1、BSI Standards PublicationSecurity Requirements forTrustworthy Systems Supporting Server SigningPD CEN/TS 419241:2014National forewordThis Published Document is the UK implementation of CEN/TS419241:2014.The UK participation in its preparation was entrusted to TechnicalCommittee IST/17, Cards and per
2、sonal identification.A list of organizations represented on this committee can be obtained onrequest to its secretary.This publication does not purport to include all the necessary provisions ofa contract. Users are responsible for its correct application. The British Standards Institution 2014.Publ
3、ished by BSI Standards Limited 2014ISBN 978 0 580 82798 3ICS 35.240.99Compliance with a British Standard cannot confer immunity fromlegal obligations.This Published Document was published under the authority of theStandards Policy and Strategy Committee on 30 April 2014.Amendments/corrigenda issued
4、since publicationDate Text affectedPUBLISHED DOCUMENTPD CEN/TS 419241:2014TECHNICAL SPECIFICATION SPCIFICATION TECHNIQUE TECHNISCHE SPEZIFIKATION CEN/TS 419241 March 2014 ICS 35.240.99 English Version Security Requirements for Trustworthy Systems Supporting Server Signing Exigences de scurit pour de
5、s systmes fiables de serveur de signature lectronique Sicherheitsanforderungen fr Vertrauenswrdige Systeme, die Serversignaturen untersttzen This Technical Specification (CEN/TS) was approved by CEN on 14 October 2013 for provisional application. The period of validity of this CEN/TS is limited init
6、ially to three years. After two years the members of CEN will be requested to submit their comments, particularly on the question whether the CEN/TS can be converted into a European Standard. CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make t
7、he CEN/TS available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in parallel to the CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN is reached. CEN members are the national standards bodi
8、es of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Sp
9、ain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels 2014 CEN All rights of exploitation in any form and by any means reserved worldwi
10、de for CEN national Members. Ref. No. CEN/TS 419241:2014 EPD CEN/TS 419241:2014CEN/TS 419241:2014 (E) 2 Contents Page Foreword 3 Introduction .4 1 Scope 5 1.1 General 5 1.2 Out of scope .5 1.3 Audience .5 2 Normative references 6 3 Terms and definitions .6 4 Symbols and abbreviations 9 5 Description
11、 of Trustworthy Systems Supporting Server Signing . 10 5.1 General . 10 5.2 Signature Creation and Server Signing Objectives 10 5.3 AdES bound to a natural or legal person . 10 5.4 Levels of sole control . 10 5.5 Batch Server Signing . 11 5.6 SCD 11 5.6.1 General . 11 5.6.2 SCD for AdES 11 5.6.3 SCD
12、 for QES 11 5.6.4 Signers authentication and SAD 12 5.6.5 Privileged system users . 12 5.7 Functional model 12 5.7.1 General . 12 5.7.2 Scopes of requirements depending of sole control levels 12 5.7.3 SSA Core Components 13 5.7.4 SCD activation mechanisms 14 6 Security Requirements . 16 6.1 General
13、. 16 6.2 General Security Requirements (SRG) . 16 6.2.1 Management (SRG_M) 16 6.2.2 Systems and Operations (SRG_SO) . 17 6.2.3 Identification and Authentication (SRG_IA) . 18 6.2.4 System Access Control (SRG_SA) . 18 6.2.5 Key Management (SRG_KM) . 19 6.2.6 Accounting and Auditing (SRG_AA). 20 6.2.7
14、 Archiving (SRG_AR) . 22 6.2.8 Backup and Recovery (SRG_BK) 22 6.3 Core Components Security Requirements (SRC) . 23 6.3.1 SCD Setup (SRC_DS) Cryptographic key (SRC_DS.1) . 23 6.3.2 Signer Authentication (SRC_SA) 23 6.3.3 Signature Creation (SRC_SC) 23 6.4 Additional Security Requirements for Level 2
15、 (SRA) 23 6.4.1 General . 23 6.4.2 SCD Activation (SRA_DA) 24 Bibliography . 26 PD CEN/TS 419241:2014CEN/TS 419241:2014 (E) 3 Foreword This document (CEN/TS 419241:2014) has been prepared by Technical Committee CEN/TC 224 “Personal identification, electronic signature and cards and their related sys
16、tems and operations”, the secretariat of which is held by AFNOR. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights. This document has bee
17、n prepared under a mandate given to CEN by the European Commission and the European Free Trade Association. Successful implementation of European Directive 1999/93/EC on a community framework for electronic signatures requires standards for services, processes, systems and products related to electr
18、onic signatures as well as guidance for conformity assessment of such services, processes, systems and products. In 1999 the European ICT Standards Board, with the support of the European Commission, undertook an initiative bringing together industry and public authorities, experts and other market
19、players, to create the European Electronic Signature Standardization Initiative (EESSI). Within this framework the Comit Europen de Normalisation / Information Society Standardization System (CEN/ISSS) and the European Telecommunications Standards Institute / Electronic Signatures and Infrastructure
20、s (ETSI/ESI) were entrusted with the execution of a work programme to develop generally recognized standards to support the implementation of Directive 1999/93/EC and the development of a European electronic signature infrastructure. This document will describe security requirements for a server-sid
21、e system using certificates in order to create advanced electronic signatures (AdES) in accordance with the requirements of the European Directive on Electronic Signature 1999/93. The signature is to be supported by a qualified certificate, or other public key certificate issued for the purposes of
22、signing, issued by a Trust Services Provider (TSP) operating to recognized good practices (e.g. ETSI EN 319 411-3 (aka ETSI/TS 102 042) or ETSI EN 319 411-2 (aka ETSI/TS 101 456). The document will include requirements for the use of the appropriate protection profiles for the Signature Creation Dev
23、ice (SCDev). The purpose of the trustworthy system is to produce an advanced electronic signature created under sole control of a natural person, or a legal person (such advanced electronic signatures produced by legal persons are called electronic seals). The Signature Generation Service Provider (
24、SGSP) operates the trustworthy system in an environment with a security policy which incorporates general physical, personnel, procedural and documentation security requirements as defined in ETSI EN 319 411-2 / ETSI EN 319 411-3. This document is identified as CEN/TS 419241 within the Rationalised
25、Framework for Electronic Signature Standardization ETSI SR 001 604. According to the CEN-CENELEC Internal Regulations, the national standards organizations of the following countries are bound to announce this Technical Specification: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denm
26、ark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. PD CEN/TS 4192
27、41:2014CEN/TS 419241:2014 (E) 4 Introduction The European Directive 1999/93/EC establishes a framework of requirements for the use of electronic signatures. This Directive also introduces the notion of advanced electronic signature which is defined as legally equivalent to a hand-written one if gene
28、rated by a physical person using a qualified certificate stored in a Secure Signature Creation Device (SSCD). Since the publication of the Directive, other forms of electronic signatures have appeared in order to meet market needs (e.g. e-Invoicing, e-Procurement). These other forms do not necessari
29、ly require the use by a natural or legal person of a secure signature creation device and/or qualified certificate. One of these forms is an electronic signature created using a networked server. The Signature Creation Data (SCD) is under control of an individual user but held centrally within a sha
30、red server, instead on a secure signature creation device held by the signatory. It is not the intent of this standard to limit the type of public key certificate, qualified or otherwise, used by the networked signing server. The main objective of this standard is to define requirements and recommen
31、dations for a networked signing server which may process electronic certificates used by natural or legal persons for electronically signing documents. This document specifies basic requirements for server signing. Additional specifications may be issued which provide more detailed requirements. For
32、 further details see ETSI SR 001 604. PD CEN/TS 419241:2014CEN/TS 419241:2014 (E) 5 1 Scope 1.1 General This document specifies security requirements and recommendations for Trustworthy System Supporting Server Signing (TW4S) that generate advanced electronic signatures as defined in Directive 1999/
33、93/EC. This document may also be applied to electronic signatures complying to Article 5(1) of Directive 1999/93/EC employing a Secure Signature Creation Device (SSCD) compliant with Annex III and supported by a qualified electronic signature. The Server Signing Application (SSA) runs on a networked
34、 server supporting one or more signatories to remotely sign electronic documents using centralized signature keys held on the signing server under sole control of the signatory. An SSA is intended to deliver to the user or to some other application process in a form specified by the user, an Advance
35、d- or where applicable a Qualified - Electronic Signature associated with a Signers Document as a Signed Data Object. This document: provides commonly recognized functional models of TW4S; specifies overall requirements that apply across all of the services identified in the functional model; specif
36、ies security requirements for each of the services identified in the SSA. specifies security requirements for sensitive system components which may be used by the SSA (e.g. Signature Creation Device (SCDev). This document does not specify technologies and protocols, but rather identifies requirement
37、s on the security on technologies to be employed. 1.2 Out of scope The following aspects are considered to be out of scope: other trusted services that may be used alongside this service such as signature validation service, time-stamping service and information preservation service, any application
38、 or system outside of the SSA, the legal interpretation of any form of signature (e.g. the implications of countersignatures, of multiple signatures and of signatures covering complex information structures containing other signatures). 1.3 Audience This document specifies security requirements that
39、 are intended to be followed by: providers of SSA systems. Trust Service Providers (TSP) offering signature generation service. PD CEN/TS 419241:2014CEN/TS 419241:2014 (E) 6 2 Normative references The following documents, in whole or in part, are normatively referenced in this document and are indis
40、pensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. EN 419211 (all parts), Protection profiles for secure signature creation device CWA 14167-2, Cryptographic mod
41、ule for CSP signing operations with backup Protection profile CMCSOB PP CWA 14167-3, Cryptographic module for CSP key generation services protection profile CMCKG-PP CWA 14167-4, Cryptographic module for CSP signing operations Protection profile CMCSO PP ISO/IEC 15408 (all parts), Information techno
42、logy Security techniques Evaluation criteria for IT security ISO/IEC 19790:2006, Information technology Security techniques Security requirements for cryptographic modules 3 Terms and definitions For the purposes of this document, the following terms and definitions apply. 3.1 Advanced Electronic Si
43、gnature electronic signature which meets the following requirements: it is uniquely linked to the signer; it is capable of identifying the signer; it is created using means that the signer can maintain under his sole control; and it is linked to the data to which it relates in such a manner that any
44、 subsequent alteration of the data is detectable SOURCE: Directive 1999/93/EC 3.2 Certificate electronic attestation that links a signature verification data to a person, and confirms the identity of that person SOURCE: Directive 1999/93/EC 3.3 Certificate Identifier unambiguous identifier of a Cert
45、ificate 3.4 Certification Service Provider entity or a legal or natural person who issues certificates or provides other services related to electronic signatures SOURCE: Directive 1999/93/EC PD CEN/TS 419241:2014CEN/TS 419241:2014 (E) 7 3.5 Data Content Type signature attribute that expresses the e
46、ncoding format of the Signers Document (SD) 3.6 Data To Be Signed data (e.g. a document or parts of a document) to be signed as well as any signature attributes that are bound together with the data by the signature NOTE Data To Be Signed is the input to the cryptographic signing algorithm. The spec
47、ific way that Data To Be Signed and any signature attributes are fed as input is defined in the specifications of the signature type in use. 3.7 Electronic Signature data in electronic form attached to - or logically associated with - other electronic data and which serves as a method of authenticat
48、ion of that data SOURCE: Directive 1999/93/EC 3.8 Qualified Certificate certificate which meets the requirements laid down in Annex I of the Directive i.e. Dir. 1999/93/EC and is provided by a certification service provider who fulfils the requirements laid down in Annex II of that Directive SOURCE:
49、 Directive 1999/93/EC 3.9 Qualified Electronic Signature advanced electronic signature which is based on a qualified certificate and which is created by a secure signature creation device Note 1 to entry: This definition based on Article 5.1 of Directive 1999/93/EC. 3.10 Secure Signature Creation Device signature creation device that meets the requirements laid down in Annex III of the EU Directive SOURCE: Directive 1999/93/EC 3.11 Signatory Signer person who holds a signature creation device and acts
