Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May , 2000, Paris, Folie 1/18Klaus J. Keus, BSI Electronic Signatures in Germany, Article 9 Committee and EESSI: a short snap shoot or The Need for Harmonisation EESSI-WS: Electronic Signature Standardisation: The National Dimension May 11 th th., 2000 Paris, Afnor, Tour Europe Klaus J. Keus BSI/GISA Electronic Signatures in Germany
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May , 2000, Paris, Folie 2/18Klaus J. Keus, BSI Signature Act: SigG §3 des IUKDG (Informations- und Kommunikationsdienstegesetz (Information and Communication Services Act)) - ratified by the German Parliament August 1 st., Ordinance approved November 1 st., 1997 (SigV) - 2-year Evaluation time schedule / experience Foundations Electronic Signatures in Germany
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May , 2000, Paris, Folie 3/18Klaus J. Keus, BSI existing exhaustive IT-Security Infrastructure incl.: - Electronic Signature Scheme: working (evaluation and confirmation bodies for components and concepts installed) - Root: operating since September CSP: licenced in 1999:1 licenced in 2000: 1 in 2000 will be licenced: additional 3-5 Lessons learned: I Electronic Signatures in Germany
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May , 2000, Paris, Folie 4/18Klaus J. Keus, BSI existing technical and organisational requirements: - Technical components available and confirmed (all required components (smart cards (E4), PKI-Systems (E2), etc.)) - Interoperability Guidance available (ISIS: Industrial Signature Interoperability Specification, Sept. 99: - Technical working Group of leading CSPs - National Coordination Board: Mirror working group to EESSI (AG INDI) Lessons learned: II Electronic Signatures in Germany
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May , 2000, Paris, Folie 5/18Klaus J. Keus, BSI Trial pilots / applications: - Government: e.g. public procurement (call for tender), digital identity card for government employees etc. - Trade & Industry: several in preparation (insurance area, banking area, notary area, tax consulting area etc.) Lessons learned: III Electronic Signatures in Germany
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May , 2000, Paris, Folie 6/18Klaus J. Keus, BSI - Update of the current Signature Act respecting the EU-Directive - Respecting the experiences of the evaluation phase - overall concept and coordination of actions to implement electronic signatures in trade & industry and in government (i.e. private and public areas) - Enhance the specific legislation for the adoption of electronic signatures as an equivalent to handwritten signatures (e.g. civil law, administration law etc.) Call for Action Electronic Signatures in Germany
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May , 2000, Paris, Folie 7/18Klaus J. Keus, BSI Scalability of electronic signatures High value electr. signatures Qualified electronic signatures (Article 5 (1)) electronic signatures High Medium Basic
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May , 2000, Paris, Folie 8/18Klaus J. Keus, BSI - definition of a harmonised legal framework for qualified signatures (exclusively) - harmonisation of the requirements in respect to Annex I, II, III and IV - Implementation of supervision scheme - replacement of CSP licencing by optional voluntary accreditation of CSPs Update of the Signature Act: general requirements I Electronic Signatures in Germany
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May , 2000, Paris, Folie 9/18Klaus J. Keus, BSI - Maintaining the current security level by voluntary accreditation of CSPs and (enhanced) requirements for technical components (based upon offer) - ensuring „former“ investigations - Liability of CSPs - enhancement of privacy requirements in accordance to EU-directive for all CSPs Update of the Signature Act: general requirements II Electronic Signatures in Germany
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May , 2000, Paris, Folie 10/18Klaus J. Keus, BSI - adoption of terminology (§ 2) - permission for CSP subcontracting (§ 4 (5)) - qualified attribute certificates linked to the qualified certificate (§ 5, § 8) - regulation for the accreditation of confirmation bodies (§14 ©) - adoption of regulations for fine (§ 14 (f)) Update of the Signature Act: specific requirements I Electronic Signatures in Germany
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May , 2000, Paris, Folie 11/18Klaus J. Keus, BSI - technical neutral requirements for time stamping (§ 2 (14)) - adoption of updated regulations for the recognition of foreign electronic signatures and products (§ 15) Update of the Signature Act: specific requirements II Electronic Signatures in Germany
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May , 2000, Paris, Folie 12/18Klaus J. Keus, BSI - June 2000: ratification by the German cabinet - Fall 2000: ratification by the German Parliament - January 2001: Implacement (goal) - source / reference: Time schedule Electronic Signatures in Germany
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May , 2000, Paris, Folie 13/18Klaus J. Keus, BSI Electronic-Signature Committee (Article 9 Committee): - the definition of legal and procedural Issues - approval of EESSI output - assistance for the EC EESSI: - „technical“ support for article 9 committee (article 3(5)) - exclusively technical issues (creation / definition and the analysis of available and generally recognised standards) - deliverables as input for the article 9 committee Tasks: Main view Electronic-Signature Committee
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May , 2000, Paris, Folie 14/18Klaus J. Keus, BSI Tasks laid down in Annex 10 as: clarification of the requirements laid down in the Annexes I-IV Clarification of the requirements referred to Article 3(4) Clarification of the existing and published, generally recognised standards for signature products in accordance with Article 3(5) other matters (e.g.): exchange of information on the envisaged national supervision and accreditation schemes / systems ensure interoperability of services and products discuss additional requirements set up in the public sector Tasks Electronic-Signature Committee
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May , 2000, Paris, Folie 15/18Klaus J. Keus, BSI Certificate validation model: Chain model vs. shell model vs. hybrid model Attribute Certificates Criteria for the Accreditation of CSPs: * BS7799: and further criteria: * GIMITS * IT-Baseline Security Handbook Open issues (e.g.) Contributions of EESSI vs. National activities / needs
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May , 2000, Paris, Folie 16/18Klaus J. Keus, BSI - Time frame: 18 months for implementation of directive vs. Schedule of EESSI workplan - Priorities of packages: what‘s needed - what‘s desired? - Interoperability vs. Security? - Trial applications: Link to EC - ISIS Projects Problems Contributions of EESSI vs. National activities
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May , 2000, Paris, Folie 17/18Klaus J. Keus, BSI - to EESSI for arranging this platform for discussion - to CEN/ISSS, ETSI and EA for their contributions - to the experts doing the work - to EC DG Entreprise to enable the EESSI Project - to you for listening Thanks Contributions of EESSI vs. National activities
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May , 2000, Paris, Folie 18/18Klaus J. Keus, BSI Questions? Contributions of EESSI vs. National activities