1、BSI Standards Publication Security Requirements for Trustworthy Systems Supporting Server Signing PD CEN/TS 419241:2014National foreword This Published Document is the UK implementation of CEN/TS 419241:2014. The UK participation in its preparation was entrusted to Technical Committee IST/17, Cards
2、and personal identification. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. The British Standards Institutio
3、n 2014. Published by BSI Standards Limited 2014 ISBN 978 0 580 82798 3 ICS 35.240.99 Compliance with a British Standard cannot confer immunity from legal obligations. This Published Document was published under the authority of the Standards Policy and Strategy Committee on 30 April 2014. Amendments
4、/corrigenda issued since publication Date Text affected PUBLISHED DOCUMENT PD CEN/TS 419241:2014 TECHNICAL SPECIFICATION SPCIFICATION TECHNIQUE TECHNISCHE SPEZIFIKATION CEN/TS 419241 March 2014 ICS 35.240.99 English Version Security Requirements for Trustworthy Systems Supporting Server Signing Exig
5、ences de scurit pour des systmes fiables de serveur de signature lectronique Sicherheitsanforderungen fr Vertrauenswrdige Systeme, die Serversignaturen untersttzen This Technical Specification (CEN/TS) was approved by CEN on 14 October 2013 for provisional application. The period of validity of this
6、 CEN/TS is limited initially to three years. After two years the members of CEN will be requested to submit their comments, particularly on the question whether the CEN/TS can be converted into a European Standard. CEN members are required to announce the existence of this CEN/TS in the same way as
7、for an EN and to make the CEN/TS available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in parallel to the CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN is reached. CEN members are the
8、national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania,
9、 Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels 2014 CEN All rights of exploitation in any form and by any
10、 means reserved worldwide for CEN national Members. Ref. No. CEN/TS 419241:2014 E PD CEN/TS 419241:2014CEN/TS 419241:2014 (E) 2 Contents Page Foreword 3 Introduction .4 1 Scope 5 1.1 General 5 1.2 Out of scope .5 1.3 Audience .5 2 Normative references 6 3 Terms and definitions .6 4 Symbols and abbre
11、viations 9 5 Description of Trustworthy Systems Supporting Server Signing . 10 5.1 General . 10 5.2 Signature Creation and Server Signing Objectives 10 5.3 AdES bound to a natural or legal person . 10 5.4 Levels of sole control . 10 5.5 Batch Server Signing . 11 5.6 SCD 11 5.6.1 General . 11 5.6.2 S
12、CD for AdES 11 5.6.3 SCD for QES 11 5.6.4 Signers authentication and SAD 12 5.6.5 Privileged system users . 12 5.7 Functional model 12 5.7.1 General . 12 5.7.2 Scopes of requirements depending of sole control levels 12 5.7.3 SSA Core Components 13 5.7.4 SCD activation mechanisms 14 6 Security Requir
13、ements . 16 6.1 General . 16 6.2 General Security Requirements (SRG) . 16 6.2.1 Management (SRG_M) 16 6.2.2 Systems and Operations (SRG_SO) . 17 6.2.3 Identification and Authentication (SRG_IA) . 18 6.2.4 System Access Control (SRG_SA) . 18 6.2.5 Key Management (SRG_KM) . 19 6.2.6 Accounting and Aud
14、iting (SRG_AA). 20 6.2.7 Archiving (SRG_AR) . 22 6.2.8 Backup and Recovery (SRG_BK) 22 6.3 Core Components Security Requirements (SRC) . 23 6.3.1 SCD Setup (SRC_DS) Cryptographic key (SRC_DS.1) . 23 6.3.2 Signer Authentication (SRC_SA) 23 6.3.3 Signature Creation (SRC_SC) 23 6.4 Additional Security
15、Requirements for Level 2 (SRA) 23 6.4.1 General . 23 6.4.2 SCD Activation (SRA_DA) 24 Bibliography . 26 PD CEN/TS 419241:2014CEN/TS 419241:2014 (E) 3 Foreword This document (CEN/TS 419241:2014) has been prepared by Technical Committee CEN/TC 224 “Personal identification, electronic signature and car
16、ds and their related systems and operations”, the secretariat of which is held by AFNOR. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent right
17、s. This document has been prepared under a mandate given to CEN by the European Commission and the European Free Trade Association. Successful implementation of European Directive 1999/93/EC on a community framework for electronic signatures requires standards for services, processes, systems and pr
18、oducts related to electronic signatures as well as guidance for conformity assessment of such services, processes, systems and products. In 1999 the European ICT Standards Board, with the support of the European Commission, undertook an initiative bringing together industry and public authorities, e
19、xperts and other market players, to create the European Electronic Signature Standardization Initiative (EESSI). Within this framework the Comit Europen de Normalisation / Information Society Standardization System (CEN/ISSS) and the European Telecommunications Standards Institute / Electronic Signa
20、tures and Infrastructures (ETSI/ESI) were entrusted with the execution of a work programme to develop generally recognized standards to support the implementation of Directive 1999/93/EC and the development of a European electronic signature infrastructure. This document will describe security requi
21、rements for a server-side system using certificates in order to create advanced electronic signatures (AdES) in accordance with the requirements of the European Directive on Electronic Signature 1999/93. The signature is to be supported by a qualified certificate, or other public key certificate iss
22、ued for the purposes of signing, issued by a Trust Services Provider (TSP) operating to recognized good practices (e.g. ETSI EN 319 411-3 (aka ETSI/TS 102 042) or ETSI EN 319 411-2 (aka ETSI/TS 101 456). The document will include requirements for the use of the appropriate protection profiles for th
23、e Signature Creation Device (SCDev). The purpose of the trustworthy system is to produce an advanced electronic signature created under sole control of a natural person, or a legal person (such advanced electronic signatures produced by legal persons are called electronic seals). The Signature Gener
24、ation Service Provider (SGSP) operates the trustworthy system in an environment with a security policy which incorporates general physical, personnel, procedural and documentation security requirements as defined in ETSI EN 319 411-2 / ETSI EN 319 411-3. This document is identified as CEN/TS 419241
25、within the Rationalised Framework for Electronic Signature Standardization ETSI SR 001 604. According to the CEN-CENELEC Internal Regulations, the national standards organizations of the following countries are bound to announce this Technical Specification: Austria, Belgium, Bulgaria, Croatia, Cypr
26、us, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United
27、 Kingdom. PD CEN/TS 419241:2014CEN/TS 419241:2014 (E) 4 Introduction The European Directive 1999/93/EC establishes a framework of requirements for the use of electronic signatures. This Directive also introduces the notion of advanced electronic signature which is defined as legally equivalent to a
28、hand-written one if generated by a physical person using a qualified certificate stored in a Secure Signature Creation Device (SSCD). Since the publication of the Directive, other forms of electronic signatures have appeared in order to meet market needs (e.g. e-Invoicing, e-Procurement). These othe
29、r forms do not necessarily require the use by a natural or legal person of a secure signature creation device and/or qualified certificate. One of these forms is an electronic signature created using a networked server. The Signature Creation Data (SCD) is under control of an individual user but hel
30、d centrally within a shared server, instead on a secure signature creation device held by the signatory. It is not the intent of this standard to limit the type of public key certificate, qualified or otherwise, used by the networked signing server. The main objective of this standard is to define r
31、equirements and recommendations for a networked signing server which may process electronic certificates used by natural or legal persons for electronically signing documents. This document specifies basic requirements for server signing. Additional specifications may be issued which provide more de
32、tailed requirements. For further details see ETSI SR 001 604. PD CEN/TS 419241:2014CEN/TS 419241:2014 (E) 5 1 Scope 1.1 General This document specifies security requirements and recommendations for Trustworthy System Supporting Server Signing (TW4S) that generate advanced electronic signatures as de
33、fined in Directive 1999/93/EC. This document may also be applied to electronic signatures complying to Article 5(1) of Directive 1999/93/EC employing a Secure Signature Creation Device (SSCD) compliant with Annex III and supported by a qualified electronic signature. The Server Signing Application (
34、SSA) runs on a networked server supporting one or more signatories to remotely sign electronic documents using centralized signature keys held on the signing server under sole control of the signatory. An SSA is intended to deliver to the user or to some other application process in a form specified
35、 by the user, an Advanced- or where applicable a Qualified - Electronic Signature associated with a Signers Document as a Signed Data Object. This document: provides commonly recognized functional models of TW4S; specifies overall requirements that apply across all of the services identified in the
36、functional model; specifies security requirements for each of the services identified in the SSA. specifies security requirements for sensitive system components which may be used by the SSA (e.g. Signature Creation Device (SCDev). This document does not specify technologies and protocols, but rathe
37、r identifies requirements on the security on technologies to be employed. 1.2 Out of scope The following aspects are considered to be out of scope: other trusted services that may be used alongside this service such as signature validation service, time- stamping service and information preservation
38、 service, any application or system outside of the SSA, the legal interpretation of any form of signature (e.g. the implications of countersignatures, of multiple signatures and of signatures covering complex information structures containing other signatures). 1.3 Audience This document specifies s
39、ecurity requirements that are intended to be followed by: providers of SSA systems. Trust Service Providers (TSP) offering signature generation service. PD CEN/TS 419241:2014CEN/TS 419241:2014 (E) 6 2 Normative references The following documents, in whole or in part, are normatively referenced in th
40、is document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. EN 419211 (all parts), Protection profiles for secure signature creation device CWA 1
41、4167-2, Cryptographic module for CSP signing operations with backup Protection profile CMCSOB PP CWA 14167-3, Cryptographic module for CSP key generation services protection profile CMCKG-PP CWA 14167-4, Cryptographic module for CSP signing operations Protection profile CMCSO PP ISO/IEC 15408 (all p
42、arts), Information technology Security techniques Evaluation criteria for IT security ISO/IEC 19790:2006, Information technology Security techniques Security requirements for cryptographic modules 3 Terms and definitions For the purposes of this document, the following terms and definitions apply. 3
43、.1 Advanced Electronic Signature electronic signature which meets the following requirements: it is uniquely linked to the signer; it is capable of identifying the signer; it is created using means that the signer can maintain under his sole control; and it is linked to the data to which it relates
44、in such a manner that any subsequent alteration of the data is detectable SOURCE: Directive 1999/93/EC 3.2 Certificate electronic attestation that links a signature verification data to a person, and confirms the identity of that person SOURCE: Directive 1999/93/EC 3.3 Certificate Identifier unambig
45、uous identifier of a Certificate 3.4 Certification Service Provider entity or a legal or natural person who issues certificates or provides other services related to electronic signatures SOURCE: Directive 1999/93/EC PD CEN/TS 419241:2014CEN/TS 419241:2014 (E) 7 3.5 Data Content Type signature attri
46、bute that expresses the encoding format of the Signers Document (SD) 3.6 Data To Be Signed data (e.g. a document or parts of a document) to be signed as well as any signature attributes that are bound together with the data by the signature NOTE Data To Be Signed is the input to the cryptographic si
47、gning algorithm. The specific way that Data To Be Signed and any signature attributes are fed as input is defined in the specifications of the signature type in use. 3.7 Electronic Signature data in electronic form attached to - or logically associated with - other electronic data and which serves a
48、s a method of authentication of that data SOURCE: Directive 1999/93/EC 3.8 Qualified Certificate certificate which meets the requirements laid down in Annex I of the Directive i.e. Dir. 1999/93/EC and is provided by a certification service provider who fulfils the requirements laid down in Annex II
49、of that Directive SOURCE: Directive 1999/93/EC 3.9 Qualified Electronic Signature advanced electronic signature which is based on a qualified certificate and which is created by a secure signature creation device Note 1 to entry: This definition based on Article 5.1 of Directive 1999/93/EC. 3.10 Secure Signature Creation Device signature creation device that meets the requirements laid down in Annex III of the EU Directive SOURCE: Directive 1999/93/EC 3.11 Signatory Signer person who holds a signature cre
