1 / 24

EESSI European Electronic Signature Standardisation Initiative Implementing Electronic Signature

EESSI European Electronic Signature Standardisation Initiative Implementing Electronic Signature. EESSI Charter. Electronic Signature Directive is providing a common EU framework for electronic signatures (1993/93/EC)

jed
Download Presentation

EESSI European Electronic Signature Standardisation Initiative Implementing Electronic Signature

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EESSIEuropean Electronic Signature Standardisation Initiative Implementing Electronic Signature August 2002

  2. EESSI Charter • Electronic Signature Directive is providing a common EU framework for electronic signatures (1993/93/EC) • Industry, with the assistance of European Standards Bodies, to provide an agreed framework for an open, market-oriented implementation of the Directive • EESSI put in place to co-ordinate this task (ICT-SB Dec. 98) August 2002

  3. EESSI Objectives • Analyse needs for standards in support of minimum essential legal requirements as stated by the Directive • Assess available standards and current initiatives at national, European and international levels • Set up and implement a Programme of Work, built on international co-operation August 2002

  4. Directive highlights • Legal recognition of electronic signatures • Technology neutral • Free flow of Products and Services • Excludes prior authorisation or licensing scheme for Certification Service Providers • Mandates supervision scheme for CSPs • Calls for monitoring of Voluntary Accreditation Scheme August 2002

  5. Annexes of the Directive • Annex I: Requirements for qualified certificates • Annex II: Requirements for certification-service-providers issuing qualified certificates • Annex III: Requirements for secure signature-creation devices • Annex IV: Recommendations for secure signature verification August 2002

  6. Proposed Classes of Electronic Signatures August 2002

  7. Framework forimplementation Security/Quality level Signature Creation Device Certificate Policy Electronic Signature Syntax Trustworthy System Signature with long validity Qualified Electronic Signature Signature for limited value transactions August 2002

  8. EESSI Organisation Steering Committee • Standard Bodies and Consensus Bodies involved in standardisation: CEN, ETSI, ISO, ECBS, EEMA, EURESCOM • Market Players: Bull, Globalsign, iD2, BT, ACE • Public Authorities and Consumers Rep’s: BSI (D), PRC (FIN), AIPA (I), DSTI (F), ECP.NL (NL), ANEC • Commission as observer: DG Enterprise, DG Information Society, DG Internal Market Expertise activity as required August 2002

  9. EESSI Structure EESSI/SG European Telecommunications Standards Institute Industry and business, assisted by European standard bodies August 2002

  10. Base Line for Action Capitalise on European & International activities • ETSI TC SEC, ISO/JTC1/SC27, IETF-PKIX, W3C, EURESCOM • EEMA/ECAF, ICC, ABA, ILPF • UNCITRAL Model of Law, AGB • European Projects: IST and ISIS programmes • National activities in Germany (BSI, INDI), Nordic Countries (SEIS, SAT, FDS), Italy (AIPA), Austria, Spain (FESTE), Netherlands (TTP.NL), UK (tScheme), ... August 2002

  11. EESSI Programme Implementation • Standardization work programme • Phase 1 (work programme definition) completed 3Q1999 • Phase 2 (essential requirements for the Directive) completed • 2Q2002 • Phase 3 (requirements for different classes of electronic signature) to be completed by the end of 2002 • Phase 4 (additional requirements) to be performed in • 2002-2003 August 2002

  12. EESSI Programme Implementation • Use of the existing standardization technical groups • CEN/ISSS E-SIGN Workshop • 30+ participants, funded Expert Teams • Deliverables: CEN Workshop Agreements (CWA) • ETSI ESI Technical Committee • 20+ Participants, funded Specialist Task Force • Deliverables: ETSI Technical Specifications (ETSI TS) • and ETSI Technical Reports (ETSI TR) • Creation of the ALGO group • Expert group providing guidance on cryptographic • algorithms and parameters in EESSI standards August 2002

  13. Roadmap of Phase 2 EESSI Standards Certification Service Provider Trustworthy system- A.II.f Requirements for CSPs - A.II Time Stamp Qualified certificate - A.I Signature valida-tion process and environment - A.IV Signature creation process & environment (A.III) Signature format and syntax (Advanced ES) Creationdevice A.III CEN E-SIGN ETSI ESI Relying party/verifier User/signer August 2002

  14. Phase 2 Deliverables • Target: Directive Annexes I-IV requirements and interoperability Published in 4Q2000: • Policies for Certification Service Providers, ETSI TS 101 456 (updated 2Q2002) • Profile for Qualified Certificates, ETSI TS 101 862, (updated 2Q2001) • Electronic Signature Formats, ETSI TS 101 733, (also published as 2 IETF RFC) (updated 1Q2002) August 2002

  15. Deliverables….. Published in 3Q2001: • Security Requirements for SSCDs (EAL4), CWA 14168 • Signature Creation Process and Environment, CWA 14170 • Signature Verification Process and Environment, CWA14171 • Conformity Assessment Guidance, CWA 14172 – Parts 1-2 • Time Stamping Profile, ETSI TS 101 861 (based on IETF RFC) (updated 1Q2002) August 2002

  16. Deliverables... Published in 4Q2001: • Security Requirements for Trustworthy Systems, CWA 14167-1 • Conformity Assessment Guidance, CWA 14172 – Parts 3-5 Published in 1Q2002: • Cryptographic Modules for CSP (MCSO-PP), • CWA 14167-2 • Security Requirements for SSCDs (EAL4+), CWA 14169 August 2002

  17. Roadmap of Phase 3 Activities (2001) Certification Service Provider TimeStamping Authority Requirements for TSAs * Alternative Requirements for CSPs * Trustworthy Systems * CA status and validation by RP * Time Stamping Format&Protocol Qualified certificate Signature valida-tion process and environment Signature format * and syntax in XML Signature Creationdevice* Signature creation process and environment * Phase 3 Relying Party/Verifier User/Signer August 2002

  18. Phase 3 Deliverables Published in 1Q2002: • Guidelines for the implementation of SSCDs, CWA 14355 • XML Advanced Electronic Signatures, ETSI TS 101 903 • International harmonization of Policy Requirements for CAs issuing Certificates, ETSI TR 102 040 • Signature Policies Report, ETSI TR 102 041 August 2002

  19. Deliverables….. Published in 2Q2002: • Policy Requirements for Time Stamping Authorities, ETSI TS 102 023 • Provision of harmonized Trust Service Provider status information, ETSI TR 102 030 • XML Format for Signature Policies, ETSI TR 102 038 • Policy Requirements for Certification authorities issuing Public Key Certificates, ETSI TS 102 042 August 2002

  20. Deliverables….. • Ongoing work: • Guide on the Use of Electronic Signatures, draft CWA 14365 • Cryptographic Module for CSP Key Generation Services, (CMCKG-PP), draft CWA 14167-3 • Application Interface for Smart cards used as SSCDs, draft CWA • Signature Policy for Extended Business Model draft ETSI TR 102 045 • Maintenance of ETSI Standards from EESSI phase 2 and 3, draft ETSI TR 102 046 • International harmonization and globalization activities, draft ETSI TR 102 047 Publication is foreseen in the second half of 2002 August 2002

  21. Phase 4 Activities New activities are planned in 2002-2003 on the following subjects: • Maintenance of the published specifications • Harmonised provision of TSP status information • Internationalisation of Certificate Policies • Technical Standards for Signature Policies • Policy Requirements for CSPs issuing Attribute Certificates • Technical properties of Advanced Electronic Signatures • Interoperability requirements of smart Cards used as SSCDs • Conformity assessment of SSCDs supporting non Qualified Electronic Signatures • Provision of Certificates status information to Relying Parties August 2002

  22. European perspectives • The evaluation of the EESSI specifications of the EESSI phase 2 deliverables, as answering the requirements set by the Directive has been performed by the Commission • The recognition as Generally Recognized Standards under the Directive of the EESSI phase 2 deliverables answering the requirements set in the annexes, is proposed in a draft Decision prepared by the Commission. The proposal was discussed in the meeting of the Directive Member States committee in July 2002, and generally supported • The publication in the EU OJ of the references to the deliverables produced by EESSI, as providing a proper technical framework for the implementation of the Directive should follow. It will give a positive signal to the market players for the development of products and services complying with the EESSI specifications August 2002

  23. International Perspectives • Recognition of conformance to SSCD requirements CC MRA: Arrangement on the Mutual Recognition of CC Certificates in the Field of IT Security Similar ambition with Trustworthy Systems • Cross-recognition of “certification policy”: Assessment of policy mapping between US Federal PKI and ETSI-EESSI requirements • Harmonization of interoperability standards : Use of existing standards (ISO, IETF), liaisons under development (W3C, WAP Forum, EDI/XML) and submissions to IETF August 2002

  24. EESSI on the Web • http://www.ictsb.org/EESSI_home.htm • More useful references: • ETSI:http://www.etsi.org/esi/el-sign.htm Sign up from Web-site to open El Sign mailing list • CEN:http://www.cenorm.be/isss/workshop/e-sign August 2002

More Related