ImageVerifierCode 换一换
格式:PDF , 页数:29 ,大小:199.46KB ,
资源ID:739214      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-739214.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ETSI TS 102 573-2007 Electronic Signatures and Infrastructures (ESI) Policy requirements for trust service providers signing and or storing data for digital accounting《电子签名和基础结构(ES.pdf)为本站会员(towelfact221)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ETSI TS 102 573-2007 Electronic Signatures and Infrastructures (ESI) Policy requirements for trust service providers signing and or storing data for digital accounting《电子签名和基础结构(ES.pdf

1、 ETSI TS 102 573 V1.1.1 (2007-07)Technical Specification Electronic Signatures and Infrastructures (ESI);Policy requirements for trust service providers signingand/or storing data for digital accountingETSI ETSI TS 102 573 V1.1.1 (2007-07) 2 Reference DTS/ESI-000047 Keywords e-commerce, electronic s

2、ignature, provider, security, trust services ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice In

3、dividual copies of the present document can be downloaded from: http:/www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Docu

4、ment Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the

5、current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be repr

6、oduced except as authorized by written permission. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2007. All rights reserved. DECTTM, PLUGTESTSTM and UMTSTM are Trade Marks of ETSI registered for the benefit of its Memb

7、ers. TIPHONTMand the TIPHON logo are Trade Marks currently being registered by ETSI for the benefit of its Members. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. ETSI ETSI TS 102 573 V1.1.1 (2007-07) 3 Contents Intellectual Property

8、 Rights4 Foreword.4 Introduction 4 1 Scope 5 2 References 5 3 Definitions and abbreviations.6 3.1 Definitions6 3.2 Abbreviations .7 4 Notation8 5 General concepts 8 5.1 Fiscally Relevant Documents .8 5.2 Basic Model9 5.3 Commonly Acceptable Practices for Trusted Service Providers9 5.4 ISO/IEC 27001

9、ISMS and “Policy Requirements“.10 5.5 Normalized and Extended Policy Requirements 10 5.6 User Community and Applicability11 5.7 Conformance requirements 11 6 Obligations .11 6.1 Trust service providers obligations 11 6.2 Trust service providers organizational requirements12 6.3 Subscriber obligation

10、s 13 6.4 Information for trading partner.13 6.5 Information for auditor/regulatory/tax authorities13 Annex A (normative): Objectives and controls - signature and storage .15 Annex B (normative): Objectives and controls - information security management 21 Annex C (informative): Bibliography.28 Histo

11、ry 29 ETSI ETSI TS 102 573 V1.1.1 (2007-07) 4 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be fo

12、und in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/webapp.etsi.org/IPR/home.asp). Pursuant to

13、the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. F

14、oreword This Technical Specification (TS) has been produced by ETSI Technical Committee Electronic Signatures and Infrastructures (ESI). Introduction Electronic records can provide a sound basis for maintaining accounting information, and with the application of good practices can prove more secure

15、and robust than the use of paper. The use of e-Invoicing and digital accounting is of major importance to European enterprises, because it can reduce significantly administrative costs. The European Directive on e-Invoicing 2001/115/EC 9 recognises the potential use of Advanced Electronic Signatures

16、 to protect the authenticity and integrity of electronic invoices. Some European national governments already regulate practices for the integrity and authenticity of digital accounting data through use of electronic signatures and data formats that are not vulnerable to changes in presentation thro

17、ugh malicious code. In order to achieve an acceptable level of security for accounting data, practices for the use of electronic signatures need to be augmented with practices regarding storage, particularly with regards to backup regimes, and the use of appropriate data formats. It has become clear

18、 that the technical format of the data to be signed and the process of the signature creation are of importance for data authentication. Fiscal auditing procedures can highly benefit of the availability of electronic Invoices and of digital accounting data. The present document is based on the findi

19、ngs presented in TR 102 572 (see bibliography) and addresses policy requirements for Trusted Service Providers (TSP) that act in name and on behalf of taxable persons that are required by the applicable law to produce and reliably keep, even beyond ten years, electronic invoices as well as other fis

20、cally relevant documents. These requirements may also be implemented by organizations issuing and storing these documents on their own behalf. ETSI ETSI TS 102 573 V1.1.1 (2007-07) 5 1 Scope The present document specifies policy requirements applicable to Trusted Service Providers (TSP) that sign fi

21、scally relevant electronically documents and/or store them on behalf of taxable persons. The present document aims to address regulatory requirements to produce and reliably keep, even beyond ten years, signed electronic invoices as well as other fiscally relevant documents. The practices identified

22、 in the present document are independent of the type of document or information being protected. The present document is directed at policies involving the use of the Advanced Electronic Signatures or Qualified Electronic Signatures. The primary aim of the application of signatures is to protect the

23、 integrity and provide data origin authentication of fiscally relevant documents in communication and storage. However, signatures may also be used, where required, to provide content commitment (i.e. non-repudiation). The present document addresses solely the Advanced Electronic Signature based sol

24、ution. It is recognized that other suitable measures, not employing Advanced Electronic Signatures, and hence that are outside the scope of the present document, may be applied to assure the authenticity and integrity of digital accounting documents. It should be noted that the reliability of such a

25、lternative measures generally depend on the trustworthiness of the organization and may require independent assessment of the technical and organizational measures applied. Advanced Electronic Signature may be used to augment existing measures to provide even higher security, or to reduce the need f

26、or other controls. The present document may be used by competent independent bodies as the basis for confirming that an organization is trustworthy in issuing and storing signed fiscally relevant electronic document on behalf of other taxable persons or on its own behalf. The present document does n

27、ot specify how the requirements identified may be assessed by an independent party, including requirements for information to be made available to such independent assessors, or requirements on such assessors. Within the present document the key words “should“ indicates that there may exist valid re

28、asons in particular circumstances to ignore a particular item, but the full implications must be understood and carefully weighed before choosing a different course. 2 References The following documents contain provisions which, through reference in this text, constitute provisions of the present do

29、cument. References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For a specific reference, subsequent revisions do not apply. For a non-specific reference, the latest version applies. Referenced documents which are not found to be pu

30、blicly available in the expected location might be found at http:/docbox.etsi.org/Reference. NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee their long term validity. 1 CEN CWA 14169: “Secure signature-creation devices “EAL 4+“. NOTE: ht

31、tp:/www.cenorm.be/catweb/35.040.htm. 2 CEN CWA 15579: “E-invoices and digital signatures“. NOTE: http:/www.cenorm.be/isss/einv. 3 CEN CWA 15580: “Storage of Electronic Invoices“. NOTE: http:/www.cenorm.be/isss/einv. ETSI ETSI TS 102 573 V1.1.1 (2007-07) 6 4 ISO/IEC 17799: “Information technology - S

32、ecurity techniques - Code of practice for information security management“. NOTE: The ISO organization will substitute ISO/IEC 17799 with ISO/IEC 27002, so it is recommended to move from ISO/IEC 17799 to ISO/IEC 27002 when available. It is also recommended to take in the future into account the whol

33、e 27000 family, that is still under development: 27000 (Overview and vocabulary), 27003 (ISMS implementation guidelines), 27004 (Information security management measurements), 27005 (Information security risk management), and other possible future ones. 5 ISO/IEC 27001: “Information technology - Sec

34、urity techniques - Information security management systems - Requirements“. 6 ISO/IEC 15408 (2005) (parts 1 to 3): “Information technology - Security techniques - Evaluation criteria for IT security“. 7 Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protec

35、tion of individuals with regard to the processing of personal data and on the free movement of such data. 8 Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures. 9 Council Directive 2001/115/EC of 20 December 2001 a

36、mending Directive 77/388/EEC with a view to simplifying, modernising and harmonising the conditions laid down for invoicing in respect of value added tax. 10 ETSI TS 101 456: “Electronic Signatures and Infrastructures (ESI); Policy requirements for certification authorities issuing qualified certifi

37、cates“. 11 ETSI TS 102 042: “Electronic Signatures and Infrastructures (ESI); Policy requirements for certification authorities issuing public key certificates“. 12 ETSI TS 102 176-1: “Electronic Signatures and Infrastructures (ESI); Algorithms and Parameters for Secure Electronic Signatures; Part 1

38、: Hash functions and asymmetric algorithms“. 13 ETSI TS 102 734: “Electronic Signatures and Infrastructures; Profiles of CMS Advanced Electronic Signatures based on TS 101 733 (CAdES)“. 14 ETSI TS 102 904: “Electronic Signatures and Infrastructures; Profiles of XML Advanced Electronic Signatures bas

39、ed on TS 101 903 (XAdES)“. 15 ETSI TS 101 733: “Electronic Signatures and Infrastructures (ESI); CMS Advanced Electronic Signatures (CAdES)“. 16 ETSI TS 101 903: “XML Advanced Electronic Signatures (XAdES)“. 17 CEN CWA 14170: “Security requirements for signature creation applications“. 3 Definitions

40、 and abbreviations 3.1 Definitions For the purposes of the present document, the following terms and definitions apply: advanced electronic signature: electronic signature which is uniquely linked to the sender, is capable of identifying the signatory, is created using means that the signatory can m

41、aintain under his sole control, and is linked to the data to which it relates in such a manner that any subsequent change of the data is detectable, Art. 5 No. 2 of the European Signature Directive (Directive 1999/93/EC 8) commonly acceptable practices: practices for Trust Service Providers signing

42、and/or storing data relevant for accounting (i.e. fiscally relevant data) which may be recognized as acceptable by authorities in several EU nations ETSI ETSI TS 102 573 V1.1.1 (2007-07) 7 electronic invoices: invoices sent by electronic means as defined in Directive 2001/115/EC 9 extended policy re

43、quirements: extended variant of the normalized policy requirements employing a secure signature creation device and Qualified Certificate (i.e. qualified electronic signatures) normalized policy requirements: policy requirement which offers a quality of service equivalent to the one defined in Direc

44、tive 1999/93/EC 8, in particular employing advanced electronic signatures as defined in article 2 No 2 of this Directive fiscally relevant data: financial data of a taxable person or company that may need to be exhibited to a regulatory authority concerned with financial accounting (e.g. Tax Authori

45、ty, Chamber of Commerce, Ministry of finance, etc.) fiscally relevant document: document or record containing fiscally relevant data qualified electronic signature: advanced electronic signature which is based on a qualified certificate and which is created by a secure-signature-creation device (Dir

46、ective 1999/93/EC 8) qualified certificate: certificate which meets the requirements laid down in annex I (of the Directive 1999/93/EC 8) and is provided by a certification-service-provider who fulfils the requirements laid down in annex II (of the Directive 1999/93/EC 8) secure signature creation d

47、evice: signature-creation device which meets the requirements laid down in annex III of Directive 1999/93/EC 8 signature creation data: unique data, such as codes or private cryptographic keys, which are used by the signatory to create an electronic signature (Directive 1999/93/EC 8) statement of ap

48、plicability: documented statement describing the control objectives and controls that are relevant and applicable to the TSPs ISMS (ISO/IEC 27001 5) trading partner: taxable person that has trading relationships with the TSPs services user and with which invoices and/or other fiscally relevant docum

49、ents are exchanged 3.2 Abbreviations For the purposes of the present document, the following abbreviations apply: AdES Advanced Electronic Signature CA Certification Authority CEN Comit uropen de Normalisation CMS Cryptographic Message Syntax CRL Certificate Revocation List ES Electronic Signature EUMS European Union Member State ISMS Information Security Management System N Normalized Policy Requirements TSP Trusted Service Provider VAT Value Added Tax WWW World Wide Web XBRL eXtensible Business Reporting La

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1