ETSI ESI and Signature Validation Services

Similar documents
UPDATE ON CEN & ETSI STANDARDISATION ON SIGNATURES

ETSI TC ESI WORK ON ELECTRONIC REGISTERED DELIVERY SERVICES AND REGISTERED ELECTRONIC MAIL

ETSI Electronic Signatures and Infrastructures (ESI) TC

ETSI European CA DAY TRUST SERVICE PROVIDER (TSP) CONFORMITY ASSESSMENT FRAMEWORK. Presented by Nick Pope, ETSI STF 427 Leader

SSL/TSL EV Certificates

Session 1. esignature and eseal validation landscape. Presented by Sylvie Lacroix esignature and eseal validation workshop, Jan

CEN & ETSI standards & eidas Compliance

EU e-signature standardisation mandate m460

eidas Workshop Return on Experience from Conformity Assessment Bodies - EY June 13, 2016 Contacts: Arvid Vermote

ETSI TR V1.1.1 ( )

FOR QTSPs BASED ON STANDARDS

The current status of Esi TC and the future of electronic signatures

Utimaco eidas Update. June Thorsten Groetker CTO. Utimaco HSM Business Unit Aachen, Germany 2017 Utimaco eidas Update, June 2017 Page 1

ILNAS/PSCQ/Pr004 Qualification of technical assessors

Technical guidelines implementing eidas

IAS2. Electronic signatures & electronic seals Up-dates - feedbacks from :

eidas compliant Trust Services with Utimaco HSMs

CERTIFICATE OF CONFORMITY. The certification body LSTI. declares BALTSTAMP HEADQUARTER : DARIAUS IR GIRENO STR. 40, LT VILNIUS - LITHUANIA

CERTIFICATE OF CONFORMITY. The certification body LSTI. declares UNIVERSIGN HEADQUARTER: 40 RUE DES ANCIENS ETANGS , FOREST BELGIQUE

ETSI ESI Electronic Signature Activities

Guidance for Requirements for qualified trust service providers: trustworthy systems and products

Sándor Szőke, Dr. Microsec Ltd. Migration of national PKI Services to eidas conformant Trust Services case study in Hungary

Electronic registered delivery services (ERDS) in light of the eidas regulation. Warsaw Common Sign Conference 2015

ETSI STF 412 AUDIT GUIDELINES FOR EVC (24 TH JAN 2012)

CERTIFICATE OF CONFORMITY. The certification body LSTI. declares LUXTRUST SA IVY BUILDING L-8308 CAPELLEN - LUXEMBOURG

Audit Attestation for CERTSIGN

European Commission s proposal for a Regulation on Electronic identification and trust services for electronic transactions in the EU internal market

EVROTRUST TECHNOLOGIES JSC

CERTIFICATE OF CONFORMITY. The certification body LSTI. declares ALEAT HEADQUARTER : SH.P.K RRUGA: XHANFIZE KEKO - TIRANA-ALBANIA

Comparison of Electronic Signature between Europe and Japan: Possibiltiy of Mutual Recognition

eidas Regulation (EU) 910/2014 eidas implementation State of Play

eias Study on an electronic identification, authentication and signature policy SUPERVISION Presentation on status

PSD2/EIDAS DEMONSTRATIONS

TECHNICAL REPORT Electronic Signatures and Infrastructures (ESI); Guidance on the use of standards for cryptographic suites

CERTIFICATE OF CONFORMITY. The certification body LSTI. declares E-TUGRA

Resolution of comments on Drafts ETSI EN to ETSI EN May 2014

EVROTRUST TECHNOLOGIES AD

eidas-compliant signing of PDF

BE INVEST INTERNATIONAL SA

Test Signature Policy Version 1.0

CORPME- COLEGIO DE REGISTRADORES DE LA PROPIEDAD, MERCANTILES Y DE BIENES MUEBLES DE ESPAÑA

BRITISH TELECOMMUNICATIONS PLC

EUROPEAN STANDARD Electronic Signatures and Infrastructures (ESI); Certificate Profiles; Part 5: QCStatements

Draft ETSI EN V1.2.0 ( )

DIGITALSIGN - CERTIFICADORA DIGITAL, SA.

Identity Documents Personalisation Centre. Conformity Assessment Report: Conformity Certificate and Summary. T-Systems

Draft EN V0.0.3 ( )

Countdown to eidas. Date: 19/04/2016 Auteur: CTIE Révision: 1.0 Ref: EIDAS_CTIE_4 Page 1

Policy for electronic signature based on certificates issued by the hierarchies of. ANF Autoridad de Certificación

eidas Regulation eid and assurance levels Outcome of eias study

Trust Service Provider Technical Best Practices Considering the EU eidas Regulation (910/2014)

Qualified Validation Policy

EIDAS-2016 CHAMBERS OF COMMERCE ROOT and GLOBAL CHAMBERSIGN ROOT Version 1.2.3

EUROPEAN STANDARD Electronic Signatures and Infrastructures (ESI); PAdES digital signatures; Part 2: Additional PAdES signatures profiles

Protection Profiles for Signing Devices

ETSI TS V1.1.1 ( )

SIGNATURE VALIDATION POLICY AND SIGNATURE VALIDATION PRACTICE STATEMENT OF B-TRUST QUALIFIED VALIDATION SERVICE PROVIDED BY BORICA AD.

Digital Signatures: How Close Is Europe to Truly Interoperable Solutions?

AGENCE NATIONALE DE LA CERTIFICATION ELECTRONIQUE

EXBO e-signing Automated for scanned invoices

Draft ETSI TS V0.0.3 ( )

Cosmos POFESSIONALS OF SAFETY ENGINEERING

ETSI TS V1.1.1 ( )

Krajowa Izba Rozliczeniowa S.A.

EUROPEAN STANDARD Electronic Signatures and Infrastructures (ESI); Time-stamping protocol and time-stamp token profiles

IFY e-signing Automated for scanned invoices

Electronic signature framework

QUALIFYING ATTESTATION LETTER

Overview & Specification

Electronic and digital signatures in Adobe Sign for government.

QUALIFYING ATTESTATION LETTER

Protection profiles for TSP Cryptographic modules - Part 5

Draft ETSI EN V1.0.0 ( )

PAA PKI Mutual Recognition Framework. Copyright PAA, All Rights Reserved 1

Spanish Information Technology Security Evaluation and Certification Scheme

The appendix to the certificate is part of the certificate and consists of 4 pages.

Krajowa Izba Rozliczeniowa S.A.

ETSI TS V1.8.3 ( ) Technical Specification. Electronic Signatures and Infrastructures (ESI); CMS Advanced Electronic Signatures (CAdES)

EUROPEAN STANDARD Electronic Signatures and Infrastructures (ESI); Time-stamping protocol and time-stamp profiles

eidas Regulation in the context of Cybersecurity: Electronic seals and website certificates: Two sides of a (gold) medal?

Audit Attestation for AGENCE NATIONALE DE LA CERTIFICATION ELECTRONIQUE

Digital signatures: How it s done in PDF

Trust Services Practice Statement

May English version. General guidelines for electronic signature verification

WORKSHOP CWA AGREEMENT November 2001

PSD2 Data for eidas Certificates

COOPERATIVE ITS SECURITY STANDARDIZATION AND ACTIVITIES ON EUROPEAN C ITS TRUST MODEL AND POLICY

Draft. Electronic Signatures and Infrastructures (ESI); Protocols for remote digital signature creation STABLE DRAFT

ETSI TS V1.5.1 ( )

Electronic Seal Administrator Guide Published:December 27, 2017

TS SIGNATURE VALIDATION REPORT

Electronic Commerce Working Group report

Disclosure text - PDS (PKI Disclosure Statement) for electronic signature and authentication certificates

Digitalisation and electronic signatures

INSTRUCTION FOR OPERATION WITH DESKTOP SIGNER

ON THE PROVISION OF CERTIFICATES FOR WEBSITE AUTHENTICATION BY BORICA AD

ISO/IEC INTERNATIONAL STANDARD

DECISION OF THE EUROPEAN CENTRAL BANK

ZETES TSP QUALIFIED CA

Transcription:

ETSI ESI and Signature Validation Services Presented by: Andrea Röck For: Universign and ETSI STF 524 expert 24.10.2018 CA day ETSI 2018

Agenda Update on standardisation under eidas Signature validation service ETSI 2018 2

ETSI 2018 Update on standardisation under eidas

eidas Standards Framework: Published Standards Trust services for: Issuing certificates Time Stamping Signature creation services Signature validation services AdES creation & validation Part 1: procedures Part 2: signature validation report x19 4xx TSPs supporting digital signatures 119 6xx Trust service status lists x19 1xx Signature Creation & Validation x19 5xx Trust application service providers List of approved QTSPs & services supervised by National Bodies Trust services for: Registered edelivery / email Long term preservation Formats: XAdES (XML) CAdES (CMS) PAdES (PDF) ASiC (containers) CC Protection Profiles QSCD - Smart Cards HSM used as QSCD HSM used by TSPs Remote QSCD 419 2xx Signing Devices 119 0xx General Framework 119 3xx Signature suites Cryptographic suites - Hash - Asymmetric crypto - Key generation - Lifetime Standards framework Common definitions Guides ETSI 2018 4

Updates to CA Policy Requirements: EN 319 411-1/2 Each individual requirement clearly identified & mapped to a specific component New TR 119 411-4 : unified checklist for all CPs (Certificate Policy) ETSI policies acknowledged by, and incorporating major requirements of, CA/B forum CA Browser Forum s BRG v1.4.2 CA Browser Forum s EVCG V.1.6.1 used for EVCP Several detailed clarifications OCSP & CRL: Mandatory to have at least 1 of OCSP or CRL, OCSP recommended Support for long term validation (beyond certificate expiry) EN 319 411-1 v1.2.2, EN 319 411-2 v 2.2.2, TR 119 411-4 published in May 2018 ETSI 2018 5

Qualified Certificates under PSD2 ETSI joint work with ECB ERPB PIS WG / Open Banking Europe To fulfil need from Commission Delegated Regulation (EU) 2018/389: Qualified Certificate profiles PSD2 Qualified Website Authentication Certificates PSD2 Qualified Seal Certificates CA Policy Requirements for PSD2 Qualified Certificate Requirements for validation of PSD2 specific attributes Revocation of PSD2 certificate due to change in PSD2 attribute status Involves interaction with National (Financial) Competent Authority Published as TS 119 495 in May 2018 Update taking into account input from European Banking Authority under final review expected publication November ETSI 2018 6

Remote Signing CEN Standards for Trustworthy Systems CEN standards for remote signing systems: EN 419 241-1: General System Requirements pren 419 241-2: Protection Profile for QSCD for Server Signing EN 419 221-5: Cryptographic Module Authentication can be delegated to an Identity Provider outside QSCD Timescale: EN 419 241-1: Approved awaiting publication EN 419 241-2: Technically Approved under Common Criteria awaiting final CEN approval and publication EN 419 221-5: Approved and published ETSI 2018 7

Remote signing ETSI Signature Creation Protocols & TSP Component Policy Requirements Standards being developed: TS 119 431-1: Policy and Security Requirements for TSP Service Components Operating a Remote QSCD / SCD TS 119 431-2: Policy and Security Requirements for TSP Service Components Supporting AdES Digital Signature Creation TS 119 432: Protocols for Remote Digital Signature Creation Timescale TS 119 431-1 and TS 119 431-2 publication Nov 2018 TS 119 432 depends on OASIS DSS-X and CSC 1.0, publication Jan 2019 ETSI 2018 8

Scope of Remote Signing Standards EN 419241-1 EN 419241-2 (qualified only) Tamper Protected Environment Signer Interaction Component Server Signing Application Signature Activation Module Crypto. Module TS 119 432 (protocol) TSP Service Component operating remote QSCD / SCD EN 419221-5 TS 119 431 (policy requirements) Delegated Authentication Registration Certificate Issuance Revocation Managem t ETSI 2018 9

Electronic Registered Delivery and Registered Electronic Mail Published standards: ETSI EN 319 522: Electronic Registered Delivery Services ETSI EN 319 532: Registered Electronic Mail (REM) Services (Supersedes ETSI TS 102 640) Standards for approval (on ENAP European Standard Approval Procedure): ETSI EN 319 521: Policy and Security Requirements for Electronic Registered Delivery Service Providers ETSI EN 319 531: Policy and Security Requirements for Registered Electronic Mail Service Providers Standards under development ETSI TS 119 524 / ETSI TS 119 524 Testing Conformance and Interoperability for edelivery/rem ETSI TR 119 500 Business Driven Guidance for Trust Application Service Providers Timescale: ENs & TS & TR published: End February 2019 ETSI 2018 10

Long-Term (Signature) Preservation Work started: TS 119 511 Policy and security requirements for trust service providers providing longterm preservation of digital signatures or general data using digital signature techniques TS 119 512 Protocols for trust service providers providing long-term data preservation services Timescale: Stable draft for review end of 2018 Publication: Beginning of 2019 ETSI 2018 11

Using Trusted Lists Standards under development TS 119 615 on the use of information within a Trusted List by relying parties, how to process a trusted list in order to obtain information about a QTSP and QTS(s) it provides Building blocks for validating a qualified signature/seal (see also upcoming TS 119 172-4) To link trusted list information to evidences produced by some types of trust services: validation service, preservation service, electronic registered delivery services Complements TS 119 612 Timescale: Target publication: Beginning 2019 ETSI 2018 12

Supplements to EN 319 403 TSP Audit Requirements TS 119 403-2: Part 2: Additional requirements for Conformity Assessment Bodies auditing Trust Service Providers that issue Publicly-Trusted Certificates (e.g. as in CA/Browser Forum) Annual audit (versus bi-annually for eidas) Audit covers period of time since last audit Audit attestation requirements fitting web browser requirements Published: https://www.etsi.org/standards-search#search=ts119403-2 Draft TS 119 403-3: Additional Requirements for CABs Assessing QTSPs against the eidas Regulation Requirements Auditor capabilities to carry out audits under eidas Required details included in conformity assessment reporttimescale: Timescale: Publication January 2019 ETSI 2018 13

Machine-processable signature policy formats Machine-processable signature policy formats TS 119 172-2: XML format for signature policies TS 119 172-3: ASN.1 format for signature policies Timescale: Drafts for public review: June 2019 Published: End November 2019 Global acceptance of European Trust Services Study report on Global Acceptance of EU Trust Services Analysis of international, regional and sector specific communities adopting Public Key Infrastructure technology International co-hosted workshops: Target regions; Japan, North America, South America, Africa ETSI 2018 14

ETSI 2018 Signature Validation Service

ETSI STF 524 Standards for eidas trust services including electronic signatures trust services for validation Started in 2016 Three documents TS 119 102-2: Validation Report TS 119 441: Policy Requirements for TSPs Providing Signature Validation Services TS 119 442: Protocol for Signature Validation Services Workshop 10/01/2018 ETSI 2018 16

ETSI TS 119 102-2: Validation Report Published: https://www.etsi.org/standards-search#search=ts119102-2 Preparation of update correcting small XML scheme errors No longer relies on OASIS (based on feedback from workshop and on TB ESI assessment) To be used by validation service but also outside of a service ETSI 2018 17

ETSI TS 119 441: Policy Requirements for TSPs Providing Signature Validation Services Published: https://www.etsi.org/standards-search#search=ts119441 Based on ETSI EN 319 401 General part EU independent Normative annex for requirements for qualified validation service for qualified electronic signatures/seals Informative mapping to eidas requirements Checklist for self-assessment or independent conformity assessment Clarifies relation between signature validation policy: set of (technical) validation constraints signature applicability rules: requirements for determination of whether a signature is fit for a particular business or legal purpose ETSI 2018 18

ETSI TS 119 442: Protocol for Signature Validation Services Protocol features: Supports both XML and JSON exchanges Aligned with OASIS DSS V2.0 Supports validation, augmentation and augmentation with validation Timescale Publication: January 2019 (delayed to align with OASIS DSS v2 publication) ETSI 2018 19

Related documents Validation plugtest Planned for Q2 2019 ETSI TS 119 102-1 AdES digital signatures creation and validation Updated version published August 2018 to be aligned to work of STF EN approval procedure only after plugtest ETSI TS 119 172-4 Signature Validation Policy for European Qualified Electronic Signatures/Seals Using Trusted Lists Timescale: Publication March 2019 ETSI 2018 20

Conclusions Information on available standards and current activities: https://portal.etsi.org/tbsitemap/esi/esiactivities.aspx ETSI standards: available for free download http://www.etsi.org/standards-search CEN standards: available through National Standards Organisations Updates on standardisation: https://list.etsi.org/scripts/wa.exe?subed1=e-signatures_news&a=1 STF 524 on validation: https://portal.etsi.org/stf/stfs/stfhomepages/stf524 ETSI 2018 21

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback