Скачать презентацию Kloster Banz 11 09 2013 EUROPEAN UNION MANDATE 460 Скачать презентацию Kloster Banz 11 09 2013 EUROPEAN UNION MANDATE 460

68e80aec9b12ed2bb7f39388eb8ff3ff.ppt

  • Количество слайдов: 13

Kloster Banz 11. 09. 2013 EUROPEAN UNION MANDATE/460 Presented by Arno Fiedler, Member of Kloster Banz 11. 09. 2013 EUROPEAN UNION MANDATE/460 Presented by Arno Fiedler, Member of European Telecommunications Standards Institute Electronic Signatures and Infrastructures, Specialist Task Force 458 © ETSI 2012 All rights reserved

1. ETSI activities GSM, DECT, TETRA, 3 GPP: UMTS, LTE, ESI: TSL, XAd. ES, 1. ETSI activities GSM, DECT, TETRA, 3 GPP: UMTS, LTE, ESI: TSL, XAd. ES, PAd. ES, REM Standards in support of EU regulation Standards for global ICT markets Interoperability Testing 2 © ETSI 2012. All rights reserved

1. ETSI Electronic Signatures and Infrastructures (ESI) TC Since 2000 ETSI/ESI plays a key 1. ETSI Electronic Signatures and Infrastructures (ESI) TC Since 2000 ETSI/ESI plays a key role in the development of electronic signature related standards: • Signature formats: XAd. ES (TS 101 903) ->ISO, CAd. ES (TS 101 733) ->ISO, PAd. ES (TS • • 102 778) ->ISO and ASi. C (TS 102 918) and related profiles Trust Service Provider (TSP) Status Information (TSL, TS 102 231) Policy requirements for CAs: TS 102 042, TS 101 456 (Qual. Cert. ) TSA policy requirements: TS 102 023 Certificate profiles: TS 101 862 (Qual. Cert. ), TS 102 280 (Nat. Persons) Registered Electronic Mail (e. Delivery): TS 102 640 (multipart) Data preservation: TS 101 533 -1, TR 101 533 -2 Algo paper: TS 102 176 Collaborates with ETSI CTI, Centre for Testing and Interoperability for Plugtests events LOI with CA/B-Forum 3

2. Crobies Study in 2010: Key success factors for e. Signatures Realizations, consistency and 2. Crobies Study in 2010: Key success factors for e. Signatures Realizations, consistency and mapping of efficient Legal, Technical, Trust and Promotional frameworks are key success factors to convince market & business stakeholders of the possible ROI of e. Signatures securing their e. Processes. Sound CSPs &Trust Services Provisioning market for interoperable and cross-border use e. Signatures Promotion Consistency & formal (efficient) mapping Sound Legal Framework Sound Standardization Framework • Different level of ES • Range of ES prod/serv. • Different types of CSPs • International dimension ES types and types of CSPs • Business practice driven • Appropriate guidance • International dimension • Covering whole range of ES prod / serv. , Sound Trust Framework • Supervision of CSPs • Voluntary accreditation • Trust Status Lists • Application labelling

3. 1 New approach for legal framework: Draft EU EIDAS- Regulation 5 June 2012 3. 1 New approach for legal framework: Draft EU EIDAS- Regulation 5 June 2012 – EU Commission publish first draft regulation “on electronic identification and trust services for electronic transactions in the internal market”. Added Mutual recognition of electronic identification [E-ID] Extended Supervision of “Certification Service Providers” to “Trust Service Providers”, includes “proactive supervision” Qualified Electronic trust services: • Electronic signatures interoperability and usability, • Electronic seals interoperability and usability, • Time stamping, • Electronic delivery service, • Electronic documents admissibility, • Website authentication. © ETSI 2012. All rights reserved

3. 2 Standards Framework I: M 460 European Commission mandate EC founded e. Signatures 3. 2 Standards Framework I: M 460 European Commission mandate EC founded e. Signatures standardization activities Ø 4 years: 2011 -2015 Ø 1 st phase (executed) Ø definition of a rationalized standardization framework, in collaboration with CEN Ø several specifications upgrades primarily aimed at providing quick technical fixes to existing electronic signatures standards, and definition of test specifications Ø 2 nd phase (now) Ø implement the rationalized standardization framework Ø support the new EU Regulation on electronic identification and trust services for electronic transactions in the internal market (exp. approval in 2014) 6

3. 2 Standards Framework II Mandate/460 6 Trust Service Status Lists Providers • • 3. 2 Standards Framework II Mandate/460 6 Trust Service Status Lists Providers • • Issuing certificates Time-stamping Signing Servers Validation Services • Rules & procedures • Formats • Signature Creation / Validation Protection Profiles • Made by CEN: • SSCDs (e. g. SC) • HSMs & other SCDs TSPs supporting e. Signature 4 5 Trust Application Service Providers 1 Signature Creation & Validation Signature 2 Creation Devices 3 Cryptographic Suites • List of TSP services approved (supervised) by National Bodies (e. g. Trusted Lists) • Registered e. Mail • Long term preservation • • • XAd. ES (XML) CAd. ES (CMS) PAd. ES (PDF) Ad. ES in Mobile envmts ASi. C (containers) • • • Key generation Hash functions Signature algorithms Key lengths. . .

AFTER Mandate 460 AFTER Mandate 460

4. Next Steps In Spring 2013 EU Commission published new 2 nd draft regulation 4. Next Steps In Spring 2013 EU Commission published new 2 nd draft regulation “on electronic identification and trust services for electronic transactions in the internal market”. Under EU Mandate 460 (2013 to 2015) ETSI commissioned to produce European Norm for TSP Conformity Assessment European Norms for Best Practices (Policy Requirements) Qualified Certificates for Personal Signing Qualified Certificates for organisational “seals” Qualified Time-stamping Services Qualified Website Certificates (should be EN 319 411 -4) …………. 9 © ETSI 2012. All rights reserved

5. Summary The new draft EU-Regulation will deliver a complete legal and trust framework 5. Summary The new draft EU-Regulation will deliver a complete legal and trust framework for Proactive Supervision on “qualified level” ETSI and CEN standards will be a fundamental part in future EU legislation (delegating acts). but: “relying parties (in Europe!) have to consume the Trust we provide” 10 © ETSI 2013. All rights reserved

Thank you ! ETSI Download : http: //pda. etsi. org/pda/queryform. asp Enter keyword / Thank you ! ETSI Download : http: //pda. etsi. org/pda/queryform. asp Enter keyword / title / document number Draft EU Regulation: http: //eur-lex. europa. eu/Lex. Uri. Serv. do? uri=COM: 2012: 0238: FIN: EN: PDF Contact: Arno Fiedler: STF 458 arno. [email protected] com Iñigo Barreira: STF 458 [email protected] net Nick Pope: Lead STF 458 (TSP & e-Signature standards) nick. [email protected] com 11 © ETSI 2012 All rights reserved

2. Assessment & Certification – Actual (Best) Practise for SSL 8: Recognition by Applications 2. Assessment & Certification – Actual (Best) Practise for SSL 8: Recognition by Applications (OS + Browser + TSL) 7: International Assessment / Audit Scheme 6: National Supervision and/or Accreditation Scheme operator 5: Independent Auditing / Assessment Body 4: TSP Conformity Framework and Audit Requirements 3: Standard for Certification Policy 2: Published Certification Practice Statement 1: TSP systems and procedures 12 © ETSI 2011. All rights reserved

2. Assessment & Certification – actual TSP Perspective (german example) 8: Recognition by Applications 2. Assessment & Certification – actual TSP Perspective (german example) 8: Recognition by Applications 7: International Scheme (e. g. Mozilla, Opera, MS, Google, Adobe Rootstore) (e. g. EA: European Cooperation for Accreditation or IAF: International Accreditation Forum) 6: National Scheme (e. g. DAkk. S: Deutsche Akkreditierungsstelle) 5: Independent Auditing / Assessment Body 4: TSP Conformity Framework 3: Standard CP 2: Published CPS 1: TSP systems and procedures 13 © ETSI 2011. All rights reserved (e. g. TÜVIT) (ISO 17065+ ETSI TR 102 123 + CA/B-Forum) (ETSI TS 102 042 + CA/B-Forum Req) (e. g. D-TRUST CPS and Conformance Claim) (CEN 14167 or/and Common Criteria or/and FIPS 140 -2)