CEN & ETSI standards & eidas Compliance

Similar documents
ETSI ESI and Signature Validation Services

UPDATE ON CEN & ETSI STANDARDISATION ON SIGNATURES

Guidance for Requirements for qualified trust service providers: trustworthy systems and products

Technical guidelines implementing eidas

Utimaco eidas Update. June Thorsten Groetker CTO. Utimaco HSM Business Unit Aachen, Germany 2017 Utimaco eidas Update, June 2017 Page 1

Protection Profiles for Signing Devices

Spanish Information Technology Security Evaluation and Certification Scheme

SSL/TSL EV Certificates

ILNAS/PSCQ/Pr004 Qualification of technical assessors

ETSI European CA DAY TRUST SERVICE PROVIDER (TSP) CONFORMITY ASSESSMENT FRAMEWORK. Presented by Nick Pope, ETSI STF 427 Leader

FOR QTSPs BASED ON STANDARDS

ETSI Electronic Signatures and Infrastructures (ESI) TC

ETSI TC ESI WORK ON ELECTRONIC REGISTERED DELIVERY SERVICES AND REGISTERED ELECTRONIC MAIL

eidas Workshop Return on Experience from Conformity Assessment Bodies - EY June 13, 2016 Contacts: Arvid Vermote

Cosmos POFESSIONALS OF SAFETY ENGINEERING

Sándor Szőke, Dr. Microsec Ltd. Migration of national PKI Services to eidas conformant Trust Services case study in Hungary

Session 1. esignature and eseal validation landscape. Presented by Sylvie Lacroix esignature and eseal validation workshop, Jan

eidas Regulation (EU) 910/2014 eidas implementation State of Play

Trust Services Practice Statement

ARTICLE 29 DATA PROTECTION WORKING PARTY

DIGITALSIGN - CERTIFICADORA DIGITAL, SA.

eidas compliant Trust Services with Utimaco HSMs

Protection profiles for TSP Cryptographic modules - Part 5

Comparison of Electronic Signature between Europe and Japan: Possibiltiy of Mutual Recognition

European Commission s proposal for a Regulation on Electronic identification and trust services for electronic transactions in the EU internal market

Disclosure text - PDS (PKI Disclosure Statement) for electronic signature and authentication certificates

ETSI TR V1.1.1 ( )

Guidelines 4/2018 on the accreditation of certification bodies under Article 43 of the General Data Protection Regulation (2016/679)

CERTIFICATE OF CONFORMITY. The certification body LSTI. declares BALTSTAMP HEADQUARTER : DARIAUS IR GIRENO STR. 40, LT VILNIUS - LITHUANIA

Krajowa Izba Rozliczeniowa S.A.

Certificate. Certificate number: Certified by EY CertifyPoint since: July 10, 2018

CERTIFICATE OF CONFORMITY. The certification body LSTI. declares E-TUGRA

CERTIFICATE OF CONFORMITY. The certification body LSTI. declares ALEAT HEADQUARTER : SH.P.K RRUGA: XHANFIZE KEKO - TIRANA-ALBANIA

EU e-signature standardisation mandate m460

Test Signature Policy Version 1.0

EVROTRUST TECHNOLOGIES AD

CERTIFICATE OF CONFORMITY. The certification body LSTI. declares UNIVERSIGN HEADQUARTER: 40 RUE DES ANCIENS ETANGS , FOREST BELGIQUE

eias Study on an electronic identification, authentication and signature policy SUPERVISION Presentation on status

Electronic signature framework

EVROTRUST TECHNOLOGIES JSC

BRITISH TELECOMMUNICATIONS PLC

BE INVEST INTERNATIONAL SA

Security Aspects of Trust Services Providers

IAS2. Electronic signatures & electronic seals Up-dates - feedbacks from :

ETSI STF 412 AUDIT GUIDELINES FOR EVC (24 TH JAN 2012)

Audit Attestation for CERTSIGN

AGENCE NATIONALE DE LA CERTIFICATION ELECTRONIQUE

Krajowa Izba Rozliczeniowa S.A.

CORPME- COLEGIO DE REGISTRADORES DE LA PROPIEDAD, MERCANTILES Y DE BIENES MUEBLES DE ESPAÑA

Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation 2016/679

CERTIFICATE OF CONFORMITY. The certification body LSTI. declares LUXTRUST SA IVY BUILDING L-8308 CAPELLEN - LUXEMBOURG

Key Lifecycle Security Requirements. Version 1.0.2

Internet copy. EasyGo security policy. Annex 1.3 to Joint Venture Agreement Toll Service Provider Agreement

EXBO e-signing Automated for scanned invoices

ZETES TSP QUALIFIED CA

Electronic and digital signatures in Adobe Sign for government.

eidas Regulation eid and assurance levels Outcome of eias study

Electronic registered delivery services (ERDS) in light of the eidas regulation. Warsaw Common Sign Conference 2015

ON THE PROVISION OF CERTIFICATES FOR WEBSITE AUTHENTICATION BY BORICA AD

PKI Credentialing Handbook

EUROPEAN STANDARD Electronic Signatures and Infrastructures (ESI); Time-stamping protocol and time-stamp token profiles

The appendix to the certificate is part of the certificate and consists of 3 pages.

POLICY ON THE PROVISION OF QUALIFIED CERTIFICATES FOR ADVANCED ELECTRONIC SIGNATURE/SEAL BY BORICA AD. (B-Trust QCP-eIDAS АES/АESeal) Version 1.

eidas Regulation in the context of Cybersecurity: Electronic seals and website certificates: Two sides of a (gold) medal?

e-authentication guidelines for esign- Online Electronic Signature Service

APPROVAL PROCESS TO BE FOLLOWED FOR PROVISIONAL ACCREDITATION OF CBs UNDER FM CERTIFICATION SCHEME

SPECIFIC CERTIFICATION PRACTICES AND POLICY OF

Identity Documents Personalisation Centre. Conformity Assessment Report: Conformity Certificate and Summary. T-Systems

The appendix to the certificate is part of the certificate and consists of 3 pages.

Internet copy. DSRC Key Management. Annex 2.5 to Joint Venture Agreement Toll Service Provider Agreement

Release Notes for the Time Stamp Server TM Software

Mandate to CEN, CENELEC and ETSI for Standardisation in the field of electric motors

AUDITOR / LEAD AUDITOR PHARMACEUTICAL AND MEDICAL DEVICE INDUSTRY

Time Stamping Policy

COMMON CRITERIA CERTIFICATION REPORT

TIME STAMP POLICY (TSA)

Electronic Commerce Working Group report

The appendix to the certificate is part of the certificate and consists of 4 pages.

EUROPEAN STANDARD Electronic Signatures and Infrastructures (ESI); Time-stamping protocol and time-stamp profiles

Krajowa Izba Rozliczeniowa S.A.

DECISION OF THE EUROPEAN CENTRAL BANK

EU Policy Management Authority for Grid Authentication in e-science Charter Version 1.1. EU Grid PMA Charter

PAA PKI Mutual Recognition Framework. Copyright PAA, All Rights Reserved 1

Audit Attestation for AGENCE NATIONALE DE LA CERTIFICATION ELECTRONIQUE

Public Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman

CORPME TRUST SERVICE PROVIDER

NavCert GmbH ecall Days 2016 Hamburg Martin Grzebellus NavCert 1

Trust Service Provider Technical Best Practices Considering the EU eidas Regulation (910/2014)

Internet Engineering Task Force (IETF) Category: Standards Track ISSN: March 2010

Standardization mandate addressed to CEN, CENELEC and ETSI in the field of Information Society Standardization

Microsoft Authenticode

EU Passport Specification

TECHNICAL REPORT Electronic Signatures and Infrastructures (ESI); Guidance on the use of standards for cryptographic suites

WORKSHOP CWA AGREEMENT November 2001

Certification Policy for Legal Representatives of Entities without Legal Personality. Certificate Profile

Digital signatures: How it s done in PDF

ISO27001:2013 The New Standard Revised Edition

ENISA s Position on the NIS Directive

IFY e-signing Automated for scanned invoices

Conformity Assessment Report: Conformity Certificate and Summary. T-Systems Trust Service Provider: Connect Solutions

Transcription:

CEN & ETSI standards & eidas Compliance Nick Pope - Thales Vice Chair, ETSI TC Electronic Signature & Infrastructures Jan Ulrik Kjærsgaard Cryptomathic Editor CEN EN 419 241-2 (Remote Signing) eidas and centralised electronic signatures transforming digitisation London, 14th September, 2016 www.thales-esecurity.com www.cryptomathic.com

Agenda eidas Regulation & Standards eidas compliance requirements for signatures Difference compliance levels and forms of signature eidas Standards Framework Standards for Remote (centralised server) Signing 2

eidas Levels of Compliance Electronic Signature : Electronic Signature Anything which is used to sign Advanced Electronic Signature Electronic Signature with sole control properties such as provided by public key technology TSP can offer what is considered current good practice but takes on liability Qualified Electronic Signature Advanced Electronic Signature which meets specific technical & security requirements as specified in the regulation Supervisory authority confirms that TSP meets regulatory requirements (can be demonstrated using recognised standards 3

eidas Levels of Compliance Electronic Seal: Electronic Seal Anything which is used to ensure the origin and integrity of data. Advanced Electronic Seal Electronic Seal with control properties i.e. Signing key controlled by organisation rather than individual Qualified Electronic Seal Advanced Electronic Seal which meets specific technical & security requirements equivalent to electronic signature (mutatis mutandis). 4

Elements of eidas Advanced Electronic Signature * * Mutatis mutandis seals Signature (Seal) Creation Device e.g. Software key or smart card Signature Cryptographic Value Trust Service Provider (public Key) Certificate TSP chooses own practices But is liable unless can show good practices Advanced Electronic Signature (Seal) 5

Elements of eidas Qualified Electronic Signature * * Mutatis mutandis seals Qualified Signature Creation Device Certified against eidas requirements & Standards Signature Cryptographic Value Qualified Trust Service Provider Audited against eidas requirements (public Key) Certificate Qualified Electronic Signature 6

eidas Conformance Requirements for Qualified Electronic Signatures * Article 27: Electronic Signature Format * Mutatis mutandis seals Member states shall recognise advanced and qualified electronic signature formatted as specified in implementing acts Article 20: Qualified Trust Service Providers (TSPs) Qualified TSPs shall be audited every 24 months to demonstrate that they fulfil eidas requirements eidas Standards are guidance only - eidas standards provide a clear means of demonstrating that eidas requirements are fulfilled - EU member states may add their own guidance Article 30: Qualified Signature Creation Device (QSCD) Shall used QSCD as per standards as specified in implementing acts If no recognised EU standards available QSCD can be evaluated by national body using comparable security levels 7

8 eidas Standards Framework

eidas Standards Framework Advanced e-signature / e-seal Formats Implementing Decision 2015/1506 9

eidas Standards Framework Trust Services supporting signatures National Guidelines 10

eidas Standards Framework Trust Services supporting signatures Implementing decision 2016/650 11

Implementing Decision 2016/650 on Qualified Signature / Seal Creation Devices Reference made to: Common Criteria evaluation standards EN 419 211 Protection Profiles for QSCD mainly applied to smart cards For HSMs used by TSPs mentions other certification schemes are generally used Preference for Common Criteria certified HSMs over FIPS 140-2 Standard based on Common criteria (EN 419 221-5) nearing approval May be accepted as Qualified Signature / Seal device For Remote (centralised server) signing repeats statement from eidas regulation that in the absence of standards QSCD can be evaluated by national body using comparable security levels Expect upcoming standard (EN 419 241) to be recognised Devices certified by nations under Directive accepted 12

13 Basic idea: Remote/Central/Cloud Signing

Sole Control Requirements eidas Annex II, section 1.d: The private key can only be used by the owner. CEN TC 224 WG 17 Signature Activation Protocol (SAP) Signature Activation Data linking: - User identification - Document to be signed (hash) - Signature key identifier 14

EN 419 241 QSCD: HSM + SAM Signature Activation Module Checks the SAD: - User is authenticated - The hash - Key identifier Uses a CM for signature operation TS 419 241-1 Security Requirement for Trustworthy Systems Supporting Server Signing PP 419 241-2 QSCD for Server Signing PP 419 221-5 Cryptographic Module for Trust Services Server Signing 15

Important Standards Certified SAM SAM shall be certified to CEN PP EN 419 241-2 Draft PP written by Cryptomathic, planned for evaluation Q1 2017. Sets requriement on environment: - Certified HSM - Audited TW4S Certified HSM HSM certifed CEN PP EN 419 221-5 SAM can be implemented as an extension (SEE) to Thales nshield product Audited TW4S TW4S is audited against CEN EN 419 241 Or interim standard TS 419-241 16

Conclusions Standards nearing completion for Remote Signing The Cryptomathic solution, running on Thales nshield HSM, is already aligned with the draft standards Expecting remote standards to be adopted in revision to implementing act Number of countries accepting remote signing solutions pending agreement of standards Obtaining copies of standards: For free download of ETSI standards: http://www.etsi.org/standards-search For CEN standards access national standards organisation 17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback