ImageVerifierCode 换一换
格式:PDF , 页数:16 ,大小:281.35KB ,
资源ID:736543      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-736543.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ETSI TR 119 400-2016 Electronic Signatures and Infrastructures (ESI) Guidance on the use of standards for trust service providers supporting digital signatures and related services.pdf)为本站会员(hopesteam270)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ETSI TR 119 400-2016 Electronic Signatures and Infrastructures (ESI) Guidance on the use of standards for trust service providers supporting digital signatures and related services.pdf

1、 ETSI TR 119 400 V1.1.1 (2016-03) Electronic Signatures and Infrastructures (ESI); Guidance on the use of standards for trust service providers supporting digital signatures and related services TECHNICAL REPORT ETSI ETSI TR 119 400 V1.1.1 (2016-03) 2 Reference DTR/ESI-0019400 Keywords e-commerce, e

2、lectronic signature, security, trust services ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice T

3、he present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization

4、 of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware

5、 that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following serv

6、ices: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version sh

7、all not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2016. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered f

8、or the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TR 119 400 V1.1.1 (2016-03) 3 Contents Intellectual Pro

9、perty Rights 4g3Foreword . 4g3Modal verbs terminology 4g3Introduction 4g31 Scope 5g32 References 5g32.1 Normative references . 5g32.2 Informative references 5g33 Definitions and abbreviations . 7g33.1 Definitions 7g33.2 Abbreviations . 7g34 Introduction to trust services and trust service providers

10、. 7g34.1 What is a trust service and trust service provider . 7g34.2 Types of trust service provider . 8g34.2.1 TSP issuing certificates . 8g34.2.2 TSP issuing time-stamps . 8g34.2.3 Other potential trust services 8g34.2.4 Other trust services outside scope . 9g35 Aspects of trust services requiring

11、 standardization 9g35.1 Policy Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, includ

12、ing IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Report (TR) has been p

13、roduced by ETSI Technical Committee Electronic Signatures and Infrastructures (ESI). Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Dr

14、afting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. Introduction ETSI TR 119 000 i.2 (“The framework for standardization of signatures: overview“) provides an overview of the general structure f

15、or digital signatures standardization outlining existing and potential standards for such signatures. It identifies six areas of standardization with a list of existing and potential future standards in each area. The present document is one of a series guidance documents to assist readers and their

16、 suppliers in identifying the digital signature standards, as well as technical specifications, and their options relevant to their needs. Each guide addresses a particular area as identified in ETSI TR 119 000 i.2. This series is based on the process of selecting business scoping parameters for eac

17、h area of standardization. The selection of these scoping parameters is based on process involving an analysis of the business requirements and associated risks leading to an identification of the policy and security requirements and to an analysis of the resulting business scoping parameters from w

18、hich the appropriate standards and options can be selected. From the requirements expressed in terms of business scoping parameters for an area, each guidance document provides assistance in selecting the appropriate standards and their options for that area. Where standards, as well as technical sp

19、ecifications, and their options within one area make use of another area this is stated in terms of scoping parameters of that other area. A trust service is a service which enhances the trust and confidence in electronic transactions between parties. They are used, for example, to certify ownership

20、 of keys used for digital signatures. The present document does not include any normative requirements but provides guidance on addressing the trust service provider (TSP) supporting digital signatures, on the selection of applicable standards and their options for a particular business implementati

21、on context and associated business requirements. This general process of the selection of standards and options is described further in ETSI TR 119 000 i.2, clause 4.2.6. ETSI ETSI TR 119 400 V1.1.1 (2016-03) 5 1 Scope The present document provides guidance on the selection of standards and options

22、for the trust service provider supporting digital signatures and related services (area 4) as identified in ETSI TR 119 000 i.2. The present document describes the business scoping parameters relevant to this area (see clause 5) and how the relevant standards and options for this area can be identif

23、ied given the business scoping parameters (see clause 6). The target audience of the present document includes: 1) Business managers who potentially require support from digital signatures and in particular the provision of related supporting trust services in their business will find here an explan

24、ation of how digital signatures standards can be used to meet their business needs. 2) Application architects who will find here material that will guide them throughout the process of designing a system that fully and properly satisfies all the business and legal/regulatory requirements specific to

25、 digital signatures and in particular the provision of related supporting trust services. They will gain a better understanding on how to select the appropriate standards to be implemented and/or used. 3) Developers of the systems who will find in the present document an understanding of the main re

26、asons that lead the systems to be designed as they were, as well as a proper knowledge of the standards that exist in the field and that they need to know in detail for a proper development. 2 References 2.1 Normative references References are either specific (identified by date of publication and/o

27、r edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. Referenced documents which are not found to be publicly available in the expect

28、ed location might be found at https:/docbox.etsi.org/Reference/. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are necessary for the application of the present document. Not

29、 applicable. 2.2 Informative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (inc

30、luding any amendments) applies. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are not necessary for the application of the present document but they assist the user with reg

31、ard to a particular subject area. i.1 Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC. i.2 ETSI TR 119 000: “Electronic Signatures and Infra

32、structures (ESI); The framework for standardization of signatures: overview“. i.3 ETSI TR 119 100: “Electronic Signatures and Infrastructures (ESI); Guidance on the use of standards for signature creation and validation“. ETSI ETSI TR 119 400 V1.1.1 (2016-03) 6 i.4 ETSI EN 319 401: “Electronic Signa

33、tures and Infrastructures (ESI); General policy requirements for trust service providers“. i.5 ETSI EN 319 411-1: “Electronic Signatures and Infrastructures (ESI); Policy and security requirements for Trust Service Providers issuing certificates; Part 1: General requirements“. i.6 ETSI EN 319 411-2:

34、 “Electronic Signatures and Infrastructures (ESI); Policy and security requirements for Trust Service Providers issuing certificates; Part 2: Requirements for trust service providers issuing EU qualified certificates“. i.7 ETSI EN 319 421: “Electronic Signatures and Infrastructures (ESI); Policy and

35、 Security Requirements for Trust Service Providers issuing Time-Stamps“. i.8 ETSI EN 319 412-1: “Electronic Signatures and Infrastructures (ESI); Certificate Profiles; Part 1: Overview and common data structures“. i.9 ETSI EN 319 412-2: “Electronic Signatures and Infrastructures (ESI); Certificate P

36、rofiles; Part 2: Certificate Profile for certificates issued to natural persons“. i.10 ETSI EN 319 412-3: “Electronic Signatures and Infrastructures (ESI); Certificate Profiles; Part 3: Certificate Profile for certificates issued to legal persons“. i.11 ETSI EN 319 412-4: “Electronic Signatures and

37、Infrastructures (ESI); Certificate Profiles; Part 4: Certificate Profile for web site certificates“. i.12 ETSI EN 319 412-5: “Electronic Signatures and Infrastructures (ESI); Certificate Profiles; Part 5: QCStatements“. i.13 ETSI EN 319 422: “Electronic Signatures and Infrastructures (ESI); Time-sta

38、mping protocol and time-stamp token profiles“. i.14 ETSI EN 319 403: “Electronic Signatures and Infrastructures (ESI); Trust Service Provider Conformity Assessment - Requirements for conformity assessment bodies assessing Trust Service Providers“. i.15 ETSI EN 319 122 (all parts): “Electronic Signat

39、ures and Infrastructures (ESI); CAdES digital signatures“. i.16 ETSI EN 319 132 (all parts): “Electronic Signatures and Infrastructures (ESI); XAdES digital signatures“. i.17 ETSI EN 319 142 (all parts): “Electronic Signatures and Infrastructures (ESI); PAdES digital signatures“. i.18 ETSI EN 319 16

40、2 (all parts): “Electronic Signatures and Infrastructures (ESI); Associated Signature Containers (ASiC)“. i.19 ISO 15408: “Information technology - Security techniques - Evaluation criteria for IT security“. i.20 Recommendation ITU-T X.509/ISO/IEC 9594-8: “Information technology - Open Systems Inter

41、connection - The Directory: Public-key and attribute certificate frameworks“. i.21 IETF RFC 3161: “Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP)“. i.22 IETF RFC 5246: “The Transport Layer Security (TLS) Protocol Version 1.2“. i.23 ETSI SR 019 020: “The framework for standardizat

42、ion of signatures; Standards for AdES digital signatures in mobile and distributed environments“. i.24 ETSI TR 119 500: “Electronic Signatures and Infrastructures (ESI); Guidance on the use of standards for trust application service providers“. i.25 ETSI TR 119 001: “Electronic Signatures and Infras

43、tructures (ESI); The framework for standardization of signatures; Definitions and abbreviations“. ETSI ETSI TR 119 400 V1.1.1 (2016-03) 7 i.26 CA/Browser Forum: “Guidelines for The Issuance and Management of Extended Validation Certificates“. i.27 CA/Browser Forum: “Baseline Requirements for the Iss

44、uance and Management of Publicly-Trusted Certificates“. i.28 ISO/IEC 27002: “Information technology - Security techniques - Code of practice for information security management“. i.29 IETF RFC 5816: “ESSCertIDv2 Update for RFC 3161“. 3 Definitions and abbreviations 3.1 Definitions For the purposes o

45、f the present document, the terms and definitions given in ETSI TR 119 001 i.25 and the following apply: EU qualified trust service provider: trust service provider that meets the requirements for qualified trust service providers laid down in Regulation (EU) No 910/2014 i.1 NOTE: These definitions

46、are aligned with those used in the standards referred to in the present document. 3.2 Abbreviations For the purposes of the present document, the abbreviations given in ETSI TR 119 001 i.25 and the following apply: CA Certification Authority SSL Secure Socket Layer NOTE: Newer version of this protoc

47、ol has been specified as TLS i.22. TLS Transport Layer Security 4 Introduction to trust services and trust service providers 4.1 What is a trust service and trust service provider A trust service is a service which enhances the trust and confidence in electronic transactions between parties. A trust

48、 service is provided by a “third“ party (trust service provider - TSP) which needs to be trusted (directly or indirectly) by the transacting parties. The TSP provides information (e.g. a key that may be used to authenticate an identified person), in the form of a trust service token which can be use

49、d by the transacting parties to enhance the security of transactions between them. Generally, a TSP also provides associated management services to maintain information used in the trust service tokens. The concept of TSP is a generalization of an earlier concept of a provider of public key certificates, commonly called a certification authority. The concept of trust service and trust service provider is also used in relation to specific regulatory requirements in the European Union Regulation (EU)

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1