ETSI TS 103 090-2012 Electronic Signatures and Infrastructures (ESI) Conformity Assessment for Trust Service Providers issuing Extended Validation Certificates (V1 1 1)《电子签名和基础结构(E_1.pdf
《ETSI TS 103 090-2012 Electronic Signatures and Infrastructures (ESI) Conformity Assessment for Trust Service Providers issuing Extended Validation Certificates (V1 1 1)《电子签名和基础结构(E_1.pdf》由会员分享,可在线阅读,更多相关《ETSI TS 103 090-2012 Electronic Signatures and Infrastructures (ESI) Conformity Assessment for Trust Service Providers issuing Extended Validation Certificates (V1 1 1)《电子签名和基础结构(E_1.pdf(9页珍藏版)》请在麦多课文档分享上搜索。
1、 ETSI TS 103 090 V1.1.1 (2012-04) Electronic Signatures and Infrastructures (ESI); Conformity Assessment for Trust Service Providers issuing Extended Validation Certificates Technical Specification ETSI ETSI TS 103 090 V1.1.1 (2012-04)2Reference DTS/ESI-000108 Keywords conformity, e-commerce, electr
2、onic signature, extended validation certificates, security ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Impor
3、tant notice Individual copies of the present document can be downloaded from: http:/www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the
4、 Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Infor
5、mation on the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No pa
6、rt may be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2012. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered
7、 for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. SI printers ork drive ETSI ETSI TS 103 090 V1.1.1 (2012-04)3Con
8、tents Intellectual Property Rights 4g3Foreword . 4g3Introduction 4g31 Scope 5g32 References 5g32.1 Normative references . 5g32.2 Informative references 5g33 Definitions and abbreviations . 5g33.1 Definitions 5g33.2 Abbreviations . 5g34 Introduction 6g35 Assessment process 6g35.1 Additional audit req
9、uirements for EVC 6g35.2 Publication of the Assessment report . 7g35.3 Regular Surveillance activities . 7g35.4 Incidents handling 7g35.5 Reassessment 7g36 Requirements on TSP conformity assessment body 7g36.1 Competence criteria and qualification 7g37 Cross Border Assessments . 7g3Annex A (informat
10、ive): Self-declaration 8g3History 9g3ETSI ETSI TS 103 090 V1.1.1 (2012-04)4Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members a
11、nd non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/ipr.etsi.org).
12、 Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the presen
13、t document. Foreword This Technical Specification (TS) has been produced by ETSI Technical Committee Electronic Signatures and Infrastructures (ESI). The present document covers Conformity Assessment for Trust Service Providers (TSP) issuing extended validation certificates. Introduction Electronic
14、commerce is emerging as the future way of doing business between companies across local, wide area and global networks. Trust in this way of doing business is essential for the success and continued development of electronic commerce. It is therefore important that companies using this electronic me
15、ans of doing business have suitable security controls and mechanisms in place to protect their transactions and to ensure trust and confidence with their business partners. In this respect the electronic signature is an important security component that can be used to protect information and provide
16、 trust in electronic business. The CA/Browser (CAB) Forum, an association of Certification Authorities and Web Browser providers, recognising the importance ensuring the authenticity of such Certificates have issued Guidelines for issuance and management of Certificates. Initially guidelines were is
17、sued at the “Extended Validation“(EV) level for web sites requiring enhanced security, and more recently second guidelines were issued at a “Baseline“ level providing a general baseline for securing access to any web site using SSL/TLS. These guidelines specify requirements addressing particular con
18、cerns over use of certificates for web site access and code signing. They do not, however, specify general best practices for how conformity to the guidelines and best practice for Certification Authorities is audited. Security is then recognised as a vital part of electronic commerce. This includes
19、 two essential security functions: firstly the security of access to web services using the Secure Socket Layer (SSL) protocol (now called Transport Layer Security - TLS), secondly the security of code send to users to support advanced functions using code signing. Both of these functions depend on
20、the security of a “Public Key Certificate“ (or Certificate as specified in ITU-T Recommendation X.509 i.4) which binds a security key to a known identity relating to the organisation responsible for the web site or code issued by a trusted service provider called a Certification Authority (CA). ETSI
21、, as part of the series of standard in support of electronic signatures, has developed a specification (TS 102 042 i.1) on “Policy Requirements for Certification Authorities issuing public key certificates“. This specifies general best practices for certification authorities covering topics such as
22、key management, personnel security and physical security. In addition, ETSI has published specific guidance on use of TS 102 042 i.1, with the CAB Forum guidelines for Extended Validation Certificates (TR 101 564 i.2) to assist certification authorities and auditors in interpreting the application o
23、f TS 102 042 i.1 to the CAB Forum EV Guidelines. The use of the specification TS 102 042 i.1 has been formally recognised by the CAB Forum for use with their Extended Validation guidelines. In order to assess the conformance of TSPs issuing Extended Validation Certificates, it is necessary for the o
24、peration of the TSP to be audited against this policy requirements. The present document specifies requirements and provided guidance for the carrying out of such audits. It builds on the general requirements for conformity assessment of TSPs specified in TS 119 403 1 using the approach for “volunta
- 1.请仔细阅读文档,确保文档完整性,对于不预览、不比对内容而直接下载带来的问题本站不予受理。
- 2.下载的文档,不会出现我们的网址水印。
- 3、该文档所得收入(下载+内容+预览)归上传者、原创作者;如果您是本文档原作者,请点此认领!既往收益都归您。
本资源只提供5页预览,全部文档请下载后查看!喜欢就下载吧,查找使用更方便
10000 积分 0人已下载
下载 | 加入VIP,交流精品资源 |
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- ETSITS1030902012ELECTRONICSIGNATURESANDINFRASTRUCTURESESICONFORMITYASSESSMENTFORTRUSTSERVICEPROVIDERSISSUINGEXTENDEDVALIDATIONCERTIFICATESV111
![提示](http://www.mydoc123.com/images/bang_tan.gif)
链接地址:http://www.mydoc123.com/p-739786.html