ImageVerifierCode 换一换
格式:PDF , 页数:36 ,大小:2.87MB ,
资源ID:592373      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-592373.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(CEN TR 419040-2018 Rationalized structure for electronic signature standardization - Guidelines for citizens.pdf)为本站会员(testyield361)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

CEN TR 419040-2018 Rationalized structure for electronic signature standardization - Guidelines for citizens.pdf

1、BSI Standards PublicationWB11885_BSI_StandardCovs_2013_AW.indd 1 15/05/2013 15:06Rationalized structure for electronic signature standardization - Guidelines for citizensPD CEN/TR 419040:2018TECHNICAL REPORT RAPPORT TECHNIQUE TECHNISCHER BERICHT CEN/TR 419040 May 2018 ICS 35.030 English Version Rati

2、onalized structure for electronic signature standardization - Guidelines for citizens Cadre pour la normalisation de la signature lectronique - Lignes directrices pour les citoyens This Technical Report was approved by CEN on 9 March 2018. It has been drawn up by the Technical Committee CEN/TC 224.

3、CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland

4、, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels 2018 CEN All rights of exp

5、loitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. CEN/TR 419040:2018 ENational forewordThis Published Document is the UK implementation of CEN/TR 419040:2018.The UK participation in its preparation was entrusted to Technical Committee IST/17, Cards and secu

6、rity devices for personal identification.A list of organizations represented on this committee can be obtained on request to its secretary.This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. The British Standards

7、 Institution 2018 Published by BSI Standards Limited 2018ISBN 978 0 580 96808 2ICS 35.030Compliance with a British Standard cannot confer immunity from legal obligations. This Published Document was published under the authority of the Standards Policy and Strategy Committee on 31 May 2018.Amendment

8、s/corrigenda issued since publicationDate Text affectedPUBLISHED DOCUMENTPD CEN/TR 419040:2018TECHNICAL REPORT RAPPORT TECHNIQUE TECHNISCHER BERICHT CEN/TR 419040 May 2018 ICS 35.030 English Version Rationalized structure for electronic signature standardization - Guidelines for citizens Cadre pour

9、la normalisation de la signature lectronique - Lignes directrices pour les citoyens This Technical Report was approved by CEN on 9 March 2018. It has been drawn up by the Technical Committee CEN/TC 224. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Cze

10、ch Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Ki

11、ngdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels 2018 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. CEN/

12、TR 419040:2018 EPD CEN/TR 419040:2018CEN/TR 419040:2018 (E) 2 Contents Page European foreword . 4 Introduction 5 1 Scope 6 2 Normative references 6 3 Terms and definitions . 6 4 Abbreviations . 8 5 What are (legally valid) electronic signatures? . 9 5.1 Electronic signatures defined by the EU Regula

13、tion N 910/2014 . 9 5.2 The underlying technology Public key cryptography and digital signatures . 10 5.2.1 Introduction . 10 5.2.2 How it works 10 5.2.3 Ensuring trust 12 5.2.4 Functionalities offered by PKI based technologies: data integrity and authentication of origin 13 5.3 Where technical tool

14、s meet legal requirements . 13 5.3.1 Introduction . 13 5.3.2 Mapping the legal and the technical concepts . 14 5.3.3 How digital signatures cover the legal requirements for AdESig . 16 5.3.4 How digital signatures cover the legal requirements for QES . 18 5.4 Other use-cases for digital signatures 1

15、9 6 Digital signatures how does it work in real life applications? . 19 6.1 The signature process 19 6.2 Creation . 19 6.3 Validation 21 6.4 Augmentation 23 7 Digital signatures ancillary services and tools for use in practice . 23 7.1 Introduction . 23 7.2 Identifying the required level of signatur

16、e . 24 7.2.1 General . 24 7.2.2 Use-cases for QES 24 7.2.3 Use-cases for non QES . 24 7.3 Identifying required tools and services . 25 7.3.1 Creation . 25 7.3.2 Augmentation when the signature needs to be preserved 26 7.3.3 Validation 26 7.3.4 Preservation. 26 8 In case of dispute: evidence and proo

17、fs . 27 8.1 General . 27 8.2 Evidence present in the signed data 27 8.3 Evidence generally present in the certificate 28 8.4 Evidence present in the CAs documentation . 29 8.5 Evidence regarding Certificate Status 29 8.6 Evidence present in the Signature Policy 29 8.7 Evidence at the Registration Au

18、thority 30 8.8 Evidence not available through the signed message . 31 9 What about the (international) recognition of electronic signatures? 31 PD CEN/TR 419040:2018CEN/TR 419040:2018 (E) 3 9.1 Within Europe 31 9.2 Outside Europe 31 Bibliography . 33 PD CEN/TR 419040:2018CEN/TR 419040:2018 (E) 4 Eur

19、opean foreword This document (CEN/TR 419040:2018) has been prepared by Technical Committee CEN/TC 224 “Personal identification and related personal devices with secure element, systems, operations and privacy in a multi sectorial environment”, the secretariat of which is held by AFNOR. Attention is

20、drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN shall not be held responsible for identifying any or all such patent rights. PD CEN/TR 419040:2018CEN/TR 419040:2018 (E) 5 Introduction Today, it is possible to electronically sign data to ac

21、hieve the same effects as when using a hand-written signature. Such electronic signatures benefit from full legal recognition due to the EU Regulation N 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal

22、market 1 (hereafter referred to as EU Regulation N 910/2014) which addresses various services that can be used to support different types of electronic transactions and electronic signature in particular. The use of secure electronic signatures should help the development of online businesses and se

23、rvices in Europe. The European Commission standards initiative aims at answering immediate market needs by: securing online transactions and services in Europe in many sectors: e-business, e-administration, e-banking, online games, e-services, online contract, etc.; contributing to a single digital

24、market; creating the conditions for achieving the interoperability of e-signatures at a European level. Besides the legal framework, the technical framework at the present time is very mature. Citizens routinely sign data electronically by using cryptographic mechanisms such as, e.g. when they use a

25、 credit card or debit card to make a payment. Electronic signatures implemented by such cryptographic mechanisms are called “digital signatures”. Appropriate technical methods for digital signature creation, validation and preservation, as well as ancillary tools and services provided by trust servi

26、ce providers (TSPs), are specified in a series of documents developed along with the present document. The present document is part of a rationalized framework of standards (see ETSI TR 119 000 6) realized under the Standardization Mandate 460 issued by the European Commission to CEN, CENELEC and ET

27、SI for updating the existing standardization deliverables. In this framework, CEN is in charge of issuing Guidelines for electronic signatures implementation. These guidelines are provided through two documents: CEN/TR 419030, “Rationalized structure for electronic signature standardization - Best p

28、ractices for SMEs”, aligned with standards developed under the Rationalised Framework as described by ETSI SR 001 604, and CEN/TR 419040, “Rationalized structure for electronic signature standardization - Guidelines for citizens”, explaining the concept and use of electronic signatures. These two do

29、cuments differ slightly from the other documents in the Technical Framework since they go beyond the technical concept of “digital signature” and deal also with the legal concepts of electronic signatures and electronic seals. The concept of electronic seal specified in the Regulation, which is tech

30、nically close to the electronic signature, is developed in CEN/TR 419030 and not in the present document as it relates to legal person and not to natural persons as are the citizens The present document concerning the citizens is focusing on electronic signature that are created by natural persons.

31、PD CEN/TR 419040:2018CEN/TR 419040:2018 (E) 6 1 Scope This Technical Report aims to help citizens to understand the relevance of using electronic signature within their day-to-day lives. It also explains the legal and the technical backgrounds of electronic signatures. This document gives guidance o

32、n the use of electronic signatures and addresses typical practical questions the citizen may have on how to proceed to electronically sign, where to find the suitable applications and material. 2 Normative references There are no normative references in this document. 3 Terms and definitions For the

33、 purposes of this document, the following terms and definitions apply. ISO and IEC maintain terminological databases for use in standardization at the following addresses: IEC Electropedia: available at http:/www.electropedia.org/ ISO Online browsing platform: available at http:/www.iso.org/obp 3.1

34、advanced electronic signature electronic signature which meets the requirements set out in Article 26 of Regulation (EU) N 910/2014 1 Note 1 to entry: Article 26: An advanced electronic signature shall meet the following requirements: (a) it is uniquely linked to the signatory; (b) it is capable of

35、identifying the signatory; (c) it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his/her sole control; and (d) it is linked to the data signed therewith in such a way that any subsequent change in the data are detectable. SOURCE

36、: Regulation (EU) N 910/2014 1, Article 3 (11) 3.2 electronic signature (from the regulation) data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign SOURCE: Regulation (EU) N 910/2014 1, Article 3 (10) 3.3 di

37、gital signature data appended to, or a cryptographic transformation (see cryptography) of a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery, e.g. by the recipient SOURCE: ISO/IEC 7498 / ITU-T/Recommendation X.800 PD CE

38、N/TR 419040:2018CEN/TR 419040:2018 (E) 7 3.4 trust service provider natural or legal person who provides one or more trust services either as a qualified or as a non-qualified trust service provider SOURCE: Regulation (EU) N 910/2014 1, Article 3 (19) 3.5 trust service electronic service normally pr

39、ovided for remuneration which consists of: (a) the creation, verification, and validation of electronic signatures, electronic seals or electronic time stamps, electronic registered delivery services and certificates related to those services, or (b) the creation, verification and validation of cert

40、ificates for website authentication, or (c) the preservation of electronic signatures, seals or certificates related to those services SOURCE: Regulation (EU) N 910/2014 1, Article 3 (16) Note 1 to entry: The concept of electronic seal specified in the Regulation is not developed in the present docu

41、ment as it relates to legal person and not to natural person as are the citizens. More details can be found in the companion document CEN/TR 419030. 3.6 qualified trust service trust service that meets the applicable requirements laid down in this Regulation SOURCE: Regulation (EU) N 910/2014 1, Art

42、icle 3 (17) 3.7 qualified trust service provider trust service provider who provides one or more qualified trust services and is granted the qualified status by the supervisory body SOURCE: Regulation (EU) N 910/2014 1, Article 3 (20) 3.8 signature creation device configured software or hardware use

43、d to create an electronic signature SOURCE: Regulation (EU) N 910/2014 1, Article 3 (22) 3.9 qualified electronic signature advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures SOURC

44、E: Regulation (EU) N 910/2014 1, Article 3 (12) 3.10 certificate for electronic signature electronic attestation which links electronic signature validation data to a natural person and confirms at least the name or the pseudonym of that person SOURCE: Regulation (EU) N 910/2014 1, Article 3 (14) PD

45、 CEN/TR 419040:2018CEN/TR 419040:2018 (E) 8 3.11 signatory natural person who creates an electronic signature SOURCE: Regulation (EU) N 910/2014 1 Article 3 (9) 3.12 certificate public key of a user, together with some other information, rendered un-forgeable by encipherment with the private key of

46、the certification authority which issued it Note 1 to entry: The term certificate is used for public key certificate within the present document. SOURCE: ISO/IEC 9594-8 / ITU-T Recommendation X.509 3.13 entity authentication means the corroboration of the claimed identity of an entity and a set of i

47、ts observed attributes SOURCE: Modinis Study on Identity Management in eGovernment Common terminological framework for interoperable electronic identity management, v2.01, November 23, 2005. 3.14 data authentication means the corroboration that the origin and the integrity of data are as claimed SOU

48、RCE: Modinis Study on Identity Management in eGovernment Common terminological framework for interoperable electronic identity management, v2.01, November 23, 2005. 3.15 data authentication data means data in electronic form which are attached to or logically associated with other electronic data an

49、d which corroborates the identity of the entity at the origin of the associated data and the integrity of the associated data. SOURCE: Feasibility study on an electronic identification, authentication and signature policy (IAS) carried out for the European Commission by DLA Piper, SEALED, time.lex, Price Waterhouse Coopers and Studio Genghini the qualified electronic signature (QES) which is an advanced electronic signature which provides additional level of assurance on the iden

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1