210 likes | 367 Views
Electronic Signature infrastructure for Europe Riccardo Genghini Cen/Isss Ws E-Sign Chairman. Dr. Riccardo Genghini - SNG. Notary Public in Milan – Italy Uninfo STP Chair 2002 Cen – ISSS E Sign Chair 2001 Liberty Alliance Member ETSI Member IT Law research since 1982 www.sng.it.
E N D
Electronic Signature infrastructure for Europe • Riccardo Genghini • Cen/Isss Ws E-Sign Chairman
Dr. Riccardo Genghini - SNG • Notary Public in Milan – Italy • Uninfo STP Chair 2002 • Cen – ISSS E Sign Chair 2001 • Liberty Alliance Member • ETSI Member • IT Law research since 1982 • www.sng.it
Definition of 5.1 (QES) • Qualified Electronic Signatures have a functional definition in the 1999/93/EC directive: • They have to “satisfy the legal requirements of a signature in relation to data in electronic form in the same manner as a handwritten signature satisfies those requirements in relation to paper-based data” (art. 5.1). • So they are what ever it is a human signature for the given legal system (i.e. possibly not binding)
Definition of 5.2 (ES) • Non qualified electronic signatures are “data in electronic form which are attached to or logically associated with other electronic data and which serve as a method of authentication” (art. 2.1) • This definition includes many different kind of signatures: access control, data origin authentication, data validation, time-stamping, and any other way of “marking data” not necessarily related to the human act of signing
EESSI SG EESSI European Electronic Signature Standardization Initiative European Telecommunications Standards Institute Comitèe Europèen de Normation Information Society Standardisation System Industry and business, assisted by European standard bodies
CEN WORKSHOP AGREEMENTS AREA D1-D2 • CWA 14167-1 “Security Requirements for Trustworthy Systems Managing Certificates for Electronic Signatures” • CWA 14167-2 “Security of cryptographic modules” • CWA 14167-3 “ Cryptographic Module for CSP Key Generation Services – Protection Profile CMCKG-PP
CEN WORKSHOP AGREEMENTS AREA F • CWA 14168 “Security Requirements for Secure Signature Creation Devices” EAL4 • CWA 14169 ““Security Requirements for Secure Signature Creation Devices” EAL4+” AREA G1-G2 • CWA 14170 “Security Requirements for Secure Signature Creation Systems” • CWA 14171 “Procedures for Electronic Signature Verification”
CEN WORKSHOP AGREEMENTS AREA V • CWA 14172-1 “Conformity Assessment Guidance - Part. 1 – General” • CWA 14172-2 “Conformity Assessment Guidance – Part 2 – Certification Authority services and processes” • CWA 14172-3 – “Conformity Assessment Guidance – Part 3 – Trustworthy systems managing certificates for electronic signatures” • CWA 14172-4 – “Conformity Assessment Guidance – Part 4 – Signature creation applications and procedures for electronic signature verification” • CWA 14172-5 – “Conformity Assessment Guidance – Part 5 – Secure Signature Creation Devices”
CEN WORKSHOP AGREEMENTS AREA AA1-AA2 • CWA 14355 “Guidelines for the implementation of Secure Signature Creation Devices” • CWA 14365 “General Requirements for Electronic Signatures”
CEN WORKSHOP AGREEMENTS Area AB (work in progress): Team 1 • Technical Report on advanced and non advanced electronic signatures and their informative value (relevance as legal evidence)
CEN WORKSHOP AGREEMENTS Area K (work in progress): Team 2 • CWA XXXXX “Application Interface for Smartcards used as Secure Signature Creation Device”
CEN WORKSHOP AGREEMENTS Area L (work in progress): Team 3 • “Harmonised provision of Trusted Service Provider status information”
CEN WORKSHOP AGREEMENTS • AREA V (ongoing work): Team 5 • Guidance on conformity assessment of Signature Creation Devices supporting non-qualified electronic signatures (5.2 signatures) against the Protection Profile specified in the CWA of Area AA2 (CWA 14172 Part 6). • Guidance on conformity assessment of Cryptographic Modules for CSP Signing Operations against the Protection Profile specified in CWA 14167-2 of Area D2 (MCSO-PP) (CWA 14172 Part 7). • Guidance on conformity assessment of CSPs issuing public key certificates against the Policy Requirements specified by ETSI STF 178 Task 2 (CWA 14172 Part 8). • Guidance on conformity assessment of Time-Stamping Authorities against the Policy Requirements specified by ETSI STF 178 Task 1 (CWA 14172 Part 9).
CEN WORKSHOP AGREEMENTS Maintenance of approved EESSI deliverables: Team 4 • Deadline 2Q – 3Q 2003 Opportunity in Vienna to network and discuss technical issues between the IETF and EESSI experts
ETSI ESI TS - TR • Phase 3 Publications (1/2) • Policy requirements for time-stamping authorities TR 102 023 (January 2003)Identification of requirements for attribute certification - TR 102 044 (December 2002)Electronic Signature formats version TS 101 733 v 1.4.0 (September 2002)XML format for signature policies - TR 102 038 (April 2002)Policy requirements for time-stamping authorities - TS 102 023 (April 2002) Policy requirements for certification authorities issuing public key certificates - TS 102 042 (April 2002) Policy requirements for certification authorities issuing qualified certificates - TS 101 456 v 1.2.1 (April 2002)
ETSI ESI TS - TR • Phase 3 Publications (2/2) • Provision of harmonized Trust Service Provider status information - TR 102 030 (April 2002)FAQ (March 2002)International Harmonization of Policy Requirements for CAs issuing Certificates - TR 102 040 (March 2002)Time stamping profile - TS 101 861 v1.2.1 (March 2002)Signature Policies Report - TR 102 041 (February 2002)XML Advanced Electronic Signatures (XAdES) - TS 101 903 (February 2002)Electronic Signature Formats - TS 101 733 v 1.3.1 (February 2002)
ETSI ESI TS - TR • Phase 1 and 2 Publications • Time Stamping Profile - TS 101 861 v 1.1.1 (September 2001)Qualified Certificate Profile - TS 101 862 v 1.2.1 (June 2001)Policy requirement for certification authorities issuing qualified certificates TS 101 456 v 1.1.1 (December 2000)Qualified Certificate Profile - TS 101 862 v 1.1.1 (December 2000)Electronic Signature Formats - TS 101 733 v 1.2.2 (December 2000)Electronic Signature Formats - ETSI ES 201 733 v 1.1.3 (May 2000)
ETSI ESI TS - TR • Being processed for publication • Signature policy for extended business model - TR 102 045 • Pre study on Certificate Profiles TR 102 153 • Maintenance of ETSI standards from EESSI phase 2 and 3 TR 102 046 Opportunity in Vienna to network and discuss technical issues between the IETF and EESSI experts
ETSI ESI TS - TR • Approved • Following a request from the EESSI Steering Committee, it was agreed to create a Work Item to publish the EESSI "Algo Paper" as a special report of TC ESI. • Under Approval • There are currently no deliverables in this phase • Draft for public comment • There are currently no deliverables in this phase • Notice !!! • XML interoperability event in Sophia Antipolis (France) 4Q 2003
Cen-ISSS E-Sign - ETSI ESI • •EESSI: • http://www.ict.etsi.org/eessi/EESSI-homepage.htm • •CEN: • http://www.cenorm.be/isss/workshop/e-sign • •ETSI: • http://www.etsi.org/esi/el-sign.htm • http://portal.etsi.org/esi/el-sign.asp • Sign up for the two mailing lists on the respective Web Pages