1、BSI Standards PublicationWB11885_BSI_StandardCovs_2013_AW.indd 1 15/05/2013 15:06Trustworthy Systems Supporting Server SigningPart 1: General System Security RequirementsBS EN 4192411:2018EUROPEAN STANDARD NORME EUROPENNE EUROPISCHE NORM EN 419241-1 July 2018 ICS 35.030 Supersedes CEN/TS 419241:2014
2、English Version Trustworthy Systems Supporting Server Signing - Part 1: General System Security Requirements Systmes fiables de serveur de signature lectronique -Partie 1: Exigences de scurit gnrales du systme Vertrauenswrdige Systeme, die Serversignaturen untersttzen - Teil 1: Allgemeine Systemsich
3、erheitsanforderungen This European Standard was approved by CEN on 30 April 2018. CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and
4、bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN member. This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the re
5、sponsibility of a CEN member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav
6、Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EURO
7、PEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels 2018 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. EN 419241-1:2018 ENational forewordThis British Standard is
8、the UK implementation of EN 4192411:2018. It supersedes PD CEN/TS 419241:2014, which is withdrawn.The UK participation in its preparation was entrusted to Technical Committee IST/17, Cards and security devices for personal identification.A list of organizations represented on this committee can be o
9、btained on request to its secretary.This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. The British Standards Institution 2018 Published by BSI Standards Limited 2018ISBN 978 0 580 95733 8ICS 35.030; 35.240.99Com
10、pliance with a British Standard cannot confer immunity from legal obligations.This British Standard was published under the authority of the Standards Policy and Strategy Committee on 31 July 2018.Amendments/corrigenda issued since publicationDate Text affectedBRITISH STANDARDBS EN 4192411:2018EUROP
11、EAN STANDARD NORME EUROPENNE EUROPISCHE NORM EN 419241-1 July 2018 ICS 35.030 Supersedes CEN/TS 419241:2014English Version Trustworthy Systems Supporting Server Signing - Part 1: General System Security Requirements Systmes fiables de serveur de signature lectronique -Partie 1: Exigences de scurit g
12、nrales du systme Vertrauenswrdige Systeme, die Serversignaturen untersttzen - Teil 1: Allgemeine Systemsicherheitsanforderungen This European Standard was approved by CEN on 30 April 2018. CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for gi
13、ving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN member. This European Standard exists in three of
14、ficial versions (English, French, German). A version in any other language made by translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions. CEN members are the national standards bodies
15、of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Sloveni
16、a, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels 2018 CEN All rights of exploitation in any form and by any means reserve
17、d worldwide for CEN national Members. Ref. No. EN 419241-1:2018 EBS EN 4192411:2018EN 419241-1:2018 (E) 2 Contents Page European foreword . 4 Introduction 6 1 Scope 7 1.1 General 7 1.2 Outside of the scope . 7 1.3 Audience . 7 2 Normative references 8 3 Terms and definitions . 8 4 Symbols and abbrev
18、iations 10 5 Description of trustworthy systems supporting server signing . 11 5.1 General . 11 5.2 Signature creation and server signing objectives 11 5.3 Signature bound to a natural person or seal bound to a legal person 11 5.4 Sole control assurance levels . 11 5.5 Batch server signing 12 5.6 Si
19、gning key and cryptographic module 12 5.7 Signers authentication 12 5.7.1 Electronic identification means 12 5.7.2 Authentication Mechanism . 12 5.7.3 Authentication target . 13 5.7.4 Delegation of authentication to an external party . 13 5.8 Signature activation data 14 5.9 Signature activation pro
20、tocol 14 5.10 Signers interaction component 14 5.11 Signature activation module 15 5.12 Environments 15 5.12.1 Tamper protected environment . 15 5.12.2 TSP protected environment . 15 5.12.3 Signers environment 16 5.13 Functional model 16 5.13.1 General . 16 5.13.2 Scope of requirements . 16 5.13.3 S
21、ignature activation mechanisms 17 5.13.4 TW4S components . 19 6 Security requirements . 20 6.1 General . 20 6.2 General security requirements (SRG) 20 6.2.1 Management (SRG_M) . 20 6.2.2 Systems and operations (SRG_SO) 22 6.2.3 Identification and authentication (SRG_IA) 22 6.2.4 System access contro
22、l (SRG_SA) 23 6.2.5 Key management (SRG_KM) . 23 6.2.6 Auditing (SRG_AA) 26 6.2.7 Archiving (SRG_AR) . 28 BS EN 4192411:2018EN 419241-1:2018 (E) 3 6.2.8 Backup and recovery (SRG_BK) . 28 6.3 Core components security requirements (SRC) 29 6.3.1 Signing key setup (SRC_SKS) - Cryptographic key (SRC_ SK
23、S.1) . 29 6.3.2 Signer authentication (SRC_SA) . 29 6.3.3 Digital signature creation (SRC_DSC) - Cryptographic operation (SRC_DSC.1) 30 6.4 Additional security requirements for SCAL2 (SRA) . 30 6.4.1 General . 30 6.4.2 Signature activation protocol and signature activation data (SRA_SAP) . 30 6.4.3
24、Signing key management (SRA_SKM) 32 Annex A (normative) Requirements for electronic identification means, characteristics and design 34 A.1 Enrolment 34 A.1.1 Application and registration 34 A.1.2 Identity proofing and verification (natural person) 34 A.1.3 Identity proofing and verification (legal
25、person) . 37 A.1.4 Binding between the electronic identification means of natural and legal persons . 39 A.2 Electronic identification means and authentication . 40 A.2.1 Electronic identification means characteristics and design . 40 A.2.2 Authentication mechanism . 41 Bibliography . 42 BS EN 41924
26、11:2018EN 419241-1:2018 (E) 4 European foreword This document (EN 419241-1:2018) has been prepared by Technical Committee CEN/TC 224 “Personal identification, electronic signature and cards and their related systems and operations”, the secretariat of which is held by AFNOR. This European Standard s
27、hall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by January 2019, and conflicting national standards shall be withdrawn at the latest by January 2019. Attention is drawn to the possibility that some of the elements of this d
28、ocument may be the subject of patent rights. CEN shall not be held responsible for identifying any or all such patent rights. This document supersedes CEN/TS 419241:2014. This document has been prepared under a mandate given to CEN by the European Commission and the European Free Trade Association.
29、Successful implementation of European Regulation No 910/2014 on electronic identification and trust services for electronic transactions in the internal market (referred in this document as the eIDAS 4 Regulation), requires standards for services, processes, systems and products related to trust ser
30、vices as well as guidance for conformity assessment of such services, processes, systems and products. In line with Standardization Mandate 460, consequently issued by the Commission to CEN, CENELEC and ETSI for updating the existing eSignature standardization deliverables, CEN and ETSI have set up
31、the eSignature Coordination Group in order to coordinate the activities achieved for Mandate 460. One of the first tasks was to establish a rationalized framework, the second phase to deliver a set of standards in order to cover the Trust Services defined in the eIDAS 4 Regulation. This document, be
32、ing part of the set of European Standards, is aimed to meet the requirements of the eIDAS 4 Regulation for remote use of a signature creation device by a set of security requirements for a server-side system using private signing keys managed by a trust service provider in order to create digital si
33、gnatures. The purpose of the trustworthy system is to create a digital signature under sole control of a natural person, or under control of a legal person which may be incorporated into an electronic signature or an electronic seal as defined in the eIDAS 4 Regulation. This standard is identified a
34、s EN 419241-1. A complete framework for standardization of signatures can be found in ETSI TR 119 000. This series of European Standards consists of the following parts under the general title Trustworthy Systems Supporting Server Signing: Part 1: General System Security Requirements Part 2: Protect
35、ion Profile for QSCD for Server Signing BS EN 4192411:2018EN 419241-1:2018 (E) 5 According to the CEN-CENELEC Internal Regulations, the national standards organisations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republ
36、ic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom
37、. BS EN 4192411:2018EN 419241-1:2018 (E) 6 Introduction The European Regulation eIDAS establishes a legal framework of requirements for electronic signatures. This regulation also introduces the notion of electronic signatures which are created using a remote signature creation device to increase us
38、age in the light of its multiple economic benefits and ease of use. The eIDAS 4 Regulation also introduces the concept of electronic seal which has similar technical properties to electronic signatures, but with a lower level of sole control. Both electronic signatures and electronic seals use techn
39、ology based around asymmetric cryptography commonly referred to as digital signatures. However, in order to ensure that such remotely created digital signatures receive the same legal recognition as digital signatures created in an entirely user-managed environment (e.g. using smart cards), remote s
40、ignature services providers should apply specific management and administrative security procedures, and use reliable systems and products, including secure electronic communication channels, in order to guarantee that the server signing environment is reliable and that signing keys are used with a
41、high level of confidence, under the sole control of the signer. The main objective of this standard is to define requirements and recommendations for a networked signing server which may manage signing keys used by natural or legal persons for the creation of digital signatures. This part of the ser
42、ies of European Standards specifies the general requirements of systems for server signing. Additional specifications (e.g. protection profiles) may be issued which provide more detailed requirements for particular components of the system. It is assumed that the Trust Service Provider (TSP) which p
43、rovides signature creation services, operates the trustworthy system in an environment with a security policy which incorporates general physical, personnel, procedural and documentation security requirements for TSPs providing signature creation services. It is recommended to follow, e.g. ETSI EN 3
44、19 401 to ensure that the above requirements are met. The present standard does not aim at limiting the legal form of signatures created; it could be electronic signature or electronic seals, qualified or not. Correspondence and comments to this Security Requirements for Trustworthy Systems Supporti
45、ng Server Signing should be referred to: Editor: Franck Leroy Email: franck.leroydocapost.fr BS EN 4192411:2018EN 419241-1:2018 (E) 7 1 Scope 1.1 General This document specifies security requirements and recommendations for Trustworthy Systems Supporting Server Signing (TW4S) that generate digital s
46、ignatures. The TW4S is composed at least of one Server Signing Application (SSA) and one Signature Creation Device (SCDev) or one remote Signature Creation Device. A remote SCDev is a SCDev extended with remote control provided by a Signature Activation Module (SAM) executed in a tamper protected en
47、vironment. This module uses the Signature Activation Data (SAD), collected through a Signature Activation Protocol (SAP), in order to guarantee with a high level of confidence that the signing keys are used under sole control of the signer. The SSA uses a SCDev or a remote SCDev in order to generate
48、, maintain and use the signing keys under the sole control of their authorized signer. Signing key import from CAs is out of scope. So when the SSA uses a remote SCDev, the authorized signer remotely controls the signing key with a high level of confidence. A TW4S is intended to deliver to the signe
49、r or to some other application, a digital signature created based on the data to be signed. This standard: provides commonly recognized functional models of TW4S; specifies overall requirements that apply across all of the services identified in the functional model; specifies security requirements for each of the services identified in the TW4S; specifies security requirements for sensitive system components which may be used by the TW4S. This standard is technology and protocol neutral and focuses on security requirement
