ImageVerifierCode 换一换
格式:PDF , 页数:42 ,大小:226.45KB ,
资源ID:740259      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-740259.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ETSI TS 119 101-2016 Electronic Signatures and Infrastructures (ESI) Policy and security requirements for applications for signature creation and signature validation (V1 1 1)《电子签名.pdf)为本站会员(confusegate185)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ETSI TS 119 101-2016 Electronic Signatures and Infrastructures (ESI) Policy and security requirements for applications for signature creation and signature validation (V1 1 1)《电子签名.pdf

1、 ETSI TS 119 101 V1.1.1 (2016-03) Electronic Signatures and Infrastructures (ESI); Policy and security requirements for applications for signature creation and signature validation TECHNICAL SPECIFICATION ETSI ETSI TS 119 101 V1.1.1 (2016-03)2 Reference DTS/ESI-0019101 Keywords e-commerce, electroni

2、c signature, security, trust services ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The prese

3、nt document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI

4、. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that th

5、e document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: ht

6、tps:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not

7、be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2016. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the b

8、enefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TS 119 101 V1.1.1 (2016-03)3 Contents Intellectual Property Rig

9、hts 5g3Foreword . 5g3Modal verbs terminology 5g3Introduction 5g31 Scope 6g32 References 6g32.1 Normative references . 6g32.2 Informative references 7g33 Definitions and abbreviations . 8g33.1 Definitions 8g33.2 Abbreviations . 10g34 Signature creation/validation/augmentation model 10g35 General requ

10、irements . 13g35.1 User interface . 13g35.2 General security measures 14g35.3 System completeness requirements 15g36 Legal driven policy requirements . 15g36.1 Introduction 15g36.2 Processing of personal data 15g36.3 Accessibility for persons with disabilities 16g37 Information security (management

11、system) requirements . 16g37.1 Introduction 16g37.2 Network protection . 16g37.3 Information systems protection 16g37.4 Software integrity of the application 17g37.5 Data storage security 17g37.6 Event logs . 18g38 Signature creation, validation and augmentation processing requirements 18g38.1 Signa

12、ture creation process and systems 18g38.1.1 General 18g38.1.2 Main functionalities requirements 18g38.1.3 Data content type requirements 19g38.1.4 Signature attribute requirements . 21g38.1.5 Time and sequence 23g38.1.6 Signature invocation requirements . 23g38.1.7 Cryptographic algorithm choice . 2

13、4g38.1.8 Signers authentication requirements 25g38.1.8.1 General requirements 25g38.1.8.2 Requirements for biometric authentication methods . 26g38.1.9 DTBS preparation requirements . 27g38.1.10 DTBSR preparation 27g38.1.11 Signature creation device 27g38.1.12 SCDev/SCA interface (SSI) requirements

14、28g38.1.13 Bulk signing requirements 28g38.2 Signature validation process . 28g38.2.1 Introduction. 28g38.2.2 Main functionalities requirements 29g38.2.3 Validation process rules 29g38.2.4 Validation policy 30g38.2.5 Validation user interface . 30g38.2.6 Validation inputs and outputs . 31g38.3 Signa

15、ture augmentation process . 32g3ETSI ETSI TS 119 101 V1.1.1 (2016-03)4 8.3.1 Introduction. 32g38.3.2 The three use cases . 32g38.3.2.1 Signature augmentation process used by a SCA . 32g38.3.2.2 Signature augmentation process used by a SVA . 32g38.3.2.3 Independent signature augmentation process 32g3

16、8.3.3 Main functionalities requirements 33g38.3.4 Augmentation procedures . 33g38.3.5 Data inclusion . 33g38.3.6 Validation of the input signature to the augmentation process . 33g39 Development and coding policy requirements . 34g39.1 Secure development methods and application security 34g39.2 Test

17、ing conformance requirements 34g310 Signature application practice statement 35g3Annex A (normative): Table of content for signature application practice statement 37g3A.0 The right to copy 37g3A.1 Introduction 37g3A.1.1 Overview 37g3A.1.2 Business or application domain 37g3A.1.2.1 Scope and boundar

18、ies of SAPS . 37g3A.1.2.2 Domain of applications . 37g3A.1.2.3 Transactional context 37g3A.1.3 SAPS distribution points 37g3A.1.4 SAPS issuer 38g3A.1.5 SAPS administration 38g3A.1.5.1 Organization administering the document 38g3A.1.5.2 Contact person 38g3A.1.6 Definitions and acronyms . 38g3A.2 Sign

19、ature creation/augmentation/validation application practice statements . 38g3A.2.1 General requirements . 38g3A.2.2 Legal driven policy requirements . 39g3A.2.3 Information security (management system) requirements 39g3A.2.4 Signature creation, signature validation and signature augmentation process

20、es requirements . 39g3A.2.5 Development and coding policy requirements . 40g3Annex B (informative): Bibliography . 41g3History 42g3ETSI ETSI TS 119 101 V1.1.1 (2016-03)5 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The i

21、nformation pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from

22、the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or

23、 the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Specification (TS) has been produced by ETSI Technical Committee Electronic Signatures and Infrastructures (ESI). Modal verbs terminology In the present document “shal

24、l“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used

25、in direct citation. Introduction Several aspects are important to ensure trust in digital signatures. Their successful implementation in electronic processes requires standards for related services, processes, systems and products as well as guidance for conformity assessment of such services, proce

26、sses, systems and products. NOTE 1: Regulation (EU) No 910/2014 i.1 defines the terms electronic signature, advanced electronic signature, qualified electronic signature, electronic seal, advanced electronic seal and qualified electronic seal. These electronic signatures and seals can be created usi

27、ng digital signature technology. NOTE 2: When not stated otherwise in the present document, “signature“ denotes “digital signature“. The different players and the environment of the signature creation, validation and augmentation follow rules to allow them to be trusted. The present document concent

28、rates on policy and security requirements to consider when creating, validating and augmenting signature in a trustworthy manner, in particular within the context of applications for signature creation, signature validation and signature augmentation. ETSI ETSI TS 119 101 V1.1.1 (2016-03)6 1 Scope T

29、he present document provides general security and policy requirements for applications for signature creation, validation and augmentation. The present document is primarily relevant to the following actors: Implementers and providers of applications for signature creation, signature validation and/

30、or signature augmentation, who need to ensure that relevant requirements are covered. Actors that integrate applications for signature creation, signature validation and/or signature augmentation components with business process software (or use standalone software), who want to ensure proper functi

31、oning of the overall signature creation/validation/augmentation process and that the signature creation/validation is done in a sufficiently secure environment. The present document is applicable to these actors, and their evaluators (for a self-evaluation or an evaluation by a third party) to have

32、a list of criteria against which to check the implementation. The requirements cover applications for signature creation, signature validation and/or signature augmentation, i.e. the implementation and provision of the Signature Creation/Validation/Augmentation Application modules (SCA/SVA/SAA), the

33、 driving application (DA), the communication between the SCA and the signature creation device (SCDev) and the environment in which the SCA/SVA/SAA is used. It also specifies user interface requirements, while the user interface can be part of the SCA/SVA/SAA or of the DA which calls the SCA/SVA/SAA

34、. Any entity using SCA/SVA/SAA components in its business process acts as driving application. The document covers: Legal driven policy requirements. Information security (management system) requirements. Signature creation, signature validation and signature augmentation processes requirements. Dev

35、elopment and coding policy requirements. General requirements. Protection Profiles (PP) for signature creation applications and signature validation applications are out of scope and are defined in the CEN standard “Protection Profiles for Signature Creation The framework for standardization of sign

36、atures; Definitions and abbreviations“. i.8 ETSI TS 119 102 (all parts): “Electronic Signatures and Infrastructures (ESI); Procedures for Creation and Validation of AdES Digital Signatures“. i.9 CEN EN 419 111: “ Protection Profiles for Signature Creation CAdES digital signatures“. i.11 ETSI EN 319

37、132 (all parts): “Electronic Signatures and Infrastructures (ESI); XAdES digital signatures“. i.12 ETSI EN 319 142 (all parts): “Electronic Signatures and Infrastructures (ESI); PAdES digital signatures“. i.13 ETSI EN 319 162 (all parts): “Electronic Signatures and Infrastructures (ESI); Associated

38、Signature Containers (ASiC)“. i.14 ETSI TS 119 172 (all parts): “Electronic Signatures and Infrastructures (ESI); Signature Policies“. i.15 ETSI TS 119 104 (all parts): “Electronic Signatures and Infrastructures (ESI); General requirements on Testing Conformance and Interoperability of Signature Cre

39、ation and Validation“. i.16 ETSI TS 119 124 (all parts): “Electronic Signatures and Infrastructures (ESI); CAdES digital signatures Testing Conformance and Interoperability“. i.17 ETSI TS 119 134 (all parts): “Electronic Signatures and Infrastructures (ESI); XML Advanced Electronic Signature (XAdES)

40、 Testing Compliance PDF Advanced Electronic Signature (PAdES) Testing Compliance Associated Signature Containers (ASiC) Testing Compliance Testing Conformance and Interoperability of Signature Policies“. i.21 CEN EN 419 241: “Security requirements for trustworthy systems supporting server signing“.

41、i.22 ETSI TS 119 431: “Electronic Signatures and Infrastructures (ESI); Policy and security requirements for trust service providers providing AdES digital signature generation services“. NOTE: At the time of publishing of the present document, this document is not yet published. i.23 ETSI TS 119 44

42、1: “Electronic Signatures and Infrastructures (ESI); Policy and security requirements for trust service providers providing AdES digital signature validation services“. NOTE: At the time of publishing of the present document this document is not yet published. i.24 ETSI EN 319 401: “Electronic Signa

43、tures and Infrastructures (ESI); General Policy Requirements for Trust Service Providers“. i.25 ETSI TS 119 312: “Electronic Signatures and Infrastructures (ESI); Cryptographic Suites“. i.26 ETSI EN 319 412-5: “ Electronic Signatures and Infrastructures (ESI); Certificate Profiles; Part 5: QCStateme

44、nts“. i.27 ETSI EN 301 549: “Accessibility requirements suitable for public procurement of ICT products and services in Europe“. 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the terms and definitions given in ETSI TR 119 001 i.7 and the following apply: N

45、OTE: For the sake of readability, the following definitions are reproduced here below. advanced electronic seal: As defined in Regulation (EU) No 910/2014 i.1. advanced electronic signature: As defined in Regulation (EU) No 910/2014 i.1. certificate: public key of an entity, together with some other

46、 information, rendered unforgeable by digital signature with the private key of the certification authority which issued it certificate validation: process of verifying and confirming that a certificate is valid data to be signed formatted: data created from the data to be signed objects by formatti

47、ng them and placing them in the correct sequence for the computation of the data to be signed representation data to be signed representation: hash of the data to be signed formatted, which is used to compute the digital signature value digital signature: data appended to, or a cryptographic transfo

48、rmation of a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery e.g. by the recipient. digital signature value: result of the cryptographic transformation of a data unit that allows a recipient of the data unit to prove t

49、he source and integrity of the data unit and protect against forgery e.g. by the recipient driving application: application that uses a signature creation system to create a signature or a signature validation application in order to validate digital signatures or a signature augmentation application to augment digital signatures personal data: any information relating to an identified or identifiable natural person (data subject) ETSI ETSI TS 119 101 V1.1.1 (2016-03)9 signature application practice statement: set of rul

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1