© ETSI 2012 All rights reserved EUROPEAN UNION MANDATE/460 Kloster Banz 11.09.2013 Presented by Arno Fiedler, Member of European Telecommunications Standards.

Slides:

Advertisements

Similar presentations

1 Proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market (COM( final) {SWD(2012)

Advertisements

The National Standards and Quality System Jean-Louis Racine The World Bank Cambridge, England April 19, 2007 Knowledge Economy Forum VI Technology Acquisition.

Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.

Telia Research AB György Endersz European Electronic Signature Standardisation Initiative EESSI Workshop Barcelona, György Endersz,

Telia Research AB György Endersz European Electronic Signature Standardisation Initiative EESSI Budapest Seminar at the Hungarian Communication.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Mountain View 25, 26 Sept 2007 The importance of incorporating XAdES extensions into ongoing XML-Sig work W3C Workshop on Next Steps for XML Signature.

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.

Workshop on registered electronic mail policies and implementations (ETT 57074) Ankara, –

Geneva, Switzerland, September 2014 ETSI TC Cyber Charles Brookson Chairman ETSI TC Cyber Zeata Security Ltd and Azenby Ltd ITU.

Summary of ETSI/ESI activities Andrea Caccia ETSI/ESI TB member Note: This document expresses only the views of its author.

Jaroslav Pinkava May 2001 Certification Authority in Praxis. Security Aspects. Conference Security and Protection of Information Ing. Jaroslav Pinkava,

Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.

1 Bridge/Gateway CA Project Status Gzim OCAKOGLU European Commission – DG ENTR / IDABC Reykjavik – 27 May 2005.

21 mai 2015 Bridges between Certification Authorities.

PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.

M.Sc. Hrvoje Brzica Boris Herceg, MBA Financial Agency – FINA Ph.D. Hrvoje Stancic, assoc. prof. Faculty of Humanities and Social Sciences Long-term Preservation.

Regulation (EC) No. 765/2008 on accreditation and market surveillance

EESSI European Electronic Signature Standardisation Initiative

Legal Issues on PKI & qualified electronic certificates. THIBAULT VERBIEST Attorney-at-law at the Brussels and Paris Bar Professor at the Universities.

EESSI Overview - 1August 2002 EESSI European Electronic Signature Standardisation Initiative Implementing Electronic Signature.

European Electronic Signature Standardization

European Signatures versus Global SignaturesRome, 7 April, 2003 EESSI open specifications and interoperability The state of the art in Italy Giovanni Manca.

Budapest May, 2001 Anne Lehouck European Commission, DG ENTERPRISE 1 ELECTRONIC SIGNATURE LEGAL FRAMEWORK & STANDARDISATION.

Geneva, Switzerland, September 2014 ENISA role in ICT standardization Sławomir Górniak, ENISA ITU Workshop on “ICT.

European Union Agency for Network and Information Security Follow ENISA: ENISA and standards Sławomir Górniak European Union Agency.

1. 2 ECRF survey - Electronic signature Mr Yves Gonner Luxembourg, June 12, 2009.

World Class Standards © ETSI 2007 All rights reserved ETSI Tomorrow’s World Today.

ISA programme: Secure-related initiatives Miguel Alvarez Rodríguez.

OASIS OASIS Digital Signature Services Juan Carlos Cruellas Juan Carlos Cruellas Andreas Kuehne Stefan Drees Ernst Jan van Nigtevecht.

8 Nob 06 / CEN/ISSS ETSI STF 305: Procedures for Handling Advanced Electronic Signatures on Digital Accounting CEN/ISSS Workshop.

PRESENTATION OF ETSI © ETSI All rights reserved Sophia Antipolis, 22 May 2014 Luis Jorge Romero Director General, ETSI.

DIGITALIZATION & E-GOVERNMENT 14th November, 2013 Bulgarian Economic Forum Nikolay Nedyalkov, Executive Director Information Services Plc.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

World Class Standards CCIF New York - April Grids, Clouds and Service Infrastructures ETSI Strategy & New Initiatives.

Transboundary Trust Space September 19, 2012 Development trends of legal acts in forming valid transboundary electronic interaction Alexander Sazonov Regional.

Recognition: the national centre and the ENIC Network Seminar on the recognition of qualifications Baku, 22 April 2005 Gunnar Vaht Head of the Estonian.

1 REPUBLIC OF TURKEY PRIME MINISTRY UNDERSECRETARIAT OF FOREIGN TRADE General Directorate of Standardization for Foreign Trade Presented by Selin ÖZŞAHİN.

Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March Electronic Signature infrastructure for Europe Riccardo Genghini Cen/Isss.

“The Quality Infrastructure in Lebanon” Export Norms, Quality Control and Competitiveness FUTURE PROGRAMME Prepared By Ali Berro Director of Quality Programme.

Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All Security activities in ETSI Presenter: Mike Sharpe, ETSI VP ESP (ETSI Standardization Projects) Document.

EESSI June 2000Slide 1 European Electronic Signature Standardization Hans Nilsson, iD2 Technologies, Sweden.

The New Approach and GPSD. Council Resolution of 7 May 1985 on a new approach to technical harmonization and standards [OJ C136 of June 1985] New Approach.

A national authority's perspective on the European Citizens' Initiative.

eIDAS: current state of play and the Luxembourgish approach

MINISTRY OF ECONOMY AND TRADE ROMANIA International Seminar on Good Regulatory Practices and Regional Experience Geneva, November 2003.

Update on ETSI Security work Charles Brookson OCG Security Chairman DOCUMENT #:GSC13-PLEN-57 FOR:Information SOURCE:Charles Brookson AGENDA ITEM:6.3

Privacy Audit and Privacy Seal Barbara Körffer & Dr. Thomas Probst Independent Centre for Privacy Protection Independent Centre for Privacy ProtectionSchleswig-Holstein.

ETSI TC ESI PRESENTATION TO CAB FORUM Iñigo Barreira /Arno FiedlerFebruary 2016 meeting, Scottsdale, AZ © ETSI All rights reserved.

Confidence with competence The Development of European Accreditation Daniel PIERRE EA Vice-Chairman.

Telecommunications Industry Association (TIA) ADVANCING GLOBAL COMMUNICATIONS.

Harmonised use of accreditation for assessing the competence of various Conformity Assessment Bodies Dr Andreas Steinhorst, EA ERA workshop 13 April 2016,

OASIS Juan Carlos Cruellas – UPC Stefan Drees - DSS-X co-chair Nick Pope – Thales eSecurity OASIS Digital Signature Services and ETSI standards Juan Carlos.

The Future Digital Identity Landscape in Europe Timothée Mangenot, chairman 14th of December, 2015 ACSIEL partners day.

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.

OASIS Digital Signature Services and ETSI standards Juan Carlos Cruellas – UPC Stefan Drees - DSS-X co-chair Nick Pope – Thales.

© ETSI All rights reserved

Cross-sector and user-centric AAI

Dr. Stephan Finke Deutsche Akkreditierungsstelle GmbH

1st December 2009, Bratislava

The Role of European Standards in Support of the Cybersecurity Act

Draft ETSI TS Annex C Presented by Michał Tabor for PSD2 Workshop

Presenter: Adrian Scrase ETSI Chief Technical Officer (CTO)

Dashboard eHealth services: actual mockup

Presenter: Adrian Scrase ETSI Chief Technical Officer (CTO)

Website authentication E-registered delivery

ETSI Standardization Activities on Smart Grids

ESO response to EU RFID Mandate M/436

WISE and INSPIRE By Albrecht Wirthmann, GISCO, Eurostat

Presentation transcript:

© ETSI 2012 All rights reserved EUROPEAN UNION MANDATE/460 Kloster Banz Presented by Arno Fiedler, Member of European Telecommunications Standards Institute Electronic Signatures and Infrastructures, Specialist Task Force 458

1. ETSI activities 2 Standards in support of EU regulation Interoperability Testing Standards for global ICT markets © ETSI All rights reserved GSM, DECT, TETRA, 3GPP: UMTS, LTE, ESI:TSL, XAdES, PAdES, REM

1. ETSI Electronic Signatures and Infrastructures (ESI) TC Since 2000 ETSI/ESI plays a key role in the development of electronic signature related standards: Signature formats: XAdES (TS ) ->ISO, CAdES (TS ) ->ISO, PAdES (TS ) ->ISO and ASiC (TS ) and related profiles Trust Service Provider (TSP) Status Information (TSL, TS ) Policy requirements for CAs: TS , TS (Qual. Cert.) TSA policy requirements: TS Certificate profiles: TS (Qual. Cert.), TS (Nat. Persons) Registered Electronic Mail (eDelivery): TS (multipart) Data preservation: TS , TR Algo paper: TS Collaborates with ETSI CTI, Centre for Testing and Interoperability for Plugtests events LOI with CA/B-Forum 3

Consistency & formal (efficient) mapping Realizations, consistency and mapping of efficient Legal, Technical, Trust and Promotional frameworks are key success factors to convince market & business stakeholders of the possible ROI of eSignatures securing their eProcesses. Sound Standardization Framework Covering whole range of ES prod / serv., ES types and types of CSPs Business practice driven Appropriate guidance International dimension Sound CSPs &Trust Services Provisioning market for interoperable and cross-border use eSignatures Sound Trust Framework Supervision of CSPs Voluntary accreditation Trust Status Lists Application labelling 2. Crobies Study in 2010: Key success factors for eSignatures Promotion Sound Legal Framework Different level of ES Range of ES prod/serv. Different types of CSPs International dimension

3.1 New approach for legal framework: Draft EU EIDAS- Regulation © ETSI All rights reserved 5 June 2012 – EU Commission publish first draft regulation “on electronic identification and trust services for electronic transactions in the internal market”. Added Mutual recognition of electronic identification [E-ID] Extended Supervision of “Certification Service Providers” to “Trust Service Providers”, includes “proactive supervision” Qualified Electronic trust services: Electronic signatures interoperability and usability, Electronic seals interoperability and usability, Time stamping, Electronic delivery service, Electronic documents admissibility, Website authentication.

3.2 Standards Framework I: M460 European Commission mandate EC founded eSignatures standardization activities  4 years:  1st phase (executed)  definition of a rationalized standardization framework, in collaboration with CEN  several specifications upgrades primarily aimed at providing quick technical fixes to existing electronic signatures standards, and definition of test specifications  2nd phase (now)  implement the rationalized standardization framework  support the new EU Regulation on electronic identification and trust services for electronic transactions in the internal market (exp. approval in 2014) 6

3.2 Standards Framework II Mandate/460 Signature Creation & Validation 1 Signature Creation Devices 2 Cryptographic Suites 3 Trust Application Service Providers 5 TSPs supporting eSignature 4 Trust Service Status Lists Providers 6 Rules & procedures Formats Signature Creation / Validation Protection Profiles XAdES (XML) CAdES (CMS) PAdES (PDF) AdES in Mobile envmts ASiC (containers) Made by CEN: SSCDs (e.g. SC) HSMs & other SCDs Key generation Hash functions Signature algorithms Key lengths... Registered Long term preservation Issuing certificates Time-stamping Signing Servers Validation Services List of TSP services approved (supervised) by National Bodies (e.g. Trusted Lists)

AFTER Mandate 460

4. Next Steps © ETSI All rights reserved 9 In Spring 2013 EU Commission published new 2nd draft regulation “on electronic identification and trust services for electronic transactions in the internal market”. Under EU Mandate 460 (2013 to 2015) ETSI commissioned to produce European Norm for TSP Conformity Assessment European Norms for Best Practices (Policy Requirements) Qualified Certificates for Personal Signing Qualified Certificates for organisational “seals” Qualified Time-stamping Services Qualified Website Certificates (should be EN ) ………….

5. Summary © ETSI All rights reserved 10 The new draft EU-Regulation will deliver a complete legal and trust framework for Proactive Supervision on “qualified level” ETSI and CEN standards will be a fundamental part in future EU legislation (delegating acts). but: “relying parties (in Europe!) have to consume the Trust we provide”

Thank you ! ETSI Download : Enter keyword / title / document number Draft EU Regulation: Contact: Arno Fiedler: STF 458 Iñigo Barreira: STF 458 Nick Pope: Lead STF 458 (TSP & e-Signature standards) © ETSI 2012 All rights reserved 11

© ETSI All rights reserved 12 8: Recognition by Applications (OS + Browser + TSL)7: International Assessment / Audit Scheme6: National Supervision and/or Accreditation Scheme operator5: Independent Auditing / Assessment Body4: TSP Conformity Framework and Audit Requirements3: Standard for Certification Policy2: Published Certification Practice Statement1: TSP systems and procedures 2. Assessment & Certification – Actual (Best) Practise for SSL

© ETSI All rights reserved 13 8: Recognition by Applications (e. g. Mozilla, Opera, MS, Google, Adobe Rootstore) 7: International Scheme (e.g. EA: European Cooperation for Accreditation or IAF: International Accreditation Forum) 6: National Scheme (e. g. DAkkS: Deutsche Akkreditierungsstelle)5: Independent Auditing / Assessment Body (e.g. TÜVIT)4: TSP Conformity Framework (ISO ETSI TR CA/B-Forum)3: Standard CP (ETSI TS CA/B-Forum Req)2: Published CPS (e.g. D-TRUST CPS and Conformance Claim)1: TSP systems and procedures (CEN14167 or/and Common Criteria or/and FIPS 140-2) 2. Assessment & Certification – actual TSP Perspective (german example)