However, applications must be aware of the syntax and semantics of this information. Furthermore, TrustedX can resolve the long-term preservation of electronic signatures solving the problem of the loss of evidential information related to the passing of time (evidence that was once valid ceases to be so at a certain time). For this, TrustedX adopts the recommendations of ETSI XAdES/CAdES which are based on ensuring electronic evidences (certificates, CRL or OCSP) using time-stamps. 20
21 Liability of the solution provider (What liability (if any) does the solution provider accept with regard to its services? Specifically, if the signatures rely on qualified certificates as defined under the European esignatures Directive (if this is applicable to the solution), then how does the solution address its liability for providing guarantees to the public in relation to such certificates?) Safelayer only guarantees that the product will work according to technical specifications described in the instructions manuals and under the terms described in the licence agreement. Safelayer also guarantees the product interoperability and assurance through interoperability reports, and Quality and Common Criteria certifications. TrustedX is already being certified CC EAL4+. Quality of service and availability (Does the solution provide any guarantees with regard to the quality of its service (i.e. the reliability of the information it provides) and its availability to relying parties, other than already mentioned above?) In addition to the quarantines outlined in the licence agreement, Safelayer provides support programs contemplating different SLAs. Additionally, Safelayer s VARs could offer his own SLAs. Since Safelayer is the technology providers, the quality and availability must be guaranteed by the operator/user who operates and provides the service, and optionally configures the technology. Independence of the solution (Is the solution fully unaffiliated (legally unrelated) with all of the CAs that are integrated into the solution? If not, then how is trust created towards the relying party for affiliated CAs?) The product is fully unaffiliated with any of the CAs that are integrated into the solution. Compliance with the provisions of the esignatures Directive (Does the solution support signatures from CAs established in countries that are not subjected to the provisions of the esignatures Directive (Directive1999/93/EC)? If so, how are they integrated and how does the solution address their legal value?) Yes, the product accepts any CA provided it fits the ITU-T X.509 v3 standards. It is up to the 21
22 product operator/service provider to decide which CAs are going to be recognized or not. As stated in previous sections, the trust and policy management that the product offers facilitates managing CAs with different legal value. 22
23 Suitability of the solution at the European level Assessment of the solution owner (Does the solution owner feel that the solution could be adapted to operate at the European level not applicable if the solution already functions at the European level?) The product already functions at the European level. Issues to be addressed (Which issues does the solution owner feel would still need to be addressed before the solution could be made to operate at the European level?) TrustedX is currently the most advanced and sophisticated trust manager based on PKI digital certificates. Its powerful use of certificate validation policies enables the configuration of any model of trust based on CAs, VAs and TSAs. Different trust models can also be deployed, following any structure whether hierarchical or crossed/federated. From the technical perspective evolution, among others, new standards like ETSI TSL - TSL Trusted Service List will facilitate the federation of the services and progressively provide more advanced trust services not only at European Level. Possibly, issues that need to be solved for cross-border validations are not technical related. Integration with other validation solutions (Is there any strategy to allow the solution to interoperate with other validation solutions, i.e. can the solution connect to other islands of trust?) Regarding digital signature verification and certificate validation, TrustedX can be configured to interoperate with VAs provided by CAs as well as with global VAs and Validation Platforms. For example, TrustedX has been configured to use Spanish Validation Platforms like or CATCert PSIS. As a conclusion, it is worth to remark that TrustedX has been designed and implemented to connect islands of trust. Market Impacts 23
24 (How could the solution impact or influence the European market?) TrustedX is the answer to the market s urgent demand for a way of dealing with all kind of applications that need validation of several Certification Services Providers applications, such as electronic signature of invoices, etc. Furthermore, new citizen cards and the need to provide a citizen eid will foster this kind of applications. TrustedX favours the e-government and e- Business development through the promotion and ease of use of eid and electronic signature. TrustedX was laureated with The TeleTrusT Innovation Award 2007, for providing an innovative and trustworthy solution for electronic business connections that achieves real benefit and takes up a pioneering task in the diffusion of applications with integrated security. At present the product is up and running in more that 20 administration, finance and large corporation s projects, in Spain and other countries. Any other comments? (The solution owner can provide any other comments that (s)he feels were not adequately covered elsewhere) It is worth to note that TrustedX is provided as a COTS solution that is shipped in an appliance format (either physical o virtual). As a 100% SOA solution, it is easily integrated in the corporate, governmental or administrative business processes, and can be scaled at any level by simply adding any number of units. In short, Safelayer releases to the public a simple, modular, easy-to-use, secure, interoperable, scalable, and powerful functional unit that mask all the complexities that can make PKI and esignatures to success. 24
European Federated Validation Service Study. Solution Profile VPS/Governikus Signing/Verification modules
European Federated Validation Service Study Solution Profile VPS/Governikus Signing/Verification modules This report / paper was prepared for the IDABC programme by: Author s name: Indicated in the solution
More informationDigital Signatures: How Close Is Europe to Truly Interoperable Solutions?
Digital Signatures: How Close Is Europe to Truly Interoperable Solutions? Konstantinos Rantos Kavala Institute of Technology, Kavala GR-65404, Greece krantos@teikav.edu.gr Abstract. Digital signatures
More informationEXBO e-signing Automated for scanned invoices
EXBO e-signing Automated for scanned invoices Signature Policy Document OID: 0.3.2062.7.2.1.12.1.0 Approval Status: Approved Version: 1.0 Page #: 1 of 13 1. Introduction 1.1. Scope This document covers
More informationKeyOne. Certification Authority
Certification Description KeyOne public key infrastructure (PKI) solution component that provides certification authority (CA) functions. KeyOne CA provides: Public key infrastructure deployment for governments,
More informationETSI ESI and Signature Validation Services
ETSI ESI and Signature Validation Services Presented by: Andrea Röck For: Universign and ETSI STF 524 expert 24.10.2018 CA day ETSI 2018 Agenda Update on standardisation under eidas Signature validation
More informationDigital Certificates. PKI and other TTPs. 3.3
Digital Certificates. PKI and other TTPs. 3.3 1 Certification-service providers Spanish Law 59/03 Art. 2.2 or Directive 1999/93/EC Art. 2.11: Certification-service providers means an entity or a legal
More informationElectronic signature framework
R E P U B L I C O F S E R B I A Negotation Team for the Accession of Republic of Serbia to the European Union Working Group for Chapter 10 Information society and media Electronic signature framework Contents
More informationEuropean Commission s proposal for a Regulation on Electronic identification and trust services for electronic transactions in the EU internal market
European Commission s proposal for a Regulation on Electronic identification and trust services for electronic transactions in the EU internal market Gérard GALLER Policy Officer European Commission -
More information@firma, Validation Platform for PKIs
@firma, Validation Platform for PKIs Miguel Álvarez Rodríguez Ministry of Public Administration of Spain Brussels, 13 th November 2008 Current national scenario on eid PKI digital certificates are the
More informationGateway Certification Authority pilot project
Results of the IDABC Bridge / Gateway Certification Authority pilot project Gzim Ocakoglu Commission Enterprise and Industry Directorate General ITAPA Congress Bratislava, 22 November 2005 1 Outline Introduction
More informationETSI TC ESI WORK ON ELECTRONIC REGISTERED DELIVERY SERVICES AND REGISTERED ELECTRONIC MAIL
ETSI TC ESI WORK ON ELECTRONIC REGISTERED DELIVERY SERVICES AND REGISTERED ELECTRONIC MAIL Luca Boldrin, Juan Carlos Cruellas, Santino Foti, Paloma Llaneza, Kornél Réti Agenda STF 523 concept and context
More informationeidas Regulation (EU) 910/2014 eidas implementation State of Play
eidas Regulation (EU) 910/2014 eidas implementation State of Play CA-Day 19 September 2016 Elena Alampi DG CONNECT, European Commission elena.alampi@ec.europa.eu eidas The Regulation in a nutshell 2 MAIN
More informationDIGITALSIGN - CERTIFICADORA DIGITAL, SA.
DIGITALSIGN - CERTIFICADORA DIGITAL, SA. TIMESTAMP POLICY VERSION 1.1 21/12/2017 Page 1 / 18 VERSION HISTORY Date Edition n.º Content 10/04/2013 1.0 Initial drafting 21/12/2017 1.1 Revision AUTHORIZATIONS
More informationPublic Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman
Public Key Infrastructure PKI National Digital Certification Center Information Technology Authority Sultanate of Oman Agenda Objectives PKI Features etrust Components Government eservices Oman National
More informationSSL/TSL EV Certificates
SSL/TSL EV Certificates CA/Browser Forum Exploratory seminar on e-signatures for e-business in the South Mediterranean region 11-12 November 2013, Amman, Jordan Moudrick DADASHOW CEO, Skaitmeninio Sertifikavimo
More informationDesign & Manage Persistent URIs
Training Module 2.3 OPEN DATA SUPPORT Design & Manage Persistent URIs PwC firms help organisations and individuals create the value they re looking for. We re a network of firms in 158 countries with close
More informationPolicy for electronic signature based on certificates issued by the hierarchies of. ANF Autoridad de Certificación
Registro Nacional de Asociaciones. Número 171.443. CIF G-63287510 Policy for electronic signature based on certificates issued by the hierarchies of Paseo de la Castellana,79-28046 - Madrid (Spain) Telephone:
More informationeid Interoperability for PEGS Report on interoperable eid Management technical solutions
Report on interoperable eid Management technical solutions This report / paper was prepared for the IDABC programme by: Author s name: Jarkko Majava, Siemens; Andrea Biasiol, Siemens; Anthony van der Maren,
More informationWP doc5 - Test Programme
European Commission DG Enterprise IDA PKI European IDA Bridge and Gateway CA Pilot Certipost n.v./s.a. Muntcentrum 1 B-1000 Brussels Disclaimer Belgium p. 1 / 29 Disclaimer The views expressed in this
More informationDirectTrust Governmental Trust Anchor Bundle Standard Operating Procedure
DirectTrust Governmental Trust Anchor Bundle Standard Operating Procedure Change Control Date Version Description of changes 15-December- 2016 1-December- 2016 17-March- 2016 4-February- 2016 3-February-
More informationIFY e-signing Automated for scanned invoices
IFY e-signing Automated for scanned invoices Signature Policy Document OID: 0.3.2062.7.2.1.13.1.0 Approval Status: Approved Version: 1.0 Page #: 1 of 13 1. Introduction 1.1. Scope This document covers
More informationETSI TR V1.1.1 ( )
TR 119 400 V1.1.1 (2016-03) TECHNICAL REPORT Electronic Signatures and Infrastructures (ESI); Guidance on the use of standards for trust service providers supporting digital signatures and related services
More informationOverview & Specification
Electronic Signature Overview & Specification Version: 1.0 Author: Qatar Public Key Infrastructure Section Document Classification: PUBLIC Published Date: May 2018 Version: 1.0 Page 1 of 31 Document Information
More informationIdentity and capability management and federation
Identity and capability management and federation The need to manage identities - 1 Increment of digital identity complexity Password, dynamic password, one-time password, based on portable secure devices
More informationMUTUAL RECOGNITION MECHANISMS. Tahseen Ahmad Khan
MUTUAL RECOGNITION MECHANISMS Tahseen Ahmad Khan TABLE OF CONTENTS Background: Why Mutual Recognition is important? Electronic Data and its inherent nature Scope of mutual recognition, need to go beyond
More informationeidas Regulation in the context of Cybersecurity: Electronic seals and website certificates: Two sides of a (gold) medal?
eidas Regulation in the context of Cybersecurity: Electronic seals and website certificates: Two sides of a (gold) medal? public 1 AGENDA 1. eidas Strategic View 2. Website Certificates 3. Electronic Seals
More informationETSI Electronic Signatures and Infrastructures (ESI) TC
ETSI Electronic Signatures and Infrastructures (ESI) TC Presented by Andrea Caccia, ETSI/ESI liaison to ISO SC27 ( a.caccia @ kworks.it ) ETSI 2011. All rights reserved ETSI TC ESI - Electronic Signatures
More informationTest Signature Policy Version 1.0
Test Signature Policy Version 1.0 This document describes the policy requirements for the creation of test signatures. 04-10-2018 Name COMPL_POL_TestSignaturePolicy OID 1.3.6.1.4.1.49274.1.1.5.1.0 Applicable
More informationWebinar: federated interoperability solutions on Joinup how to maximize the value delivered?
Webinar: federated interoperability solutions on Joinup how to maximize the value delivered? Framework Contract DI/07171 Lot 2 ISA Action 4.2.4: European Federated Interoperability Repository 12 May 2015
More informationDisclosure text - PDS (PKI Disclosure Statement) for electronic signature and authentication certificates
Disclosure text - PDS (PKI Disclosure Statement) for electronic signature and authentication certificates Index INDEX... 2 1. DISCLOSURE TEXT APPLICABLE TO NATURAL PERSON CERTIFICATES ISSUED ON QSCD...
More informationSignCloud. Remote Digital Signature System
SignCloud Remote Digital Signature System All the information in this document is CONFIDENTIAL and can t be used entirely or in part without a written permission from Bit4id SRL. Contents 1. Executive
More informationETSI TS V1.1.1 ( )
TS 119 142-3 V1.1.1 (2016-12) TECHNICAL SPECIFICATION Electronic Signatures and Infrastructures (ESI); PAdES digital signatures; Part 3: PAdES Document Time-stamp digital signatures (PAdES-DTS) 2 TS 119
More informationeid Interoperability for PEGS Common specifications for eid interoperability in the egovernment context
Common specifications for eid interoperability in the egovernment context This report / paper was prepared for the IDABC programme by: Author s name: Jarkko Majava, Siemens; Hans Graux, Timelex Company
More informationSC27 WG4 Mission. Security controls and services
copyright ISO/IEC JTC 1/SC 27, 2012. This is an SC27 public document and is distributed as is for the sole purpose of awareness and promotion of SC 27 standards and so the text is not to be used for commercial
More informationUPDATE ON CEN & ETSI STANDARDISATION ON SIGNATURES
UPDATE ON CEN & ETSI STANDARDISATION ON SIGNATURES Workshop eidas Trust Services: 6 months on after the switch-over 19 December 2016 Riccardo Genghini, TC ESI chairman Topics eidas Standards Status ETSI
More informationTrust Services for Electronic Transactions
Trust Services for Electronic Transactions ROUMEN TRIFONOV Faculty of Computer Systems and Control Technical University of Sofia 8 st. Kliment Ohridski bul., 1000 Sofia BULGARIA r_trifonov@tu-sofia.bg
More informationesignature Infrastructure Marketing Model
www.peppol.eu esignature Infrastructure Marketing Model esignature Long Demo Objectives of PEPPOL esignature The overall objective of PEPPOL esignature is to provide cross European interoperability of
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 9594-8 Fifth edition 2005-12-15 Information technology Open Systems Interconnection The Directory: Publickey and attribute certificate frameworks Technologies de l'information
More informationDECISION OF THE EUROPEAN CENTRAL BANK
L 74/30 Official Journal of the European Union 16.3.2013 DECISIONS DECISION OF THE EUROPEAN CENTRAL BANK of 11 January 2013 laying down the framework for a public key infrastructure for the European System
More informationeidas Interoperability Architecture Version November 2015
eidas Interoperability Architecture Version 1.00 6. November 2015 1 Introduction This document specifies the interoperability components of the eidas-network, i.e. the components necessary to achieve interoperability
More informationComparison of Electronic Signature between Europe and Japan: Possibiltiy of Mutual Recognition
Comparison of Electronic Signature between Europe and Japan: Possibiltiy of Mutual Recognition 1 Soshi Hamaguchi, 1 Toshiyuki Kinoshita, 2 Satoru Tezuka 1 Tokyo University of Technology, Tokyo, Japan,
More informationETSI TS V1.2.1 ( ) Technical Specification
TS 102 778-3 V1.2.1 (2010-07) Technical Specification Electronic Signatures and Infrastructures (ESI); PDF Advanced Electronic Signature Profiles; Part 3: PAdES Enhanced - PAdES-BES and PAdES-EPES Profiles
More informationInformation technology Security techniques Telebiometric authentication framework using biometric hardware security module
INTERNATIONAL STANDARD ISO/IEC 17922 First edition 2017-09 Information technology Security techniques Telebiometric authentication framework using biometric hardware security module Technologies de l information
More informationAxway Validation Authority Suite
Axway Validation Authority Suite PKI safeguards for secure applications Around the world, banks, healthcare organizations, governments, and defense agencies rely on public key infrastructures (PKIs) to
More informationTechnical Trust Policy
Technical Trust Policy Version 1.2 Last Updated: May 20, 2016 Introduction Carequality creates a community of trusted exchange partners who rely on each organization s adherence to the terms of the Carequality
More informationETSI TS V1.2.2 ( )
TS 101 733 V1.2.2 (2000-12) Technical Specification Electronic signature formats 2 TS 101 733 V1.2.2 (2000-12) Reference DTS/SEC-004001 Keywords IP, electronic signature, security 650 Route des Lucioles
More informationTECHNICAL REPORT Electronic Signatures and Infrastructures (ESI); Guidance on the use of standards for cryptographic suites
TR 119 300 V1.2.1 (2016-03) TECHNICAL REPORT Electronic Signatures and Infrastructures (ESI); Guidance on the use of standards for cryptographic suites 2 TR 119 300 V1.2.1 (2016-03) Reference RTR/ESI-0019300v121
More informationDigital signatures: How it s done in PDF
Digital signatures: How it s done in PDF Agenda Why do we need digital signatures? Basic concepts applied to PDF Digital signatures and document workflow Long term validation Why do we need digital signatures?
More informationTIME STAMP POLICY (TSA)
TIME STAMP POLICY (TSA) Reference: IZENPE-DPTSA Version Num.: v 1.1 Date: 20 Feb 2018 IZENPE This document is owned by IZENPE. It may only be wholly reproduced Table of Contents Content 1 Introduction
More informationCertDigital Certification Services Policy
CertDigital Certification Services Policy Page: 2 ISSUED BY : DEPARTAMENT NAME DATE ELECTRONIC SERVICES COMPARTMENT COMPARTMENT CHIEF 19.03.2011 APPROVED BY : DEPARTMENT NAME DATE MANAGEMENT OF POLICIES
More informationCertification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure
Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure 1.0 INTRODUCTION 1.1 Overview The Federal Reserve Banks operate a public key infrastructure (PKI) that manages
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 15945 First edition 2002-02-01 Information technology Security techniques Specification of TTP services to support the application of digital signatures Technologies de l'information
More informationNational Identity Exchange Federation. Terminology Reference. Version 1.0
National Identity Exchange Federation Terminology Reference Version 1.0 August 18, 2014 Table of Contents 1. INTRODUCTION AND PURPOSE... 2 2. REFERENCES... 2 3. BASIC NIEF TERMS AND DEFINITIONS... 5 4.
More informationXolido Sign Desktop. Xolido Sign Desktop. V2.2.1.X User manual XOLIDO. electronic signature, notifications and secure delivery of documents
Xolido Sign Desktop Xolido Sign Desktop V2.2.1.X XOLIDO electronic signature, notifications and secure delivery of documents Xolido Systems, S.A. C/ Pío del Río Hortega, 8 2ª Planta, Oficina 7 47014 Valladolid
More informationETSI ES V1.1.3 ( )
ES 201 733 V1.1.3 (2000-05) Standard Electronic Signature Formats 2 ES 201 733 V1.1.3 (2000-05) Reference DES/SEC-003007-1 Keywords IP, electronic signature, security 650 Route des Lucioles F-06921 Sophia
More informationeidas-compliant signing of PDF
PDF Days Europe 2018 eidas-compliant signing of PDF Technical implications of eidas conformance in PDF processing Bernd Wild intarsys AG, Member of the Board of A Presentation 2018 by!11 72% of EU individuals
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 9594-8 Sixth edition 2008-12-15 Information technology Open Systems Interconnection The Directory: Publickey and attribute certificate frameworks Technologies de l'information
More informationNIS Standardisation ENISA view
NIS Standardisation ENISA view Dr. Steve Purser Brussels, 19 th September 2017 European Union Agency for Network and Information Security Instruments For Improving Cybersecurity Policy makers have a number
More informationElectronic Seal Administrator Guide Published:December 27, 2017
Electronic Seal Administrator Guide Published:December 27, 2017 Copyright Version 4.25.2.3 Copyright 2003-2018 DocuSign, Inc. All rights reserved. For information about DocuSign trademarks, copyrights
More informationResolution of comments on Drafts ETSI EN to ETSI EN May 2014
Resolution of comments on Drafts ETSI EN 319 142-1 to ETSI EN 319 142-7 31 May 2014 PAdES Foreword: Please note that the following disposition of comments is provided to the light of the current context
More informationSSL Certificates Certificate Policy (CP)
SSL Certificates Last Revision Date: February 26, 2015 Version 1.0 Revisions Version Date Description of changes Author s Name Draft 17 Jan 2011 Initial Release (Draft) Ivo Vitorino 1.0 26 Feb 2015 Full
More informationSafelayer's Adaptive Authentication: Increased security through context information
1 Safelayer's Adaptive Authentication: Increased security through context information The password continues to be the most widely used credential, although awareness is growing that it provides insufficient
More informationCORPME TRUST SERVICE PROVIDER
CORPME TRUST SERVICE PROVIDER QUALIFIED CERTIFICATE OF ADMINISTRATIVE POSITION USE LICENSE In..,.. 20... Mr/Mrs/Ms/Miss.........., with DNI/NIF/National Passport nº., e-mail........., phone number....,
More informationIAS2. Electronic signatures & electronic seals Up-dates - feedbacks from :
IAS2 Study to support the implementation of a pan-european framework on electronic identification and trust services for electronic transactions in the internal market Electronic signatures & electronic
More informationXML based Business Frameworks. - II- Description grid for XML frameworks
1 / 14 XML based Business Frameworks - II- Description grid for XML frameworks 2 / 14 Document administration Reference Version State Exploitation Sender 20030905.D2.2.XML-BBF.1 2.1 A.Rizk Written by Checked
More informationCybersecurity. Quality. security LED-Modul. basis. Comments by the electrical industry on the EU Cybersecurity Act. manufacturer s declaration
Statement Comments by the electrical industry on the EU Cybersecurity Act manufacturer s declaration industrial security Cybersecurity Quality basis security LED-Modul Statement P January 2018 German Electrical
More informationGuidance for Requirements for qualified trust service providers: trustworthy systems and products
Guidance for Requirements for qualified trust service providers: trustworthy systems and products Note on using the guidance: examples are used throughout they are not normative or exclusive, but there
More informationETSI TS V1.5.1 ( )
TS 101 733 V1.5.1 (2003-12) Technical Specification Electronic Signatures and Infrastructures (ESI); Electronic Signature Formats 2 TS 101 733 V1.5.1 (2003-12) Reference RTS/ESI-000017 Keywords electronic
More informationISO/IEC TR Information technology Security techniques Guidelines for the use and management of Trusted Third Party services
This is a preview - click here to buy the full publication TECHNICAL REPORT ISO/IEC TR 14516 First edition 2002-06-15 Information technology Security techniques Guidelines for the use and management of
More informationDigital Signatures Act 1
Issuer: Riigikogu Type: act In force from: 01.07.2014 In force until: 25.10.2016 Translation published: 08.07.2014 Digital Signatures Act 1 Amended by the following acts Passed 08.03.2000 RT I 2000, 26,
More informationEstablishing Trust Across International Communities
Establishing Trust Across International Communities 6 Feb 2013 info@federatedbusiness.org www.federatedbusiness.org Proprietary - British Business Federation Authority 1 Strategic Drivers - Industry 1.
More informationSERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Secure applications and services Security protocols
I n t e r n a t i o n a l T e l e c o m m u n i c a t i o n U n i o n ITU-T X.1159 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (11/2014) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY
More informationCERTIFICATE POLICY CIGNA PKI Certificates
CERTIFICATE POLICY CIGNA PKI Certificates Version: 1.1 Effective Date: August 7, 2001 a Copyright 2001 CIGNA 1. Introduction...3 1.1 Important Note for Relying Parties... 3 1.2 Policy Identification...
More informationEUROPEAN STANDARD Electronic Signatures and Infrastructures (ESI); Time-stamping protocol and time-stamp token profiles
Final draft EN 319 422 V1.1.0 (2015-12) EUROPEAN STANDARD Electronic Signatures and Infrastructures (ESI); Time-stamping protocol and time-stamp token profiles 2 Final draft EN 319 422 V1.1.0 (2015-12)
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 9594-8 Fourth edition 2001-08-01 Information technology Open Systems Interconnection The Directory: Public-key and attribute certificate frameworks Technologies de l'information
More informationstandards and so the text is not to be used for commercial purposes, gain or as a source of profit. Any changes to the slides or incorporation in
ISO/IEC JTC 1/SC 27/WG 4 IT Security Controls and Services M. De Soete, ISO/IEC JTC 1 SC27 Vice Chair copyright ISO/IEC JTC 1/SC 27, 2014. This is an SC27 public document and is distributed as is for the
More informationDraft ETSI EN V1.0.0 ( )
Draft EN 319 522-4-3 V1.0.0 (2018-05) Electronic Signatures and Infrastructures (ESI); Electronic Registered Delivery Services; Part 4: Bindings; Sub-part 3: Capability/requirements bindings 2 Draft EN
More informationQUICKSIGN Registration Policy
QUICKSIGN Registration Policy Amendment to DOCUSIGN FRANCE s Certificate Policy for using the QUICKSIGN platform as a registration service to identify Subscribers September 27, 2016 QUICKSIGN_Registration_Policy_V1.0
More informationPKI-An Operational Perspective. NANOG 38 ARIN XVIII October 10, 2006
PKI-An Operational Perspective NANOG 38 ARIN XVIII October 10, 2006 Briefing Contents PKI Usage Benefits Constituency Acceptance Specific Discussion of Requirements Certificate Policy Certificate Policy
More informationApple Inc. Certification Authority Certification Practice Statement
Apple Inc. Certification Authority Certification Practice Statement Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA Apple Application Integration - G3 Sub-CA Version 6.2 Effective
More informationDraft EN V0.0.3 ( )
EUROPEAN STANDARD Electronic Signatures and Infrastructures (ESI); CMS Advanced Electronic Signatures (CAdES); Part 2: Baseline Profile STABLE DRAFT FOR PUBLIC REVIEW UNTIL 15 JANUARY 2014 Download the
More informatione-sign and TimeStamping
e-sign and TimeStamping Dr. Balaji Rajendran Centre for Development of Advanced Computing (C-DAC) Bangalore Under the Aegis of Controller of Certifying Authorities (CCA) Government of India 1 Recent Developments:
More informationISO INTERNATIONAL STANDARD. Road vehicles Extended data link security. Véhicules routiers Sécurité étendue de liaison de données
INTERNATIONAL STANDARD ISO 15764 First edition 2004-08-15 Road vehicles Extended data link security Véhicules routiers Sécurité étendue de liaison de données Reference number ISO 15764:2004(E) ISO 2004
More informationETSI TS V1.3.1 ( )
TS 101 733 V1.3.1 (2002-02) Technical Specification Electronic signature formats 2 TS 101 733 V1.3.1 (2002-02) Reference RTS/SEC-004009 Keywords IP, electronic signature, security 650 Route des Lucioles
More informationPRINCIPLES AND FUNCTIONAL REQUIREMENTS
INTERNATIONAL COUNCIL ON ARCHIVES PRINCIPLES AND FUNCTIONAL REQUIREMENTS FOR RECORDS IN ELECTRONIC OFFICE ENVIRONMENTS RECORDKEEPING REQUIREMENTS FOR BUSINESS SYSTEMS THAT DO NOT MANAGE RECORDS OCTOBER
More informationInteroperable Qualified Certificate Profiles
Study on Cross-Border Interoperability esignatures of (CROBIES) Interoperable Qualified Certificate Profiles A report to the European Commission from SEALED, time.lex and Siemens Disclaimer The views expressed
More informationIntroduction to AWS GoldBase
Introduction to AWS GoldBase A Solution to Automate Security, Compliance, and Governance in AWS October 2015 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document
More information5. The technology risk evaluation need only be updated when significant changes or upgrades to systems are implemented.
Annex to the Financial Services Businesses Handbook Using Technology in the Customer Due Diligence Process A.1. Technology Risk Evaluation 1. A financial services business must, prior to deciding whether
More informationeid Interoperability for PEGS WS-Federation
eid Interoperability for PEGS WS-Federation Workshop Brussels 10 May 2007 Agenda 1 Scope 2 Category 3 Approach and description 4 Relevance for eid Interoperability 5 Pro s and Con s 6 Relationship with
More informationeidas compliant Trust Services with Utimaco HSMs
eidas compliant Trust Services with Utimaco HSMs March 15, 2018 Dieter Bong Product Manager Utimaco HSM Business Unit Aachen, Germany 2018 eidas-compliant Trust Services with Utimaco HSMs Page 1 eidas
More informationApple Inc. Certification Authority Certification Practice Statement
Apple Inc. Certification Authority Certification Practice Statement Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA Apple Application Integration - G3 Sub-CA Version 6.3 Effective
More informationDraft ETSI EN V ( )
Draft EN 319 412-2 V2.0.15 (2015-06) EUROPEAN STANDARD Electronic Signatures and Infrastructures (ESI); Certificate Profiles; Part 2: Certificate profile for certificates issued to natural persons 2 Draft
More informationThe Open Application Platform for Secure Elements.
The Open Application Platform for Secure Elements. Java Card enables secure elements, such as smart cards and other tamper-resistant security chips, to host applications, called applets, which employ Java
More informationUELMA Exploring Authentication Options Nov 4, 2011
UELMA Exploring Authentication Options Nov 4, 2011 A U T H E N T I C A T I O N M E T H O D S P R E L I M I N A R Y R E P O R T B R A D L E E C H A N G X C E N T I A L G R O U P B R A D @ X C E N T I A
More informationSecurity Aspects of Trust Services Providers
Security Aspects of Trust Services Providers Please replace background with image European Union Agency for Network and Information Security 24 th September 2013 www.enisa.europa.eu Today s agenda 09:30-10:00
More informationPAA PKI Mutual Recognition Framework. Copyright PAA, All Rights Reserved 1
PAA PKI Mutual Recognition Framework Copyright PAA, 2009. All Rights Reserved 1 Agenda Overview of the Framework Components of the Framework How It Works Other Considerations Questions and Answers Copyright
More informationhidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION
HID ActivOne USER FRIENDLY STRONG AUTHENTICATION We understand IT security is one of the TOUGHEST business challenges today. HID Global is your trusted partner in the fight against data breach due to misused
More informationFOR QTSPs BASED ON STANDARDS
THE EU CYBER SECURITY AGENCY FOR QTSPs BASED ON STANDARDS Technical guidelines on trust services DECEMBER 2017 About ENISA The European Union Agency for Network and Information Security (ENISA) is a centre
More informationEU e-signature standardisation mandate m460
EU e-signature standardisation mandate m460 A Rationalised Framework for Electronic Signature Standardisation Prof. Riccardo Genghini CEN-ETSI Coordination Group Chairman ETSI-ESI Chairman ETSI 2013. All
More information1. Publishable Summary
1. Publishable Summary 1.1Project objectives and context Identity management (IdM) has emerged as a promising technology to distribute identity information across security domains. In e-business scenarios,
More information