Electronic%20Signature%20infrastructure%20for%20Europe

1

• Electronic Signature infrastructure for Europe
• Riccardo Genghini
• Cen/Isss Ws E-Sign Chairman

2
Dr. Riccardo Genghini - SNG
Notary Public in Milan Italy Uninfo STP Chair
2002 Cen ISSS E Sign Chair 2001 Liberty
Alliance Member ETSI Member IT Law research
since 1982 www.sng.it
3
Definition of 5.1 (QES)

• Qualified Electronic Signatures have a functional
  definition in the 1999/93/EC directive
• They have to satisfy the legal requirements of a
  signature in relation to data in electronic form
  in the same manner as a handwritten signature
  satisfies those requirements in relation to
  paper-based data (art. 5.1).
• So they are what ever it is a human signature
  for the given legal system (i.e. possibly not
  binding)

4
Definition of 5.2 (ES)
Non qualified electronic signatures are data in
electronic form which are attached to or
logically associated with other electronic data
and which serve as a method of authentication
(art. 2.1) This definition includes many
different kind of signatures access control,
data origin authentication, data validation,
time-stamping, and any other way of marking
data not necessarily related to the human act of
signing
5
EESSI SG
EESSI European Electronic Signature
Standardization Initiative
European Telecommunications Standards Institute
Comitèe Europèen de Normation
Information Society Standardisation System
Industry and business, assisted by European
standard bodies
6
CEN WORKSHOP AGREEMENTS

• AREA D1-D2
• CWA 14167-1 Security Requirements for
  Trustworthy Systems Managing Certificates for
  Electronic Signatures
• CWA 14167-2 Security of cryptographic modules
• CWA 14167-3 Cryptographic Module for CSP Key
  Generation Services Protection Profile CMCKG-PP

7
CEN WORKSHOP AGREEMENTS

• AREA F
• CWA 14168 Security Requirements for Secure
  Signature Creation Devices EAL4
• CWA 14169 Security Requirements for Secure
  Signature Creation Devices EAL4
• AREA G1-G2
• CWA 14170 Security Requirements for Secure
  Signature Creation Systems
• CWA 14171 Procedures for Electronic Signature
  Verification

8
CEN WORKSHOP AGREEMENTS

• AREA V
• CWA 14172-1 Conformity Assessment Guidance -
  Part. 1 General
• CWA 14172-2 Conformity Assessment Guidance
  Part 2 Certification Authority services and
  processes
• CWA 14172-3 Conformity Assessment Guidance
  Part 3 Trustworthy systems managing
  certificates for electronic signatures
• CWA 14172-4 Conformity Assessment Guidance
  Part 4 Signature creation applications and
  procedures for electronic signature verification
• CWA 14172-5 Conformity Assessment Guidance
  Part 5 Secure Signature Creation Devices

9
CEN WORKSHOP AGREEMENTS

• AREA AA1-AA2
• CWA 14355 Guidelines for the implementation of
  Secure Signature Creation Devices
• CWA 14365 General Requirements for Electronic
  Signatures

10
CEN WORKSHOP AGREEMENTS

• Area AB (work in progress) Team 1
• Technical Report on advanced and non advanced
  electronic signatures and their informative value
  (relevance as legal evidence)

11
CEN WORKSHOP AGREEMENTS

• Area K (work in progress) Team 2
• CWA XXXXX Application Interface for Smartcards
  used as Secure Signature Creation Device

12
CEN WORKSHOP AGREEMENTS

• Area L (work in progress) Team 3
• Harmonised provision of Trusted Service Provider
  status information

13
CEN WORKSHOP AGREEMENTS

• AREA V (ongoing work) Team 5
• Guidance on conformity assessment of Signature
  Creation Devices supporting non-qualified
  electronic signatures (5.2 signatures)
  against the Protection Profile specified in the
  CWA of Area AA2 (CWA 14172 Part 6).
• Guidance on conformity assessment of
  Cryptographic Modules for CSP Signing Operations
  against the Protection Profile specified in
  CWA 14167-2 of Area D2 (MCSO-PP) (CWA 14172
  Part 7).
• Guidance on conformity assessment of CSPs issuing
  public key certificates against the Policy
  Requirements specified by ETSI STF 178 Task 2
  (CWA 14172 Part 8).
• Guidance on conformity assessment of
  Time-Stamping Authorities against the Policy
  Requirements specified by ETSI STF 178 Task 1
  (CWA 14172 Part 9).

14
CEN WORKSHOP AGREEMENTS

• Maintenance of approved EESSI deliverables Team
  4
• Deadline 2Q 3Q 2003
• Opportunity in Vienna to network and discuss
  technical issues between the IETF and EESSI
  experts

15
ETSI ESI TS - TR

• Phase 3 Publications (1/2)
• Policy requirements for time-stamping
  authorities TR 102 023  (January
  2003)Identification of requirements for
  attribute certification - TR 102 044  (December
  2002)Electronic Signature formats version TS 101
  733 v 1.4.0 (September 2002)XML format for
  signature policies - TR 102 038  (April
  2002)Policy requirements for time-stamping
  authorities - TS 102 023  (April 2002) Policy
  requirements for certification authorities
  issuing public key certificates - TS 102 042 
  (April 2002) Policy requirements for
  certification authorities issuing qualified
  certificates - TS 101 456 v 1.2.1  (April 2002)

16
ETSI ESI TS - TR

• Phase 3 Publications  (2/2)
• Provision of harmonized Trust Service Provider
  status information - TR 102 030  (April 2002)FAQ
  (March 2002)International Harmonization of
  Policy Requirements for CAs issuing Certificates
  - TR 102 040 (March 2002)Time stamping profile -
  TS 101 861 v1.2.1 (March 2002)Signature Policies
  Report - TR 102 041 (February 2002)XML Advanced
  Electronic Signatures (XAdES) - TS 101 903
  (February 2002)Electronic Signature Formats - TS
  101 733 v 1.3.1 (February 2002) 

17
ETSI ESI TS - TR

• Phase 1 and 2 Publications
• Time Stamping Profile - TS 101 861 v 1.1.1
  (September 2001)Qualified Certificate Profile -
  TS 101 862 v 1.2.1 (June 2001)Policy requirement
  for certification authorities issuing qualified
  certificates TS 101 456 v 1.1.1 (December
  2000)Qualified Certificate Profile - TS 101 862
  v 1.1.1 (December 2000)Electronic Signature
  Formats - TS 101 733 v 1.2.2 (December
  2000)Electronic Signature Formats - ETSI ES 201
  733 v 1.1.3 (May 2000)   

18
ETSI ESI TS - TR

• Being processed for publication
• Signature policy for extended business model - TR
  102 045
• Pre study on Certificate Profiles  TR 102 153
• Maintenance of ETSI standards from EESSI phase 2
  and 3 TR 102 046
• Opportunity in Vienna to network and discuss
  technical issues between the IETF and EESSI
  experts

19
ETSI ESI TS - TR

• Approved
• Following a request from the EESSI Steering
  Committee, it was agreed to create a Work Item to
  publish the EESSI "Algo Paper" as a special
  report of TC ESI.
• Under Approval
• There are currently no deliverables in this
  phase
• Draft for public comment
• There are currently no deliverables in this
  phase
• Notice !!!
• XML interoperability event in Sophia Antipolis
  (France) 4Q 2003

20
Cen-ISSS E-Sign - ETSI ESI

• EESSI
• http//www.ict.etsi.org/eessi/EESSI-homepage.htm
• CEN
• http//www.cenorm.be/isss/workshop/e-sign
• ETSI
• http//www.etsi.org/esi/el-sign.htm
• http//portal.etsi.org/esi/el-sign.asp
• Sign up for the two mailing lists on the
  respective Web Pages