DIGITALSIGN - CERTIFICADORA DIGITAL, SA.

Similar documents
Disclosure text - PDS (PKI Disclosure Statement) for electronic signature and authentication certificates

CORPME TRUST SERVICE PROVIDER

Certipost e-timestamping. Time-Stamping Authority Policy. Version 1.0. Effective date

TIME STAMP POLICY (TSA)

Trust Services Practice Statement

Time Stamping Policy

CertDigital Certification Services Policy

SSL Certificates Certificate Policy (CP)

Certification Practice Statement

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.10 Effective Date: June 10, 2013

EXBO e-signing Automated for scanned invoices

Apple Inc. Certification Authority Certification Practice Statement. Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA

QUICKSIGN Registration Policy

Apple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

SPECIFIC CERTIFICATION PRACTICES AND POLICY OF

Policy and Practice Statement DigiSign Time-Stamping Authority

IFY e-signing Automated for scanned invoices

LuxTrust Time Stamping V2 Policy

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure

ETSI TR V1.1.1 ( )

CERTIFICATE POLICY CIGNA PKI Certificates

EUROPEAN STANDARD Electronic Signatures and Infrastructures (ESI); Time-stamping protocol and time-stamp token profiles

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations

Volvo Group Certificate Practice Statement

Certification Policy of CERTUM s Certification Services Version 4.0 Effective date: 11 August 2017 Status: archive

Apple Inc. Certification Authority Certification Practice Statement

Apple Inc. Certification Authority Certification Practice Statement

ZETES TSP QUALIFIED CA

Trust Service Provider Technical Best Practices Considering the EU eidas Regulation (910/2014)

ING Public Key Infrastructure Technical Certificate Policy

TeliaSonera Gateway Certificate Policy and Certification Practice Statement

EUROPEAN STANDARD Electronic Signatures and Infrastructures (ESI); Time-stamping protocol and time-stamp profiles

AlphaSSL Certification Practice Statement

ACCV Certification Practice Statement (CPS)

DECISION OF THE EUROPEAN CENTRAL BANK

QuoVadis Trustlink Schweiz AG Teufenerstrasse 11, 9000 St. Gallen

GlobalSign Certification Practice Statement

ACGISS Public Employee Certificates

VeriSign Trust Network European Directive Supplemental Policies

SSL/TSL EV Certificates

ETSI TS V1.1.1 ( )

The Information Technology (Certifying Authority) Regulations, 2001

Certification Practice Statement of CERTUM s Certification Services Version 3.6 Date: 13 of September, 2013 Status: valid

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

OISTE-WISeKey Global Trust Model

DATA PROCESSING TERMS

e-authentication guidelines for esign- Online Electronic Signature Service

Validation Policy r tra is g e R ANF AC MALTA, LTD

CERTIFICATE OF CONFORMITY. The certification body LSTI. declares ALEAT HEADQUARTER : SH.P.K RRUGA: XHANFIZE KEKO - TIRANA-ALBANIA

Test Signature Policy Version 1.0

EVROTRUST TECHNOLOGIES AD

Guidance for Requirements for qualified trust service providers: trustworthy systems and products

CERTIFICATE OF CONFORMITY. The certification body LSTI. declares LUXTRUST SA IVY BUILDING L-8308 CAPELLEN - LUXEMBOURG

Unisys Corporation April 28, 2017

CERTIFICATE OF CONFORMITY. The certification body LSTI. declares BALTSTAMP HEADQUARTER : DARIAUS IR GIRENO STR. 40, LT VILNIUS - LITHUANIA

Electronic signature framework

ING Corporate PKI G3 Internal Certificate Policy

GlobalSign Certification Practice Statement

BE INVEST INTERNATIONAL SA

EVROTRUST TECHNOLOGIES JSC

September OID: Public Document

GDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10

Certificate Policy for Deployment and Operation of European Cooperative Intelligent Transport Systems (C-ITS)

WORKSHOP CWA AGREEMENT November 2001

CERTIFICATE OF CONFORMITY. The certification body LSTI. declares UNIVERSIGN HEADQUARTER: 40 RUE DES ANCIENS ETANGS , FOREST BELGIQUE

Time-Stamping Authority. Policy and Practice Statement. exceet Secure Solutions GmbH

ETSI TS V1.2.1 ( ) Technical Specification

National Identity Exchange Federation. Trustmark Signing Certificate Policy. Version 1.0. Published October 3, 2014 Revised March 30, 2016

Smart Meters Programme Schedule 2.1

ETSI TS V1.3.1 ( )

CEN & ETSI standards & eidas Compliance

thawte Certification Practice Statement Version 3.4

EIDAS-2016 CHAMBERS OF COMMERCE ROOT and GLOBAL CHAMBERSIGN ROOT Version 1.2.3

The Common Controls Framework BY ADOBE

Signe Certification Authority. Certification Policy Degree Certificates

Avira Certification Authority Policy

(1) Jisc (Company Registration Number ) whose registered office is at One Castlepark, Tower Hill, Bristol, BS2 0JA ( JISC ); and

Public Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman

Operational Research Consultants, Inc. (ORC) Access Certificates For Electronic Services (ACES) Certificate Practice Statement Summary. Version 3.3.

ILNAS/PSCQ/Pr004 Qualification of technical assessors

Digi-CPS. Certificate Practice Statement v3.6. Certificate Practice Statement from Digi-Sign Limited.

Certification Practice Statement certsign SSL EV CA Class 3. for SSL EV Certificates. Version 1.0. Date: 31 January 2018

Afilias DNSSEC Practice Statement (DPS) Version

CAEDICOM - Certification Practices Statement Drafted according to specification RFC 3647 and ETSI EN (V1.2.0)

X.509 Certificate Policy for the New Zealand Government PKI RSA Individual - Software Certificates (Medium Assurance)

FOR QTSPs BASED ON STANDARDS

TELIA MOBILE ID CERTIFICATE

Policy for electronic signature based on certificates issued by the hierarchies of. ANF Autoridad de Certificación

TECHNICAL REPORT Electronic Signatures and Infrastructures (ESI); Guidance on the use of standards for cryptographic suites

DirectTrust Governmental Trust Anchor Bundle Standard Operating Procedure

Digital Signatures Act 1

Draft ETSI EN V1.2.0 ( )

OpenADR Alliance Certificate Policy. OpenADR-CP-I

Digi-Sign Certification Services Limited Certification Practice Statement (OID: )

Data Processing Clauses

SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT

Comparison of Electronic Signature between Europe and Japan: Possibiltiy of Mutual Recognition

ETSI ESI and Signature Validation Services

EXPOSURE DRAFT. Based on: CA/Browser Forum. Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates Version 1.1.

Draft ETSI EN V ( )

Transcription:

DIGITALSIGN - CERTIFICADORA DIGITAL, SA. TIMESTAMP POLICY VERSION 1.1 21/12/2017 Page 1 / 18

VERSION HISTORY Date Edition n.º Content 10/04/2013 1.0 Initial drafting 21/12/2017 1.1 Revision AUTHORIZATIONS Created by Approved by LEGAL NOTICE Copyright DigitalSign - Certificadora Digital, SA. All rights reserved. DigitalSign is a registered trademark of DigitalSign - Certificadora Digital, SA. All other brands, trademarks and service marks are the property of their respective owners. It is strictly prohibited the reproduction, total or partial, of the contents of this document without prior written permission issued by DigitalSign. Any question or request for information regarding the content of this document should be directed to suporte@digitalsign.pt. Page 2 / 18

CONTENT 1. Introduction... 5 1.1. Overview... 5 1.2. Document Designation and Identification... 6 2. References... 7 3. Acronyms and Definitions... 8 4. General Concepts... 9 4.1. Timestamping Services... 9 4.2. Timestamp Authority... 9 4.3. Subscriber... 9 4.4. Timestamp Policy and TSA Practice Statement... 9 4.4.1. Purpose... 9 4.4.2. Level of Specificity... 9 4.4.3. Approach... 9 5. Timestamp Policies... 11 5.1. Overview... 11 5.2. Identification... 11 5.3. User Community and Applicability... 11 5.4. Conformance... 11 6. Obligations and Liability... 12 6.1. TSA Obligations... 12 6.1.1. General... 12 6.1.2. TSA Obligations Towards Subscribers... 12 6.2. Subscriber Obligations... 12 6.3. Relying Party Obligations... 13 6.4. Liability... 13 7. Requirements on TSA Practices... 14 7.1. Practice and Disclosure Statements... 14 7.1.1. TSA Practice Statement... 14 7.1.2. TSA Disclosure Statement... 14 7.2. Key Management Life Cycle... 15 7.2.1. Key Generation... 15 7.2.2. Private Key Protection... 15 7.2.3. Public Key Distribution... 15 7.2.4. Key Renewal... 15 7.2.5. Key Destruction... 15 7.2.6. Life Cycle Management of the Cryptographic Module... 15 7.3. Time-Stamping... 16 Page 3 / 18

7.3.1. Timestamp... 16 7.3.2. Clock Synchronization... 16 7.4. TSA Management and Operation... 16 7.4.1. Security Management... 16 7.4.2. Risk Assement... 16 7.4.3. Personnel Security... 16 7.4.4. Physical and Environmental Security... 16 7.4.5. Operations Management... 16 7.4.6. System Access Management... 17 7.4.7. Trusting Environment... 17 7.4.8. Compromise of TSA Services... 17 7.4.9. TSA Termination... 17 7.4.10. Legal Requirements... 17 7.4.11. Audit Records... 17 7.5. Organizational... 18 Page 4 / 18

1. INTRODUCTION The purpose of this document is to define the policy, practices and procedures used in the support to the activities of Time-Stamping by the Certification Authority of DigitalSign- Digital Certification, SA ("EC DIGITALSIGN"). This document is in compliance to the Internet Engineering Task Force (IETF) RFC 3628 for Policy Requirements for Time-Stamping Authorities and may undergo regular updates. 1.1. OVERVIEW EC DIGITALSIGN Time-Stamping service uses public key infrastructure and reliable time sources to provide reliable timestamps and in accordance with patterns globally accepted. This document (Timestamp Policy and TSA Practices Statement) defines the practices and policies used for the operation and management of the Time-Stamping service of EC DIGITALSIGN, so that subscribers and relying parties can assess the confidence level of the operation of this service. The aim of the Time-Stamp service is to provide timestamps used as support for qualified electronic signatures, according to Regulation 910/2014 of the European Parliament and of the Council of 23 July, and other relevant national legislation. Nevertheless, the timestamps can also be used for any other purpose that requires proof that certain data existed at a specific time. Practices for creation, signature and certificate issuance, as well as revocation of invalid certificates carried out by a Certification Authority ("CA") are essential to ensure the reliability and confidence of a Public Key Infrastructure ("PKI"). This document respects and implements the following standards: ETSI TS 102.023: Electronic Signatures and Infrastructures (ESI); Policy requirements for time-stamping authorities RFC 3628: Requirements for Time-Stamping Authorities This Timestamp Policy and TSA Practices Statement and further fixes and / or updates are approved by the Management Group (see 9.17.1. of CPS) Corrections and / or updates shall be published in the form of new versions of this document, replacing any previous version. Page 5 / 18

1.2. DOCUMENT DESIGNATION IDENTIFICATION This document is the Timestamp Policy and TSA Practice Statement of EC DIGITALSIGN and should be read in conjunction with the current version of Certification Practice Statement (CPS) of EC DIGITALSIGN, available for viewing at: https://www.digitalsign.pt/ecdigitalsign/cps. It was not associated any identifying object to this document. This document is identified by the following information: Document Information Version/Edition 1.1 Approval Date 21/12/2017 Expiration Date Location Not applicable https://www.digitalsign.pt/ecdigitalsign/cps Page 6 / 18

2. REFERENCES ETSI TS 101.456: Policy Requirements for Certification Authorities Issuing Qualified Certificates ETSI TS 101.861: Time-stamping Profile ETSI TS 102.023: Electronic Signatures and Infrastructures (ESI); Policy Requirements for Time-stamping Authorities ETSI TS 102.176.1: Algorithms and Parameters for Secure Electronic Signatures; Part 1: Hash Functions and Asymmetric Algorithms CPS: Certificate Practices Statement of EC DIGITALSIGN RFC 3161: Internet X.509 Public Key Infrastructure Time-stamp Protocol (TSP) Page 7 / 18

3. ACRONYMS DEFINITIONS EC/CA EC DIGITALSIGN DPC/CPS PKI OID LCR/CRL ETSI HSM UTC EVC/TSA Certification Authority Certification Authority of DigitalSign Certificadora Digital, SA Certification Practices Statement Public Key Infrastructure Unique number of the object identifier Certificate Revocation List European Telecommunications Standards Institute Hardware Security Module Coordinated Universal Time Time Stamp Authority Page 8 / 18

4. GENERAL CONCEPTS 4.1. TIMESTAMPING SERVICES Timestamping services include the following components: Technical components that issue timestamps; Management, control and monitoring components of timestamping service, including synchronization with reliable UTC time sources. 4.2. TIMESTAMP AUTHORITY Timestamp Authority (TSA) is trusted by its users (ie, subscribers and relying parties) to issue secure timestamps. The EC DIGITALSIGN TSA is responsible for the operation of one or more timestamp services identified in section 4.1 above. 4.3. SUBSCRIBER Subscribers are the end users of timestamps issued by EC DIGITALSIGN TSA. Subscribers can be individuals or organizations (public or private), as well as technological equipment. 4.4. TIMESTAMP POLICY This document should be read in conjunction with the current version of the Certification Practices Statement (CPS) of the EC DIGITALSIGN, available for viewing at: https://www.digitalsign.pt/ecdigitalsign/cps, which regulates the operation of EC DIGITALSIGN and its digital certificate services. 4.4.1. PURPOSE This document specifies the policy and practices statement for the timestamp service provided by EC DIGITALSIGN, in order to meet the safety and reliability requirements described in section 2 of this document. For further details, see section 7.1 of this document. 4.4.2. LEVEL OF SPECIFICITY This document describes the general rules for timestamps issuance and management. A detailed description of the system is compiled into additional restricted documents, available only to authorized personnel and auditors. 4.4.3. APPROACH This policy has been crafted to the general level, without describing any technical details about the IT system and communications, organizational structure and operating and Page 9 / 18

protection procedures. This policy does not define the computing environment in which the service is running. The technical details and operation can be found in the Certification Practice Statement (CPS) of EC DIGITALSIGN, described above. Page 10 / 18

5. TIMESTAMP POLICIES 5.1. OVERVIEW This Timestamp Policy defines a set of processes for creating timestamps, according to ETSI TS 102 023. TSA signs timestamps electronically using private keys that are specifically reserved for this purpose. The timestamps signature private keys are stored in cryptographic device (HSM) dedicated and approved. Each timestamp contains a policy identifier and is issued with an accuracy of 1 second or more. The timestamps are ordered via the Transmission Control Protocol (TCP) or Hypertext Transfer Protocol (HTTP), as specified in RFC 3161. 5.2. IDENTIFICATION The object identifier of the Timestamp Policy is: 1.3.6.1.4.1.25596.2.1.1. This identifier is referenced in all timestamps issued by the TSA of EC DIGITALSIGN, and this policy is available to all subscribers and relying parties. 5.3. USER COMMUNITY APPLICABILITY The community of users for timestamp services of EC DIGITALSIGN includes subscribers and relying parties. All subscribers are automatically considered relying parties. EC DIGITALSIGN can provide public timestamp services. EC DIGITALSIGN does not impose restrictions on the applicability of timestamps, with the exception of the cases referred to in the CPS. 5.4. CONFORMANCE EC DIGITALSIGN references the policy identifier in section 5.2 (Identification) of this document in all timestamps issued to indicate compliance with this policy. EC DIGITALSIGN is subjected to independent external and internal audits, in order to demonstrate that the timestamp service fulfills the obligations defined in section 6.1 (TSA Obligations) and has implemented appropriate controls as described in section 7 (Requirements on TSA Practices). Page 11 / 18

6. OBLIGATIONS LIABILITY This chapter describes the duties, responsibilities and guarantees of the TSA, subscribers and relying parties. 6.1. TSA OBLIGATIONS 6.1.1. GENERAL EC DIGITALSIGN operates the TSA and assumes the responsibility of the requirements described in section 7 (Requirements on TSA Practice) of this document, as well as the provisions of applicable national and European legislation. These duties and responsibilities are regulated by mutual agreements signed between the parties, where the Timestamp Policy and TSA Practices Statement (this document) and Certification Practice Statement (CPS) are integral parts. 6.1.2. TSA OBLIGATIONS TOWARDS SUBSCRIBERS DigitalSign assumes the following obligations towards the subscribers of the timestamp service: o Its timestamp activity is based on certified equipment and software. o It operates in accordance with the Timestamp Policy and TSA Practices Statement (this document) and Certification Practice Statement (CPS), as well as other relevant policies and procedures. o It ensures that the timestamps maintain an accuracy of at least one (1) second relative to UTC. o It undergoes audits and internal and external assessments to ensure compliance with relevant legislation and policies and procedures adopted. o It provides an high-availability access to the systems for obtaining timestamps, except in cases of technical programmed interruptions, loss of time synchronization and other cases described in Section 9.8 (Limitations of Liability of the CA) of the CPS. 6.2. SUBSCRIBER OBLIGATIONS Subscribers must ensure that the timestamps have been properly signed, and check the CRL to confirm that the private key used for signing these timestamps is not compromised. Subscribers must use the standard RFC 3161 to request timestamps. Page 12 / 18

6.3. RELYING PARTY OBLIGATIONS Before trusting a timestamp, relying parties must verify that it was properly signed, as well as check the CRL to confirm that the private key used for signing this timestamp was not compromised. The relying party should take into account possible limitations of using timestamps indicated in this document, as well as the precautions provided in this document and other referenced. During the validity period of the timestamp certificate, the status of its private key can be verified by consulting the CRL. If the timestamp check is performed after the validity period of the certificate, relying parties shall proceed in accordance with the requirements of Annex D of the ETSI TS 102 023. 6.4. LIABILITY DigitalSign is committed to operate the timestamp service in accordance with this Policy and the Certification Practice Statement (CPS), as well as the agreements between the parties. DigitalSign doesn t assume any expressed or implied responsibility or guarantee for (except in cases of agreements) the availability or accuracy of the timestamp service. Page 13 / 18

7. REQUIREMENTS ON TSA PRACTICES The issuance of timestamps, in response to an issuance request, is at the discretion of DigitalSign and depends on the accordance of the subscriber. 7.1. PRACTICE DISCLOSURE STATEMENTS 7.1.1. This Timestamp Policy and TSA Practices Statement establishes the general rules relating to the operation of the TSA. CPS and other internal documents define how DigitalSign meets the technical, organizational and procedural requirements identified in this Timestamp Policy and TSA Practices Statement. Public documents, including this document and the CPS, can be found in DigitalSign repository at: http://www.digitalsign.pt/ecdigitalsign/cps/. Internal documents may be provided only on strictly controlled conditions. EC DIGITALSIGN carries out risk assessments to determine threats and set security controls and required operational procedures. 7.1.2. TSA DISCLOSURE STATEMENT This Timestamp Policy and TSA Practices Statement, along with the CPS, are the publicly available documents, as described in section 7.1.1 of this document. This document shall disclose to all subscribers and relying parties the terms and conditions of timestamp service of DigitalSign. A synthesis of the elements of the TSA Disclosure Statement is presented below: o The timestamp service is operated by EC DIGITALSIGN, and is duly accredited by Autoridade Nacional de Segurança, as legally stipulated. o Contact information are referred in section 1.5.2 of CPS. o Each timestamp issued by EC DIGITALSIGN contains a policy identifier, as described in section 5.2 of this document. o The cryptographic algorithms and key size are used in accordance with ETSI TS 101 861 standards, and are commonly: o hash algorithms accepted in applications: SHA1, SHA256, SHA384, SHA512. o Signature algorithms: sha256withrsaencryption (2048 bit key) o The digital signature on the timestamps shall be valid for ten (10) years. o DigitalSign does not establish other confidence limits beyond the disposed in section 6.3 above. DigitalSign will inform, by appropriate means, subscribers and relying parties in the case of cryptographic algorithms and / or the key sizes used are no longer considered safe. o Subscribers obligations are described in section 6.2 of this document. o Relying parties obligations are described in section 6.3 of this document. o DigitalSign keeps records related to the operation of the timestamp service, in accordance with the provisions of section 5.5 of the CPS. Page 14 / 18

o The DigitalSign may charge fees for the timestamp services 7.2. KEY MANAGEMENT LIFE CYCLE This Timestamp Policy and TSA Practices Statement, along with the CPS, are the publicly available documents, as described in section 7.1.1 of this document. 7.2.1. KEY GENERATION DigitalSign generates the cryptographic keys used for timestamps signature in HSM device, certified according to FIPS 140-2 Level 3, by authorized personnel in a secure physical environment. The algorithms and key size used are described in section 7.1.2 of this document. 7.2.2. PRIVATE KEY PROTECTION DigitalSign adopted specific measures to ensure that private keys used for timestamps signature remain confidential and maintain their integrity. These measures include the use of HSMs certified according to FIPS 140-2 Level 3 or higher. When backup copies of these keys are made, this procedure is performed by authorized personnel, requiring at least a dual custody, and secure physical environment. Any backup is always performed for encrypted file or directly to another cryptographic equipment (HSM). 7.2.3. PUBLIC KEY DISTRIBUTION Digital certificates used by the timestamp service are issued by EC DIGITALSIGN respecting the practices, policies and procedures described in CPS, providing a level of safety equivalent to this timestamp policy. Additional information can be found in section 6.1.4 of CPS. 7.2.4. KEY RENEWAL DigitalSign requires, for this purpose, the creation of a new pair of keys to replace the expiring key pair (technically defined as «re-key», but in this document identified as «renewal»). Keys are renewed before the expiry of its validity period. 7.2.5. KEY DESTRUCTION keys used by the timestamp service are replaced after its expiry. Timestamps are not issued using the expired keys. After its expiry, the private keys are destroyed. 7.2.6. LIFE CYCLE MANAGEMENT OF THE CRYPTOGRAPHIC MODULE DigitalSign adopted specific measures to ensure that cryptographic modules (HSMs) used in non-repudiation services are not violated in the transport or storage. All HSMs are reinitialized before use, by authorized personnel and in a secure physical environment. Page 15 / 18

Whenever an HSM is submitted to technical intervention or disabled, all the keys stored are cleared (zeroisation) according to the manufacturer's instructions. 7.3. TIME-STAMPING 7.3.1. TIMESTAMP In accordance with the protocols referenced in Section 2 of this document, each timestamp includes, but is not limited to: o A representation (hash value) of the data that are validated chronologically according to subscriber s information. o A unique serial number; o A timestamp validation policy identifier; o The time value; o A qualified electronic signature generated by using the private cryptographic key for the exclusive use of the TSA. 7.3.2. CLOCK SYNCHRONIZATION The time used is defined according to the Coordinated Universal Time (UTC) and certified by a national measurement institute, with an uncertainty of less than 100 milliseconds (ms). 7.4. TSA MANAGEMENT OPERATION 7.4.1. SECURITY MANAGEMENT All matters related to the security management are listed in Section 5.2 of CPS. 7.4.2. RISK ASSEMENT To ensure that all the information assets are subjected to an appropriate risk treatment, DigitalSign maintains an inventory of assets, with the corresponding risk ratings, in order to perform a consistent risk analysis. 7.4.3. PERSONNEL SECURITY All matters relating to personnel security management are set out in section 5.3 of CPS. 7.4.4. PHYSICAL ENVIRONMENTAL SECURITY All matters relating to physical and environmental security are set out in section 5.1 of CPS. 7.4.5. OPERATIONS MANAGEMENT EC DIGITALSIGN implements an extensive set of controls in accordance with ETSI TS 102 023, which are part of the internal documentation. Page 16 / 18

EC DIGITALSIGN is submitted to independent external and internal audits, in order to demonstrate that the timestamp service fulfills all obligations laid. Additional information on the management of operations can be found in Section 5 of CPS. 7.4.6. SYSTEM ACCESS MANAGEMENT All matters relating access management to the systems are referred to in sections 5 and 6 of CPS. 7.4.7. TRUSTING ENVIRONMENT Issues related to the trusting environment are listed in Section 6 of CPS. 7.4.8. COMPROMISE OF TSA SERVICES In case of compromised private cryptographic key used in the timestamp service, DigitalSign shall follow the procedures described in section 5.7 of the CPS. This includes the revocation of the appropriate digital certificate and its inclusion in the CRL. In case of loss of clock synchronization, and if this means a loss of accuracy assumed, DigitalSign stops issuing timestamps signature until calibration is again within the defined parameters. In the event that the issuance of time stamps is detected with an accuracy that does not comply with that specified in section 7.3.2, DigitalSign will use commercially reasonable efforts to notify the subscribers and affected third parties affected. 7.4.9. TSA TERMINATION In case of TSA extinction, DigitalSign shall follow the procedures described in section 5.8 of the CPS. This includes at least the information to subscribers, the revocation of the digital certificates used in the timestamp service and the transition of services for a successor CA, ensuring that the entity to which all documentation is transmitted, undertakes its maintenance during the period of time legally required. 7.4.10. LEGAL REQUIREMENTS DigitalSign operates in accordance with the applicable European and Portuguese standards, as well as in strict compliance with the provisions of Chapter 7.4.10 of the ETSI TS 102.023 7.4.11. AUDIT RECORDS The system used by DigitalSign in timestamp service incorporates tools for collection and processing of audit records. Page 17 / 18

7.5. ORGANIZATIONAL The organizational structure, policies, procedures and controls of EC DIGITALSIGN are applied to timestamp service. Page 18 / 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback