Digital Signatures: How Close Is Europe to Truly Interoperable Solutions?

Similar documents
Electronic signature framework

ETSI Electronic Signatures and Infrastructures (ESI) TC

ETSI ESI Electronic Signature Activities

ETSI ESI and Signature Validation Services

EXBO e-signing Automated for scanned invoices

Interoperable Qualified Certificate Profiles

European Commission s proposal for a Regulation on Electronic identification and trust services for electronic transactions in the EU internal market

Gateway Certification Authority pilot project

EU e-signature standardisation mandate m460

The current status of Esi TC and the future of electronic signatures

Trust Services for Electronic Transactions

TECHNICAL REPORT Electronic Signatures and Infrastructures (ESI); Guidance on the use of standards for cryptographic suites

ETSI TR V1.1.1 ( )

Digital Certificates. PKI and other TTPs. 3.3

UPDATE ON CEN & ETSI STANDARDISATION ON SIGNATURES

SSL/TSL EV Certificates

Overview & Specification

IFY e-signing Automated for scanned invoices

NIS Standardisation ENISA view

esignature Infrastructure Marketing Model

Digital signatures: How it s done in PDF

SAT for eid [EIRA extension]

eidas Regulation eid and assurance levels Outcome of eias study

DECISION OF THE EUROPEAN CENTRAL BANK

ehealth action in the EU

VdTÜV Statement on the Communication from the EU Commission A Digital Single Market Strategy for Europe

IAS2. Electronic signatures & electronic seals Up-dates - feedbacks from :

Comparison of Electronic Signature between Europe and Japan: Possibiltiy of Mutual Recognition

FOR QTSPs BASED ON STANDARDS

CEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''

ehealth Network Recommendations on Country Guide for ehealth NCP implementation

May English version. General guidelines for electronic signature verification

@firma, Validation Platform for PKIs

Electronic Signature Format. ECOM Interoperability Plug Test 2005

ETSI TS V1.2.1 ( ) Technical Specification

ETSI TS V1.8.3 ( ) Technical Specification. Electronic Signatures and Infrastructures (ESI); CMS Advanced Electronic Signatures (CAdES)

eidas Regulation (EU) 910/2014 eidas implementation State of Play

Policy for electronic signature based on certificates issued by the hierarchies of. ANF Autoridad de Certificación

ETSI TC ESI WORK ON ELECTRONIC REGISTERED DELIVERY SERVICES AND REGISTERED ELECTRONIC MAIL

WORKSHOP CWA AGREEMENT November 2001

DIGITALSIGN - CERTIFICADORA DIGITAL, SA.

Directive on security of network and information systems (NIS): State of Play

MINIMAL-FOOTPRINT MIDDLEWARE FOR THE CREATION OF QUALIFIED SIGNATURES

Sándor Szőke, Dr. Microsec Ltd. Migration of national PKI Services to eidas conformant Trust Services case study in Hungary

Utimaco eidas Update. June Thorsten Groetker CTO. Utimaco HSM Business Unit Aachen, Germany 2017 Utimaco eidas Update, June 2017 Page 1

Draft EN V0.0.3 ( )

Public Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman

ETSI European CA DAY TRUST SERVICE PROVIDER (TSP) CONFORMITY ASSESSMENT FRAMEWORK. Presented by Nick Pope, ETSI STF 427 Leader

EDTA, itext and INBATEK Conference. Bangkok, July 27, 2017

European Federated Validation Service Study. Solution Profile Safelayer TrustedX Platform

Cybersecurity. Quality. security LED-Modul. basis. Comments by the electrical industry on the EU Cybersecurity Act. manufacturer s declaration

ILNAS/PSCQ/Pr004 Qualification of technical assessors

eidas Interoperability Architecture Version November 2015

Protection Profiles for Signing Devices

1. Document Information. 2. Related documents / References. 3. Version control

Certification Authority in Praxis. Security Aspects.

EPC e-mandates e-operating Model. Detailed Specification

ETSI TS V1.5.1 ( )

Internet copy. EasyGo security policy. Annex 1.3 to Joint Venture Agreement Toll Service Provider Agreement

European Framework for C-ITS Security 6 th of March 2018 Gerhard Menzel European Commission

DirectTrust Governmental Trust Anchor Bundle Standard Operating Procedure

ETSI TS V1.2.2 ( )

Approaching the Challenge of eid Interoperability: An Austrian Perspective

EISAS Enhanced Roadmap 2012

Guidance for Requirements for qualified trust service providers: trustworthy systems and products

Guidelines 4/2018 on the accreditation of certification bodies under Article 43 of the General Data Protection Regulation (2016/679)

1. Publishable Summary

3emplate for comments and secretariat observations Date: 14/X/2013 Document:

Securing Europe's Information Society

Third public workshop of the Amsterdam Group and CODECS C-ITS Deployment in Europe: Common Security and Certificate Policy

ETSI TS V1.3.1 ( )

ENISA s Position on the NIS Directive

Technical Specification Electronic Signatures and Infrastructures (ESI); CMS Advanced Electronic Signatures (CAdES)

USC esignature and Interoperability. Daniel Sánchez Martínez University of Murcia

Resolution of comments on Drafts ETSI EN to ETSI EN May 2014

ETSI ES V1.1.3 ( )

ARTICLE 29 DATA PROTECTION WORKING PARTY

EUROPEAN COMMISSION Enterprise Directorate-General

ENISA And Standards Adri án Belmonte ETSI Security Week Event Sophia Antipolis (France) 22th June

Certification Policy of CERTUM s Certification Services Version 4.0 Effective date: 11 August 2017 Status: archive

Test Signature Policy Version 1.0

Electronic Commerce Working Group report

Third public workshop of the Amsterdam Group and CODECS European Framework for C-ITS Deployment

Cross border eservices STORK 2.0

Toward Horizon 2020: INSPIRE, PSI and other EU policies on data sharing and standardization

egov & PKI By: Alaa Eldin Mahmoud Aly YOUR LOGO

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure

Update on Security, Privacy and Safety Standards

CertDigital Certification Services Policy

The Basic Terms and Legal Aspects of The ESA from The Practical and Security Points of View

The NIS Directive and Cybersecurity in

eidas & e-delivery CE Midsummer Conference "The role of policy decisions in the postal & delivery industry", Copenhagen (DK), 12 June 2017

TOOP Introducing The Once-Only Principle project

13543/17 PhL/at 1 DG G 3 B

ETSI TS V1.1.1 ( )

STANDARDS TO HELP COMPLY WITH EU LEGISLATION. EUROPE HAS WHAT IT TAKES INCLUDING THE WILL?

ehealth Network ehealth Network Governance model for the ehealth Digital Service Infrastructure during the CEF funding

e-sens Electronic Simple European Networked Services Klaus Vilstrup Pedersen WP6 Manager DIFI, Norway

ETSI TS V2.2.1 ( )

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

Transcription:

Digital Signatures: How Close Is Europe to Truly Interoperable Solutions? Konstantinos Rantos Kavala Institute of Technology, Kavala GR-65404, Greece krantos@teikav.edu.gr Abstract. Digital signatures have been a hot topic in the e-government era as a key enabler for e-services provided to business and citizens, and secure exchange of e-documents. When this exchange crosses the borders of closed systems or EU s Member States, several interoperability issues arise. In EU many schemes and solutions have been proposed to overcome some problems, yet there is still more to be done. This paper provides a survey of the actions taken to promote interoperable use of digital signatures and identifies areas where EU has to invest in order to achieve the desired level of interoperability. Keywords: Digital Signatures, interoperability, e-documents, standardisation, egovernment services. 1 Introduction The penetration of digital signatures across EU has been noticeable the last few years, with more and more digital services adopting them to secure data authentication, integrity and non-repudiation. This flourishing period came after a long recession where public key cryptography and its derivatives, such as digital signatures, have been straggling to survive as a technological solution to securing e-services. European initiatives together with work programmes ID- ABC [15] and ISA [2] and the corresponding action plans have been the turning point that triggered EU s member states (MSs) to consider them as one of the key infrastructures in their egovernment action plans. Nowadays, most of the countries across EU have already deployed digital signature schemes for their two main application fields: entity authentication, i.e. electronic identity (eid) schemes and data authentication and integrity, i.e. digitally signed documents. Digital signatures have proven to be the robust solution for secure exchange of e-documents in the context of (cross-border) e-service provision. Although currently provided mainly governments, they are anticipated to be adopted and widely deployed other critical sectors, such as banking, to satisfy similar needs. Digital certificates and signatures are expected to be the user s e-passport to e-services. B. de Decker et al. (Eds.): CMS 2011, LNCS 7025, pp. 155 162, 2011. c IFIP International Federation for Information Processing 2011

156 K. Rantos Digital signatures are well studied and standardised ETSI (European Telecommunications Standards Institute), CEN (European Committee for Standardisation) and other organisations and initiatives such as the EESSI (European Electronic Signature Standardisation Initiative). These standards have solved technological issues and viable and secure yet, more or less, closed solutions are already deployed and have long been tested. However, the plethora of technical standards resulted in diversified environments related to secure signature creation devices (SSCDs), certificates, and signatures, which bring more obstacles to the road towards interoperable solutions. As a result, many activities have been taking place in EU aiming to promote digital signatures interoperability at legal, policy and technical level. Such activities include signatures related studies and projects like CROBIES (Cross-Border Interoperability of esignatures), cross-border demonstrators and other less signature related but with a significant impact on EU s policy formulation on digital signatures, PEPPOL (Pan-European Public Procurement Online), STORK (Secure identity across borders linked), and SPOCS (Simple Procedures Online for Cross- Border Services) and secure documents exchange specific solutions like the Business Document Exchange Network (BUSDOX). This paper looks at digital signatures interoperability issues and the work that is carried out in the egovernment services field, emphasizing on e-document signing, yet ommitting application related issues. In this context, this paper provides an up to date mapping of the standards used solutions deployed across EU and identifies the points that remain problematic and need our attention in order to strengthen weak links in the interoperability chain. It also aims to assist those that design digital signature enabled applications and have to make important interoperability decisions and those planning to develop signature generation and validation tools as the ISA programme requires. The paper is organized as follows. Section 2 provides a quick overview of the activities that take place in EU regarding digital signatures interoperability and a thorough mapping of signature and e-document related standards. Section 3 sets the cornerstones of interoperability and defines the three levels of interoperability that seek viable solutions while section 4 identifies those areas where EU has to invest for truly interoperable solutions. 2 Current Activities and Standards The EU s intentions to promote secure exchange of e-documents in the context of egovernment services and to use electronic identities (eids) across all MSs, have boosted the use of digital signatures across the EU. This cross-border vision, however, has brought up many interoperability problems for digital signature enabled applications. With a plan on e-signatures in 2008 [1], Europe sets the cornerstones for the actions that have to be taken towards MSs acceptable and interoperable e-signatures. These plans are reinforced the Commission s decision to define interoperability of public key infrastructures (PKI) as one of the key activities of the ISA programme [2] defined in actions 1.8 and 1.9 regarding e-documents exchange and verification of e-signatures respectively.

Digital Signatures: How Close Is Europe to Truly Interoperable Solutions? 157 Prior to start implementing EU s policy most of the MSs had justifiably designed their eid and e-services solutions considering merely their own needs and based on the applicable legal framework, usually overlooking other MSs needs and specifications. Figure 1 depicts the current status of standardisation in EU regarding digital signatures and e-documents. It is an update to the mapping published EU [16] enhanced the strong dependencies between those standards. The already complicated map coupled with the wide variety of options that each of these standards offers and the diversities among the adopted solutions reveal the reason why these e-signature related standards hinder the provision of interoperable solutions. technically fostered specified Internet X.509 PKI X.509 V.3 Certificate Profile Commission Decision 2003/511/EC Certificate and CRL for Certificates Issued to Generally Recognised Standards for depends Profile RFC 5280 Natural Persons ETSI 102 280 Signature Products on technically based on recognises Security specified basis recognises Qualified Certificate Profile Requirements General guidelines for Use of Electronic RFC 3739 ETSI 101 862 for for Cryptographic Trustworthy electronic signature Signatures: Legal and Modules systems managing verification Technical Aspects Policy requirements for adopts FIPS 140-2 certificates CWA 14171 CWA 14365 Part 1 certification authorities CWA 14167-1,2 Algorithms and issuing qualified amplified Parameters for Public Procurement 2004/18/EC, complemented certificates ETSI 101 456 SSCD EAL4+ Secure 2004/17/EC (ISO 15408) guided guided Application interface adopts Electronic CWA 14169 einvoicing 2006/112/EC for smart cards used as Signatures Guidance on SSCDs CWA 14890-1,2 harmonized Services Directive 2006/123/EC ETSI 102 176 TS 101 456... CWA 14167-3,4 Parts 1-2 extended ETSI 102 437 Cryptographic Guidelines for the Module implementation of formulated Application of Guidance on TS 101 456 formulated SSCDs CWA 14355 Electronic Signature ETSI 102 437 Standards in Europe Commission Decision based on ETSI 102 438 2011/130/EU CMS CMS Advanced Electronic (Adoption of PKCS#7 Signatures (CAdES) CMS extends X/C/PAdES BES/EPES) Cryptographic ETSI 101 733, RFC 5126 Cryptographic Commission Decision Message Syntax Message Syntax amended 2009/767/EC RFC 2315 RFC 5652 amplified Trusted Lists extended extended Commission Decision used 2010/425/EU Profiles of Enhanced Security utilises Trusted Lists based on CMSAdvanced Services for S/MIME XML format Electronic Signatures XML Advanced Electronic RFC 2634 (updated for signature based on TS101 733 Signatures (XAdES) RFC 5035 ) Trust-Service Status policies ETSI 102 734 ETSI 101 903 Information ETSI 102 038 ETSI 102 231 extended used amplified Signature policy for PDF Advanced Registered Email: extended business Electronic Signatures ETSI 102 605 model XML based (PAdES) ETSI 102 640 Parts 1-5 ETSI 102 045 amplified ETSI 102 778 -Part 3 on Profiles of XML Advanced guided Electronic Signatures complemented based on TS101 903 TSA Policy requirements ETSI 102 904 for time-stamping PDF Profiles of XML authorities PAdES: Usage and PDF Advanced Advanced ETSI 102 023 XML Signature implementation Electronic esignatures (XMLDSig) guidelines Signatures (PAdES) Time stamping profile ETSI 102 904 W3C - XML Signature ETSI 102 923 ETSI 101 861 ETSI 102 778 -Parts Syntax and Processing 1,2,4,5,6 profiles RFC 3161` European Union Directive 1999/93/EC Legal framework for esignatures and Certification Service Providers Fig. 1. E-signatures standards map Recent activities in EU have resulted in the adoption of two significant solutions that aim to promote interoperability (both of them are the result of work carried out in the context of Directive 2006/123/EC):

158 K. Rantos Publication of a list, namely Trust-service Status List (TSL), of supervised/accredited certification service providers (CSPs) issuing qualified certificates, to facilitate trust establishment among parties participating in a transaction (Decision 2009/767/EC [3] amended Decision 2010/425/EU [4]). The plethora of CSPs across EU which operate under the umbrella of Directive 1999/93/EC [7] results in a chaotic situation in terms of trust among participating entitied. TSL helps verifiers establish the necessary trust relationships with foreign CSPs operating in other MSs. TSLs also contain mandatory information one should otherwise find on a certificate, according to the corresponding standards, e.g. information whether the certificate resides on an SSCD or not (ETSI 101 862 [9]) but the CSP did not include it in the certificate in a standardized and commonly accepted manner. Moreover, they complement digital certificates mechanism and the trust model they offer in a way that raises some questions as dependence on a list implies that user s trust circle has to be expanded to also cover mechanisms and procedures that the supervising authority employs for managing and publishing this list. EC has also adopted Decision 2011/130/EU [5], which defines common specifications regarding the format of signed documents to facilitate cross-border exchange within the context of service provision. These specifications promote the standardised CAdES [8], XAdES [10], and the recently ETSI adopted PAdES [14] formats for documents signed competent authorities. Although these standards offer many options to cover a wide range of security concerns, only *-BES (Basic Electronic Signature) and *-EPES (Explicit Policy Electronic Signature) profiles are currently adopted EU. These flavours have limited features and do not secure the provision of additional information required for the critical long term archiving and time of signature generation. 3 Defining Interoperability When implementing e-services that entail secure exchange of e-documents, or when signing documents, there are several questions that someone has to answer, including: What should the signed document format be? What types of electronic signatures (advanced, advanced based on qualified certificate, qualified) is the relying party willing to accept? In practice, what are the means that the signer has in possession and what is the risk the relying party is willing to accept in terms of signer s commitment and authorization? What are the acceptable key sizes, signature algorithms or hash functions? What additional information does the verifier need to verify and accept the provided signature, including timestamps and validation data?

Digital Signatures: How Close Is Europe to Truly Interoperable Solutions? 159 The answers to these questions disclose the interoperability problems that digital signature deploying services are likely to face and can be mapped to the following interoperability levels. 3.1 Legal Interoperability The foundations of the legal framework at European level were laid Directive 1999/93/EC [7], which defined the types of digital signatures and the requirements for the provision of certification services. Although it provided a solid basis for the use of digital signatures, it was only the basis on top of which many other structural components had to be built MSs. Since Directive 1999/93/EC several enhancements took place corresponding decisions and plans for the wider deployment of e-services supported the use of electronic services. Many studies have been conducted within the IDABC programme regarding legal interoperability [15], the details of which are out of the scope of this paper. 3.2 Interoperability at Policy Level Although law is one of the factors that will affect the validity of a signature, policy restrictions is another and is related to the security considerations of the service for which signatures are deployed. For instance, while an advanced signature based on a qualified certificate might suffice for a document used within a specific service, the same document for a different type of service might require a qualified signature, i.e. the one based on a SSCD [7]. Policy restrictions should be considered the verifier prior to accepting a digital signature and could include issues related to certificate validity, certificate suitability (e.g. requirements for trust establishment, use of SSCDs, acceptable SSCDs, CSP s auditing), signature validity (e.g. algorithms and key sizes, timestamps) and document signature properties (e.g. signature format, signature placement). Current practices and EU adopted mechanisms do not secure policy requirements satisfaction leaving verifiers with the difficult task of collecting the necessary information or deciding ad-hoc about the acceptance or not of a signed document (assuming that the verifier has policy requirements). 3.3 Technical Interoperability Legal and policy restrictions might affect technical decisions on document, signature and certificate formats and characteristics. If signer and verifier cannot support the same algorithms, protocols and mechanisms, signature verification is bound to fail. Technical interoperability problems typically can be passed if solutions, algorithms and mechanisms adhere to specific standards and alternatives are narrowed down to a limited set of options.

160 K. Rantos 4 Areas Where EU Should Invest In this section key areas that are anticipated to play an important role in future e-services seeking maximum interoperability are defined. 4.1 Time Stamping Time stamps are the means to provide assurances about the existence of data before a particular time [11]. While in some transactions is important to mark the time of data receipt, e.g. in e-procurement services, there are other examples where time-stamps have to be provided the signer, e.g. a certificate issued a competent authority some time in the past, in which case the verifier has to establish a trust relationship with the time-stamping authority (TSA) to accept both the time-stamp and the signature. According to Directive 1999/93/EC and ETSI 102 023 [11] a TSA can be considered as a CSP which issues time stamp tokens. Based on EU s trust model, solid trust relationships between TSA and verifier can only be established if the TSA is a qualified one and therefore, supervised/accredited the MS s competent authority and if the services are listed in the MS s TSL, given that these are included in a voluntary basis [3]. Trust establishment is essential for the verifier to be assured about the procedures, practices and the security measures taken the authority to provide this service. Otherwise the validity of the time stamp is jeopardized. Time-stamping is a service that has to be put into the picture to enhance digital signature enabled services. 4.2 Signatures with Validation Data and Long Term Archiving Although currently adopted formats of *-BES and *-EPES seem satisfactory for a very basic exchange of signed e-documents, they do not suffice for stronger requirements set the receiving entity in a transaction. Verification information, all or part of it, as previously mentioned, can be provided the signer, which bears the risk of deploying non-interoperable solutions. To avoid this unpleasant situation various solutions adopt alternatives for secure signature validation, such as validation points proposed Decision 2011/130/EU [5] and used large scale pilots, such as PEPPOL and SPOCS. Such ad hoc approaches however do not provide robust solutions to signed document validation. Moreover, long-term archiving data are needed for the verification of signer s signature at a time when the signer s certificate might be revoked or will have expired. The aforementioned reliable timestamping is much related to the information that supplements the signature for long-term archiving. Such data will prove essential in the long run when governments go all digital, hence all archives are in digital form. In that case keeping all the necessary verification information with the signed document will be vital.

Digital Signatures: How Close Is Europe to Truly Interoperable Solutions? 161 4.3 Policy Restrictions As the number of e-services is anticipated to grow in the years to come, more diversified and open environments will come into picture with their own requirements and restrictions regarding signature generation and validation. Currently accepted standards allow the signer only to disseminate his/her signature policy using the *-EPES format. This approach, although straightforward for the signer, requires the verifier to adapt his/her requirements on what the signer provides and decide about the validity on an ad-hoc basis. It does not consider the verifier s requirements regarding signature and, as a result to that, document acceptance. A more appropriate solution would also allow the verifier provide his/her own requirements and establish a kind of agreement with the signer on the corresponding needs prior to signer s commitment. EU should elaborate on the formulation of an EU wide policy format and MSs must formulate their policies on e-signatures based on this for all cross-border services considering the following. Signer s policy adopted format should be unambiguously interpretable the verifier, and automatically processed to relieve the end user from this very complicated task. ETSI 102 038 [12] and ETSI 102 045 [13] standards can form the basis towards this achievement. Promote policies recording and mapping based on commonly accepted standards to achieve the much desirable interoperability at policy level. Work on schemes that will facilitate policy agreements between signer and verifier prior to signer s commitment. 4.4 Commonly Adopted Standards for Certificate Formats Current standards provide robust solutions for certificates and facilitate unambiguous interpretation of the type of certificate, its properties and security characteristics. However, not all of them are adopted CSPs who issue qualified certificates, leaving critical information out of the certificate or included in a non standardized manner. Adoption of commonly accepted profiles based on specific standards, such as those included in Figure 1, would allow certificates to carry all the necessary information that is now delegated to other schemes. Such an approach would help overcome the aforementioned problem caused the issuance of certificates different CSPs under different procedures, specifications and with a different perspective on the format that a certificate should have. CROBIES has already proposed an interoperable certificate profiles that can be adopted the EU [6]. Although adoption of common profiles is not an easy task, it will secure the wide acceptance of certificates and convert them to the e-passport that EU envisioned and tries to promote through corresponding plans and actions. 5 Conclusions The wide variety of standards on digital signatures complemented the large number of options they offer, have resulted in many cross-border interoperability

162 K. Rantos problems in EU.This paper provided an up to date mapping of digital signature and e-documents related standards and identified the key areas that still need to be considered the EU in order to achieve truly interoperable solutions. In contrast to EU s approach of introducing new ad-hoc mechanisms and solutions to old problems the paper suggests the use of existing standards assuming that the options they offer are narrowed to a commonly accepted subset, an approach that is also adopted Decision 2011/130/EU [5]. Adopting a more strict set of rules will simplify this complicated environment and will pave the way to a wider deployment of digital signatures, even for digitally analphabetic users. References 1. Action Plan on e-signatures and e-identification to facilitate the provision of crossborder public services in the Single Market, COM, 798 (2008) 2. Decision 922/2009/EC on interoperability solutions for European public administrations (ISA) 3. Commission Decision 2009/767/EC, Setting out measures facilitating the use of procedures electronic means through the points of single contact under Directive 2006/123/EC. Corrigendum (November 2009) 4. Commission Decision 2010/425/EU: Amending Decision 2009/767/EC as regards the establishment, maintenance and publication of trusted lists of certification service providers supervised/accredited Member States 5. Commission Decision 2011/130/EU, Establishing minimum requirements for the cross-border processing of documents signed electronically competent authorities under Directive 2006/123/EC (February 2011) 6. CROBIES: Interoperable Qualified Certificate Profiles, Final Report (2010) 7. Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures 8. ETSI TS 101 733. Electronic Signatures and Infrastructures (ESI); CMS Advanced Electronic Signatures (CAdES), http://www.etsi.org 9. ETSI TS 101 862. Qualified Certificate profile, http://www.etsi.org 10. ETSI TS 101 903. XML Advanced Electronic Signatures (XAdES), http://www.etsi.org 11. ETSI TR 102 023. Electronic Signatures and Infrastructures (ESI); Policy requirements for time-stamping authorities, http://www.etsi.org 12. ETSI TR 102 038. TC Security - Electronic Signatures and Infrastructures (ESI); XML format for signature policies, http://www.etsi.org 13. ETSI TR 102 045. Electronic Signatures and Infrastructures (ESI); Signature policy for extended business model, http://www.etsi.org 14. ETSI TS 102 778-3. Electronic Signatures and Infrastructures (ESI); PDF Advanced Electronic Signatures (PAdES); PAdES Enhanced PadES-BES and PAdES-EPES Profiles, http://www.etsi.org 15. IDABC Work Programme 2005-2009, http://ec.europa.eu/idabc/ 16. Mandate M460, Standardisation Mandate to the European Standardisation Organisations CEN, CENELEC and ETSI in the field of Information and Communication Technologies applied to electronic signatures (January 7, 2010)

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback