ImageVerifierCode 换一换
格式:PDF , 页数:30 ,大小:1.63MB ,
资源ID:592777      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-592777.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(CEN TS 419241-2014 Security Requirements for Trustworthy Systems Supporting Server Signing《支持服务器签名的可信系统的安全要求》.pdf)为本站会员(syndromehi216)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

CEN TS 419241-2014 Security Requirements for Trustworthy Systems Supporting Server Signing《支持服务器签名的可信系统的安全要求》.pdf

1、BSI Standards PublicationSecurity Requirements forTrustworthy Systems Supporting Server SigningPD CEN/TS 419241:2014National forewordThis Published Document is the UK implementation of CEN/TS419241:2014.The UK participation in its preparation was entrusted to TechnicalCommittee IST/17, Cards and per

2、sonal identification.A list of organizations represented on this committee can be obtained onrequest to its secretary.This publication does not purport to include all the necessary provisions ofa contract. Users are responsible for its correct application. The British Standards Institution 2014.Publ

3、ished by BSI Standards Limited 2014ISBN 978 0 580 82798 3ICS 35.240.99Compliance with a British Standard cannot confer immunity fromlegal obligations.This Published Document was published under the authority of theStandards Policy and Strategy Committee on 30 April 2014.Amendments/corrigenda issued

4、since publicationDate Text affectedPUBLISHED DOCUMENTPD CEN/TS 419241:2014TECHNICAL SPECIFICATION SPCIFICATION TECHNIQUE TECHNISCHE SPEZIFIKATION CEN/TS 419241 March 2014 ICS 35.240.99 English Version Security Requirements for Trustworthy Systems Supporting Server Signing Exigences de scurit pour de

5、s systmes fiables de serveur de signature lectronique Sicherheitsanforderungen fr Vertrauenswrdige Systeme, die Serversignaturen untersttzen This Technical Specification (CEN/TS) was approved by CEN on 14 October 2013 for provisional application. The period of validity of this CEN/TS is limited init

6、ially to three years. After two years the members of CEN will be requested to submit their comments, particularly on the question whether the CEN/TS can be converted into a European Standard. CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make t

7、he CEN/TS available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in parallel to the CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN is reached. CEN members are the national standards bodi

8、es of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Sp

9、ain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels 2014 CEN All rights of exploitation in any form and by any means reserved worldwi

10、de for CEN national Members. Ref. No. CEN/TS 419241:2014 EPD CEN/TS 419241:2014CEN/TS 419241:2014 (E) 2 Contents Page Foreword 3 Introduction .4 1 Scope 5 1.1 General 5 1.2 Out of scope .5 1.3 Audience .5 2 Normative references 6 3 Terms and definitions .6 4 Symbols and abbreviations 9 5 Description

11、 of Trustworthy Systems Supporting Server Signing . 10 5.1 General . 10 5.2 Signature Creation and Server Signing Objectives 10 5.3 AdES bound to a natural or legal person . 10 5.4 Levels of sole control . 10 5.5 Batch Server Signing . 11 5.6 SCD 11 5.6.1 General . 11 5.6.2 SCD for AdES 11 5.6.3 SCD

12、 for QES 11 5.6.4 Signers authentication and SAD 12 5.6.5 Privileged system users . 12 5.7 Functional model 12 5.7.1 General . 12 5.7.2 Scopes of requirements depending of sole control levels 12 5.7.3 SSA Core Components 13 5.7.4 SCD activation mechanisms 14 6 Security Requirements . 16 6.1 General

13、. 16 6.2 General Security Requirements (SRG) . 16 6.2.1 Management (SRG_M) 16 6.2.2 Systems and Operations (SRG_SO) . 17 6.2.3 Identification and Authentication (SRG_IA) . 18 6.2.4 System Access Control (SRG_SA) . 18 6.2.5 Key Management (SRG_KM) . 19 6.2.6 Accounting and Auditing (SRG_AA). 20 6.2.7

14、 Archiving (SRG_AR) . 22 6.2.8 Backup and Recovery (SRG_BK) 22 6.3 Core Components Security Requirements (SRC) . 23 6.3.1 SCD Setup (SRC_DS) Cryptographic key (SRC_DS.1) . 23 6.3.2 Signer Authentication (SRC_SA) 23 6.3.3 Signature Creation (SRC_SC) 23 6.4 Additional Security Requirements for Level 2

15、 (SRA) 23 6.4.1 General . 23 6.4.2 SCD Activation (SRA_DA) 24 Bibliography . 26 PD CEN/TS 419241:2014CEN/TS 419241:2014 (E) 3 Foreword This document (CEN/TS 419241:2014) has been prepared by Technical Committee CEN/TC 224 “Personal identification, electronic signature and cards and their related sys

16、tems and operations”, the secretariat of which is held by AFNOR. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights. This document has bee

17、n prepared under a mandate given to CEN by the European Commission and the European Free Trade Association. Successful implementation of European Directive 1999/93/EC on a community framework for electronic signatures requires standards for services, processes, systems and products related to electr

18、onic signatures as well as guidance for conformity assessment of such services, processes, systems and products. In 1999 the European ICT Standards Board, with the support of the European Commission, undertook an initiative bringing together industry and public authorities, experts and other market

19、players, to create the European Electronic Signature Standardization Initiative (EESSI). Within this framework the Comit Europen de Normalisation / Information Society Standardization System (CEN/ISSS) and the European Telecommunications Standards Institute / Electronic Signatures and Infrastructure

20、s (ETSI/ESI) were entrusted with the execution of a work programme to develop generally recognized standards to support the implementation of Directive 1999/93/EC and the development of a European electronic signature infrastructure. This document will describe security requirements for a server-sid

21、e system using certificates in order to create advanced electronic signatures (AdES) in accordance with the requirements of the European Directive on Electronic Signature 1999/93. The signature is to be supported by a qualified certificate, or other public key certificate issued for the purposes of

22、signing, issued by a Trust Services Provider (TSP) operating to recognized good practices (e.g. ETSI EN 319 411-3 (aka ETSI/TS 102 042) or ETSI EN 319 411-2 (aka ETSI/TS 101 456). The document will include requirements for the use of the appropriate protection profiles for the Signature Creation Dev

23、ice (SCDev). The purpose of the trustworthy system is to produce an advanced electronic signature created under sole control of a natural person, or a legal person (such advanced electronic signatures produced by legal persons are called electronic seals). The Signature Generation Service Provider (

24、SGSP) operates the trustworthy system in an environment with a security policy which incorporates general physical, personnel, procedural and documentation security requirements as defined in ETSI EN 319 411-2 / ETSI EN 319 411-3. This document is identified as CEN/TS 419241 within the Rationalised

25、Framework for Electronic Signature Standardization ETSI SR 001 604. According to the CEN-CENELEC Internal Regulations, the national standards organizations of the following countries are bound to announce this Technical Specification: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denm

26、ark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. PD CEN/TS 4192

27、41:2014CEN/TS 419241:2014 (E) 4 Introduction The European Directive 1999/93/EC establishes a framework of requirements for the use of electronic signatures. This Directive also introduces the notion of advanced electronic signature which is defined as legally equivalent to a hand-written one if gene

28、rated by a physical person using a qualified certificate stored in a Secure Signature Creation Device (SSCD). Since the publication of the Directive, other forms of electronic signatures have appeared in order to meet market needs (e.g. e-Invoicing, e-Procurement). These other forms do not necessari

29、ly require the use by a natural or legal person of a secure signature creation device and/or qualified certificate. One of these forms is an electronic signature created using a networked server. The Signature Creation Data (SCD) is under control of an individual user but held centrally within a sha

30、red server, instead on a secure signature creation device held by the signatory. It is not the intent of this standard to limit the type of public key certificate, qualified or otherwise, used by the networked signing server. The main objective of this standard is to define requirements and recommen

31、dations for a networked signing server which may process electronic certificates used by natural or legal persons for electronically signing documents. This document specifies basic requirements for server signing. Additional specifications may be issued which provide more detailed requirements. For

32、 further details see ETSI SR 001 604. PD CEN/TS 419241:2014CEN/TS 419241:2014 (E) 5 1 Scope 1.1 General This document specifies security requirements and recommendations for Trustworthy System Supporting Server Signing (TW4S) that generate advanced electronic signatures as defined in Directive 1999/

33、93/EC. This document may also be applied to electronic signatures complying to Article 5(1) of Directive 1999/93/EC employing a Secure Signature Creation Device (SSCD) compliant with Annex III and supported by a qualified electronic signature. The Server Signing Application (SSA) runs on a networked

34、 server supporting one or more signatories to remotely sign electronic documents using centralized signature keys held on the signing server under sole control of the signatory. An SSA is intended to deliver to the user or to some other application process in a form specified by the user, an Advance

35、d- or where applicable a Qualified - Electronic Signature associated with a Signers Document as a Signed Data Object. This document: provides commonly recognized functional models of TW4S; specifies overall requirements that apply across all of the services identified in the functional model; specif

36、ies security requirements for each of the services identified in the SSA. specifies security requirements for sensitive system components which may be used by the SSA (e.g. Signature Creation Device (SCDev). This document does not specify technologies and protocols, but rather identifies requirement

37、s on the security on technologies to be employed. 1.2 Out of scope The following aspects are considered to be out of scope: other trusted services that may be used alongside this service such as signature validation service, time-stamping service and information preservation service, any application

38、 or system outside of the SSA, the legal interpretation of any form of signature (e.g. the implications of countersignatures, of multiple signatures and of signatures covering complex information structures containing other signatures). 1.3 Audience This document specifies security requirements that

39、 are intended to be followed by: providers of SSA systems. Trust Service Providers (TSP) offering signature generation service. PD CEN/TS 419241:2014CEN/TS 419241:2014 (E) 6 2 Normative references The following documents, in whole or in part, are normatively referenced in this document and are indis

40、pensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. EN 419211 (all parts), Protection profiles for secure signature creation device CWA 14167-2, Cryptographic mod

41、ule for CSP signing operations with backup Protection profile CMCSOB PP CWA 14167-3, Cryptographic module for CSP key generation services protection profile CMCKG-PP CWA 14167-4, Cryptographic module for CSP signing operations Protection profile CMCSO PP ISO/IEC 15408 (all parts), Information techno

42、logy Security techniques Evaluation criteria for IT security ISO/IEC 19790:2006, Information technology Security techniques Security requirements for cryptographic modules 3 Terms and definitions For the purposes of this document, the following terms and definitions apply. 3.1 Advanced Electronic Si

43、gnature electronic signature which meets the following requirements: it is uniquely linked to the signer; it is capable of identifying the signer; it is created using means that the signer can maintain under his sole control; and it is linked to the data to which it relates in such a manner that any

44、 subsequent alteration of the data is detectable SOURCE: Directive 1999/93/EC 3.2 Certificate electronic attestation that links a signature verification data to a person, and confirms the identity of that person SOURCE: Directive 1999/93/EC 3.3 Certificate Identifier unambiguous identifier of a Cert

45、ificate 3.4 Certification Service Provider entity or a legal or natural person who issues certificates or provides other services related to electronic signatures SOURCE: Directive 1999/93/EC PD CEN/TS 419241:2014CEN/TS 419241:2014 (E) 7 3.5 Data Content Type signature attribute that expresses the e

46、ncoding format of the Signers Document (SD) 3.6 Data To Be Signed data (e.g. a document or parts of a document) to be signed as well as any signature attributes that are bound together with the data by the signature NOTE Data To Be Signed is the input to the cryptographic signing algorithm. The spec

47、ific way that Data To Be Signed and any signature attributes are fed as input is defined in the specifications of the signature type in use. 3.7 Electronic Signature data in electronic form attached to - or logically associated with - other electronic data and which serves as a method of authenticat

48、ion of that data SOURCE: Directive 1999/93/EC 3.8 Qualified Certificate certificate which meets the requirements laid down in Annex I of the Directive i.e. Dir. 1999/93/EC and is provided by a certification service provider who fulfils the requirements laid down in Annex II of that Directive SOURCE:

49、 Directive 1999/93/EC 3.9 Qualified Electronic Signature advanced electronic signature which is based on a qualified certificate and which is created by a secure signature creation device Note 1 to entry: This definition based on Article 5.1 of Directive 1999/93/EC. 3.10 Secure Signature Creation Device signature creation device that meets the requirements laid down in Annex III of the EU Directive SOURCE: Directive 1999/93/EC 3.11 Signatory Signer person who holds a signature creation device and acts

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1