Presentation is loading. Please wait.

Presentation is loading. Please wait.

© ETSI 2012 All rights reserved EUROPEAN UNION MANDATE/460 Kloster Banz 11.09.2013 Presented by Arno Fiedler, Member of European Telecommunications Standards.

Published byPaul Copeland Modified over 9 years ago

Similar presentations

Presentation on theme: "© ETSI 2012 All rights reserved EUROPEAN UNION MANDATE/460 Kloster Banz 11.09.2013 Presented by Arno Fiedler, Member of European Telecommunications Standards."— Presentation transcript:

1 © ETSI 2012 All rights reserved EUROPEAN UNION MANDATE/460 Kloster Banz 11.09.2013 Presented by Arno Fiedler, Member of European Telecommunications Standards Institute Electronic Signatures and Infrastructures, Specialist Task Force 458

2 1. ETSI activities 2 Standards in support of EU regulation Interoperability Testing Standards for global ICT markets © ETSI 2012. All rights reserved GSM, DECT, TETRA, 3GPP: UMTS, LTE, ESI:TSL, XAdES, PAdES, REM

3 1. ETSI Electronic Signatures and Infrastructures (ESI) TC Since 2000 ETSI/ESI plays a key role in the development of electronic signature related standards: Signature formats: XAdES (TS 101 903) ->ISO, CAdES (TS 101 733) ->ISO, PAdES (TS 102 778) ->ISO and ASiC (TS 102 918) and related profiles Trust Service Provider (TSP) Status Information (TSL, TS 102 231) Policy requirements for CAs: TS 102 042, TS 101 456 (Qual. Cert.) TSA policy requirements: TS 102 023 Certificate profiles: TS 101 862 (Qual. Cert.), TS 102 280 (Nat. Persons) Registered Electronic Mail (eDelivery): TS 102 640 (multipart) Data preservation: TS 101 533-1, TR 101 533-2 Algo paper: TS 102 176 Collaborates with ETSI CTI, Centre for Testing and Interoperability for Plugtests events LOI with CA/B-Forum 3

4 Consistency & formal (efficient) mapping Realizations, consistency and mapping of efficient Legal, Technical, Trust and Promotional frameworks are key success factors to convince market & business stakeholders of the possible ROI of eSignatures securing their eProcesses. Sound Standardization Framework Covering whole range of ES prod / serv., ES types and types of CSPs Business practice driven Appropriate guidance International dimension Sound CSPs &Trust Services Provisioning market for interoperable and cross-border use eSignatures Sound Trust Framework Supervision of CSPs Voluntary accreditation Trust Status Lists Application labelling 2. Crobies Study in 2010: Key success factors for eSignatures Promotion Sound Legal Framework Different level of ES Range of ES prod/serv. Different types of CSPs International dimension

5 3.1 New approach for legal framework: Draft EU EIDAS- Regulation © ETSI 2012. All rights reserved 5 June 2012 – EU Commission publish first draft regulation “on electronic identification and trust services for electronic transactions in the internal market”. Added Mutual recognition of electronic identification [E-ID] Extended Supervision of “Certification Service Providers” to “Trust Service Providers”, includes “proactive supervision” Qualified Electronic trust services: Electronic signatures interoperability and usability, Electronic seals interoperability and usability, Time stamping, Electronic delivery service, Electronic documents admissibility, Website authentication.

6 3.2 Standards Framework I: M460 European Commission mandate EC founded eSignatures standardization activities  4 years: 2011-2015  1st phase (executed)  definition of a rationalized standardization framework, in collaboration with CEN  several specifications upgrades primarily aimed at providing quick technical fixes to existing electronic signatures standards, and definition of test specifications  2nd phase (now)  implement the rationalized standardization framework  support the new EU Regulation on electronic identification and trust services for electronic transactions in the internal market (exp. approval in 2014) 6

7 3.2 Standards Framework II Mandate/460 Signature Creation & Validation 1 Signature Creation Devices 2 Cryptographic Suites 3 Trust Application Service Providers 5 TSPs supporting eSignature 4 Trust Service Status Lists Providers 6 Rules & procedures Formats Signature Creation / Validation Protection Profiles XAdES (XML) CAdES (CMS) PAdES (PDF) AdES in Mobile envmts ASiC (containers) Made by CEN: SSCDs (e.g. SC) HSMs & other SCDs Key generation Hash functions Signature algorithms Key lengths... Registered eMail Long term preservation Issuing certificates Time-stamping Signing Servers Validation Services List of TSP services approved (supervised) by National Bodies (e.g. Trusted Lists)

8 AFTER Mandate 460

9 4. Next Steps © ETSI 2012. All rights reserved 9 In Spring 2013 EU Commission published new 2nd draft regulation “on electronic identification and trust services for electronic transactions in the internal market”. Under EU Mandate 460 (2013 to 2015) ETSI commissioned to produce European Norm for TSP Conformity Assessment European Norms for Best Practices (Policy Requirements) Qualified Certificates for Personal Signing Qualified Certificates for organisational “seals” Qualified Time-stamping Services Qualified Website Certificates (should be EN 319 411-4) ………….

10 5. Summary © ETSI 2013. All rights reserved 10 The new draft EU-Regulation will deliver a complete legal and trust framework for Proactive Supervision on “qualified level” ETSI and CEN standards will be a fundamental part in future EU legislation (delegating acts). but: “relying parties (in Europe!) have to consume the Trust we provide”

11 Thank you ! ETSI Download : http://pda.etsi.org/pda/queryform.asp Enter keyword / title / document number Draft EU Regulation: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0238:FIN:EN:PDF http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0238:FIN:EN:PDF Contact: Arno Fiedler: STF 458 arno.fiedler@nimbus-berlin.comarno.fiedler@nimbus-berlin.com Iñigo Barreira: STF 458 i-barreira@izenpe.net Nick Pope: Lead STF 458 (TSP & e-Signature standards) nick.pope@thales-esecurity.com nick.pope@thales-esecurity.com © ETSI 2012 All rights reserved 11

12 © ETSI 2011. All rights reserved 12 8: Recognition by Applications (OS + Browser + TSL)7: International Assessment / Audit Scheme6: National Supervision and/or Accreditation Scheme operator5: Independent Auditing / Assessment Body4: TSP Conformity Framework and Audit Requirements3: Standard for Certification Policy2: Published Certification Practice Statement1: TSP systems and procedures 2. Assessment & Certification – Actual (Best) Practise for SSL

13 © ETSI 2011. All rights reserved 13 8: Recognition by Applications (e. g. Mozilla, Opera, MS, Google, Adobe Rootstore) 7: International Scheme (e.g. EA: European Cooperation for Accreditation or IAF: International Accreditation Forum) 6: National Scheme (e. g. DAkkS: Deutsche Akkreditierungsstelle)5: Independent Auditing / Assessment Body (e.g. TÜVIT)4: TSP Conformity Framework (ISO 17065+ ETSI TR 102 123 + CA/B-Forum)3: Standard CP (ETSI TS 102 042 + CA/B-Forum Req)2: Published CPS (e.g. D-TRUST CPS and Conformance Claim)1: TSP systems and procedures (CEN14167 or/and Common Criteria or/and FIPS 140-2) 2. Assessment & Certification – actual TSP Perspective (german example)

Download ppt "© ETSI 2012 All rights reserved EUROPEAN UNION MANDATE/460 Kloster Banz 11.09.2013 Presented by Arno Fiedler, Member of European Telecommunications Standards."

Similar presentations

1 Proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market (COM(2012 238 final) {SWD(2012)

1 Proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market (COM( final) {SWD(2012)
The National Standards and Quality System Jean-Louis Racine The World Bank Cambridge, England April 19, 2007 Knowledge Economy Forum VI Technology Acquisition.

The National Standards and Quality System Jean-Louis Racine The World Bank Cambridge, England April 19, 2007 Knowledge Economy Forum VI Technology Acquisition.
Practical Digital Signature Issues. Paving the way and new opportunities. www.oasis-open.org Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.

Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.
Telia Research AB György Endersz 2000-09-26 1 European Electronic Signature Standardisation Initiative EESSI Workshop Barcelona, 2000-09-26 György Endersz,

Telia Research AB György Endersz European Electronic Signature Standardisation Initiative EESSI Workshop Barcelona, György Endersz,
Telia Research AB György Endersz 2001-05-08 1 European Electronic Signature Standardisation Initiative EESSI Budapest Seminar at the Hungarian Communication.

Telia Research AB György Endersz European Electronic Signature Standardisation Initiative EESSI Budapest Seminar at the Hungarian Communication.
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
Mountain View 25, 26 Sept 2007 The importance of incorporating XAdES extensions into ongoing XML-Sig work W3C Workshop on Next Steps for XML Signature.

Mountain View 25, 26 Sept 2007 The importance of incorporating XAdES extensions into ongoing XML-Sig work W3C Workshop on Next Steps for XML Signature.
1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation 23-25 May 2012, Kish Island, I.R.IRAN.

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.
Workshop on registered electronic mail policies and implementations (ETT 57074) Ankara, 16.3. – 17.3. 2015.

Workshop on registered electronic mail policies and implementations (ETT 57074) Ankara, –
Geneva, Switzerland, 15-16 September 2014 ETSI TC Cyber Charles Brookson Chairman ETSI TC Cyber Zeata Security Ltd and Azenby Ltd ITU.

Geneva, Switzerland, September 2014 ETSI TC Cyber Charles Brookson Chairman ETSI TC Cyber Zeata Security Ltd and Azenby Ltd ITU.
Summary of ETSI/ESI activities Andrea Caccia ETSI/ESI TB member Note: This document expresses only the views of its author.

Summary of ETSI/ESI activities Andrea Caccia ETSI/ESI TB member Note: This document expresses only the views of its author.
Jaroslav Pinkava May 2001 Certification Authority in Praxis. Security Aspects. Conference Security and Protection of Information Ing. Jaroslav Pinkava,

Jaroslav Pinkava May 2001 Certification Authority in Praxis. Security Aspects. Conference Security and Protection of Information Ing. Jaroslav Pinkava,
2002 10 21 Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.

Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.
1 Bridge/Gateway CA Project Status Gzim OCAKOGLU European Commission – DG ENTR / IDABC Reykjavik – 27 May 2005.

1 Bridge/Gateway CA Project Status Gzim OCAKOGLU European Commission – DG ENTR / IDABC Reykjavik – 27 May 2005.
21 mai 2015 Bridges between Certification Authorities.

21 mai 2015 Bridges between Certification Authorities.
PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.

PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.
M.Sc. Hrvoje Brzica Boris Herceg, MBA Financial Agency – FINA Ph.D. Hrvoje Stancic, assoc. prof. Faculty of Humanities and Social Sciences Long-term Preservation.

M.Sc. Hrvoje Brzica Boris Herceg, MBA Financial Agency – FINA Ph.D. Hrvoje Stancic, assoc. prof. Faculty of Humanities and Social Sciences Long-term Preservation.
Regulation (EC) No. 765/2008 on accreditation and market surveillance

Regulation (EC) No. 765/2008 on accreditation and market surveillance
EESSI European Electronic Signature Standardisation Initiative

EESSI European Electronic Signature Standardisation Initiative
Legal Issues on PKI & qualified electronic certificates. THIBAULT VERBIEST Attorney-at-law at the Brussels and Paris Bar Professor at the Universities.

Legal Issues on PKI & qualified electronic certificates. THIBAULT VERBIEST Attorney-at-law at the Brussels and Paris Bar Professor at the Universities.

Similar presentations

Ads by Google