ImageVerifierCode 换一换
格式:PDF , 页数:38 ,大小:2.60MB ,
资源ID:592374      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-592374.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(CEN TR 419200-2017 Guidance for signature creation and other related devices.pdf)为本站会员(testyield361)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

CEN TR 419200-2017 Guidance for signature creation and other related devices.pdf

1、Guidance for signature creation and other related devicesPD CEN/TR 419200:2017BSI Standards PublicationWB11885_BSI_StandardCovs_2013_AW.indd 1 15/05/2013 15:06TECHNICAL REPORT RAPPORT TECHNIQUE TECHNISCHER BERICHT CEN/TR 419200 May 2017 ICS 35.030; 35.240.30 English Version Guidance for signature cr

2、eation and other related devicesLignes directrices pour la cration de signatires et autres dispositifs associs Anleitung zur Signaturerstellung und andere hnliche Gerte This Technical Report was approved by CEN on 17 April 2017. It has been drawn up by the Technical Committee CEN/TC 224. CEN members

3、 are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal,

4、 Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels 2017 CEN All rights of exploitation in an

5、y form and by any means reserved worldwide for CEN national Members. Ref. No. CEN/TR 419200:2017 ENational forewordThis Published Document is the UK implementation of CEN/TR 419200:2017.The UK participation in its preparation was entrusted to Technical Committee IST/17, Cards and personal identifica

6、tion.A list of organizations represented on this committee can be obtained on request to its secretary.This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. The British Standards Institution 2017 Published by BSI S

7、tandards Limited 2017ISBN 978 0 580 96261 5ICS 35.240.30; 35.030Compliance with a British Standard cannot confer immunity from legal obligations.This Published Document was published under the authority of the Standards Policy and Strategy Committee on 31 August 2017.Amendments/corrigenda issued sin

8、ce publicationDate Text affectedPUBLISHED DOCUMENTPD CEN/TR 419200:2017TECHNICAL REPORT RAPPORT TECHNIQUE TECHNISCHER BERICHT CEN/TR 419200 May 2017 ICS 35.030; 35.240.30 English Version Guidance for signature creation and other related devicesLignes directrices pour la cration de signatires et autr

9、es dispositifs associs Anleitung zur Signaturerstellung und andere hnliche Gerte This Technical Report was approved by CEN on 17 April 2017. It has been drawn up by the Technical Committee CEN/TC 224. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech

10、 Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United King

11、dom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels 2017 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. CEN/TR 419

12、200:2017 EPD CEN/TR 419200:2017CEN/TR 419200:2017 (E) 2 Contents Page European foreword . 4 Introduction 5 1 Scope 6 2 Terms and definitions . 6 3 Symbols and abbreviations . 7 4 Some concepts related to signature creation and other related devices 8 4.1 Different types of signatures and seals . 8 4

13、.2 Signature versus seal . 8 4.3 What are a signature creation device or other related devices . 8 4.3.1 General 8 4.3.2 Qualified electronic signature creation device 8 4.3.3 Qualified electronic seal creation device 10 4.4 Trusted versus un-trusted environment for electronic signature . 10 4.5 Mob

14、ile environment 11 5 Types of services related to signature Scoping factors . 11 5.1 General . 11 5.2 Services related to signature for a QSCD . 12 5.2.1 General . 12 5.2.2 Signature service 12 5.2.3 Privacy aspects 12 5.2.4 Identification service 14 5.2.5 Authentication service . 14 5.2.6 Other pot

15、ential services 14 5.3 Services related to signature for a TSP. 16 5.3.1 General . 16 5.3.2 Signature service 16 5.3.3 Certification Authority service 17 5.3.4 Other services 17 6 Selecting the Most Appropriate Standards and options 17 6.1 Sub-Areas of Standardization 17 6.1.1 General . 17 6.1.2 Pol

16、icy and security Requirements . 18 6.1.3 Technical Specifications 20 6.1.4 Conformity Assessment . 20 6.1.5 Interoperability Testing 20 6.2 Selection of standards 21 Annex A (informative) Business aspects/ Use cases from signature creation devices view 22 A.1 General . 22 A.2 Telecommunications 22 A

17、.3 Identity . 22 A.4 Health . 23 A.5 Corporate 23 A.6 Bank 24 PD CEN/TR 419200:2017CEN/TR 419200:2017 (E) 3 Annex B (informative) Illustration of Application of Standards . 25 B.1 General . 25 B.2 Telecommunications . 25 B.2.1 First example 25 B.2.2 Second example . 25 B.3 Identity . 25 B.3.1 Genera

18、l . 25 B.3.2 First example 26 B.3.3 Second example . 26 B.3.4 Third example 27 B.4 Health 27 B.4.1 First example 27 B.4.2 Second example . 28 B.5 Corporate . 28 B.5.1 First example 28 B.5.2 Second example . 28 B.6 Bank . 28 B.6.1 First example 28 B.6.2 Second example . 29 Annex C (informative) Compa

19、rison of definitions between Directive 1999/93/EC and Regulation (EU) 910/2014 30 Bibliography . 32 PD CEN/TR 419200:2017CEN/TR 419200:2017 (E) 4 European foreword This document (CEN/TR 419200:2017) has been prepared by Technical Committee CEN/TC 224 “Personal identification and related personal dev

20、ices with secure element, systems, operations and privacy in a multi sectorial environment”, the secretariat of which is held by AFNOR. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsib

21、le for identifying any or all such patent rights. This document has been prepared under a mandate given to CEN by the European Commission and the European Free Trade Association. PD CEN/TR 419200:2017CEN/TR 419200:2017 (E) 5 Introduction ETSI/TR 119 000 16 provides a general structure for electronic

22、 signatures standardization outlining existing and potential standards for electronic signatures. This identifies six areas of standardization with a list of existing and potential future standards in each area. This guide is part of a series of guidance documents assisting users and their suppliers

23、 in identifying the electronic signature standards and options relevant to their need. Each guide addresses a particular area as identified in ETSI/TR 119 000 16. This series is based on the process of selecting Business Scoping Parameters for each area of standardization based on an analysis of the

24、 business requirements. The selection of these scoping parameters is based on a process involving an analysis of the business requirements and associated risks leading to an identification of the policy and security requirements and the resulting Business Scoping Parameters from which the appropriat

25、e standards and options can be selected. Having identified the requirements in terms of Business Scoping Parameters for an area, each guidance document provides assistance in selecting the appropriate standards and options for that area. Where standards and options within one area make use of anothe

26、r area this is stated in terms of Scoping Parameters of that other area. This guidance does not include any normative requirements but provides guidance on addressing the signature creation and other related devices area, on the selection of applicable standards and their options for a particular bu

27、siness implementation context and associated business requirements and on the implementation of a standard (or a series of standards). This area covers signature devices but also electronic signature-related devices including (not exhaustively) authentication devices, identity devices offering value

28、 added services around electronic signatures. This list can be extended as further services that could be listed for devices are identified. This general process of the selection of standards and options is described further in ETSI/TR 119 000:2015, 4.2.6 16. PD CEN/TR 419200:2017CEN/TR 419200:2017

29、(E) 6 1 Scope The Technical Report provides guidance on the selection of standards and options for the signature/seal creation and other related devices (area 2) as identified in the framework for standardization of signatures: overview ETSI/TR 119 000 16. The Technical Report describes the Business

30、 Scoping Parameters relevant to this area (see Clause 5) and how the relevant standards and options for this area can be identified given the Business Scoping Parameters (Clause 6). The target audience of this document includes: business managers who potentially require support from electronic signa

31、tures/seals in their business and will find here an explanation of how electronic signatures/seals standards can be used to meet their business needs; application architects who will find here material that will guide them throughout the process of designing a system that fully and properly satisfie

32、s all the business and legal/regulatory requirements specific to electronic signatures/seals, and will gain a better understanding on how to select the appropriate standards to be implemented and/or used; developers of the systems who will find in this document an understanding of the reasons that l

33、ead the systems to be designed as they were, as well as a proper knowledge of the standards that exist in the field and that they need to know in detail for a proper development. 2 Terms and definitions For the purposes of this document, the following terms and definitions apply. NOTE Legal definiti

34、ons (from Directive 1999/93/EC 20 or Regulation (EU) 910/2014 21) relative to this document can be found in Annex C. 2.1 secure element SE tamper resistant component used to provide security, confidentiality, and multiple application environment required to support various business models EXAMPLE UI

35、CC, embedded SE, smartSD, smart microSD, etc. 2.2 trusted execution environment TEE specific execution environment on the mobile phone (or any connected device) application processor that is made of both software and, depending of the support of the processor, hardware parts, to manage the access co

36、ntrol to the memory management unit and define a boundary between secure and unsecure (mobile OS) execution environment 2.3 trusted user interface TUI means to securely address user interaction for sensitive applications through the display, keyboard, microphone, etc. PD CEN/TR 419200:2017CEN/TR 419

37、200:2017 (E) 7 3 Symbols and abbreviations For the purposes of this document, the following symbols and abbreviations apply. C/S Client/Server CC Common Criteria CSP Certification Service Provider CV Card Verifiable (certificate) HIC Health Insurance Card HPC Health Provider Card IAS Identification,

38、 Authentication and Signature IBAN International Bank Account Number ICC Integrated Circuit Card MNO Mobile Network Operator PIN Personal Identification Number PIV Personal Identity Verification (card) PK Public Key PP Protection Profile QSCD Qualified electronic Signature Creation Device SC Sole Co

39、ntrol SCA Signature-Creation Application SCC Sole Control Component SCDev Signature Creation Device SE Secure Element SIM Subscriber Identity Module SSA Server Signing Application SSCD Secure Signature Creation Device SSH Secure Shell protocol SSL Secure Sockets Layer protocol STIC Systme de Traitem

40、ent des Infractions Constates (system for processing recorded infringements) SVA Signature-Validation Application SWIFT Society for Worldwide Interbank Financial Telecommunication TEE Trusted Execution Environment TLS Transport Layer Security protocol TSCM Trustworthy Signature Creation Module TSP T

41、rust Service Provider TUI Trusted User Interface (in the context of TEE) TW4S Trustworthy Systems Supporting Server Signing UICC Universal Integrated Circuit Card PD CEN/TR 419200:2017CEN/TR 419200:2017 (E) 8 4 Some concepts related to signature creation and other related devices 4.1 Different types

42、 of signatures and seals Regulation (EU) 910/2014 21 introduces several levels for signatures, starting from “basic” electronic signature up to advanced electronic signature. An advanced electronic signature created by a qualified electronic signature creation device and based on a qualified certifi

43、cate is equivalent to a hand-written signature. Regulation (EU) 910/2014 21 introduces the notion of electronic seal, and gives several levels as for electronic signatures, starting from “basic” electronic seal up to advanced electronic seal. An advanced electronic seal created by a qualified electr

44、onic seal creation device and based on a qualified certificate can benefit from the presumption of integrity and correctness of origin of the data to which the seal is linked. The intention is e.g. to allow companies to issue business documents (e.g. invoices) matching EU legal requirements. 4.2 Sig

45、nature versus seal An electronic seal is the electronic equivalent of a seal or stamp which applied on a document guarantees its origin and integrity. A seal can be viewed as an authoritys proof of a documents content integrity, authenticity and level of authority, while a signature is a persons or

46、legal entitys commitment to the content of a document. A seal is created by a legal person (e.g. the tax revenue officer) and it expresses the will of the authority (the state) in whose name the seal-creator acts. A signature always expresses the will of the signer himself. Technically this means th

47、at a signature will always be confirmed by an explicit user verification entry (e.g. PIN verification); this will not be systematically the case for a seal (see EN 419212-2:2014 26, Annex B, Table 1). In the rest of this document there will be no particular notion of a seal since it technically comp

48、ares to the signature and does not need additional specific standards. 4.3 What are a signature creation device or other related devices 4.3.1 General The term “signature creation or other related devices” encompasses the signature creation device and other signature-related devices including identi

49、fication device, authentication device, seal device or signature verification device (see Clause 5 for security services around electronic signature). 4.3.2 Qualified electronic signature creation device An advanced electronic signature based on a qualified certificate and created by a qualified electronic signature creation device (QSCD) is equivalent to a hand-written signature and is legally recognized. Such QSCD is defined by Regulation (EU) 910/2014 as the following: Qualified electronic signature creation device is an electronic si

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1