1 / 19

Austrian Implementation of the Electronic Signature Directive

Austrian Implementation of the Electronic Signature Directive. Dr. Christoph Brenn Prof.Dr. Reinhard Posch. Christoph.Brenn@bmj.gv.at Reinhard.Posch@A-SIT.at. http://www.a-sit.at/presentation/EESSI.2000.5.pdf. Overview. Some topics: SigG SigVO

jules
Download Presentation

Austrian Implementation of the Electronic Signature Directive

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Austrian Implementation of the Electronic Signature Directive Dr. Christoph Brenn Prof.Dr. Reinhard Posch Christoph.Brenn@bmj.gv.at Reinhard.Posch@A-SIT.at http://www.a-sit.at/presentation/EESSI.2000.5.pdf

  2. Overview • Some topics: SigG SigVO • Types and applicability of signatures • Technical requirements • The certainty of a verifier? • Notification and supervision • International aspects and standards THIS PRESENTATION ASSUMES FAMILIARITY WITH THE DIRECTIVE

  3. The scope • Electronic signatures is just one aspect • Member states have to see the broader context • International cooperation can lead to levels of confidence 5.1 sig e – LIFE Levels ofconfidence 5.2 sig quality labels for 5.1 and 5.2 signatures

  4. Is there a need for national clarifications • The EU-Directive states well the applicability of electronic signatures • Still the Directive is very general • Clarity needed to avoid CSPs from escaping their liability “unless the certification-service-provider proves that he has not acted negligently.” National legislations needs to set out clarification until community law or standards provide for it

  5. Some topics: SigG Secure electronic signature – qualified certificate technical and organisational security requirements allow for the necessary legal effects Notification to supervision when a service starts enables for technical and organisational supervision to assure quality Ordinary signatures secure signatures the market will show what level of security and confidence signatures exhibit Accreditation as a tool for the CSP Accredited services have no extra technical requirements. Public sector to use the same secure electronic signatures This is a specific advantage in a small country

  6. Some topics SigVO • Makes sure that the CSP is competent (in financial and technical terms) • Defines methods, algorithms and parameters for secure signatures • Addresses coding, formats and protocols to be used with secure electronic signatures • Makes sure that document to be signed cannot be altered • Ensures quality and sets out the basis for supervision • Define the fees for supervision Standards have the potential to contribute to foster interoperability of approaches

  7. Types of certificates and signatures ordinary Supervision directoriesrevocation secure devices trustworthy systems secure accredited The signature together with the directories must exhibit its nature – ordinary/secure -

  8. Ordinary signatures (5.2 signatures) • The majority of applications could use ordinary electronic signatures • No change, no special or technical regulations on the use of ordinary signatures due to SigG • Not based on qualified certificates • Market driven approach • Market can develop different levels Initiatives to foster trust Quality labels by international Trust service unions could provide confidence in e-LIFE

  9. Secure electronic signatures(5.1 signatures) • Based on certification and security statement • Secure signature devices provided or advised by CSP • Quality directory service, 24/24 revocation • Appropriate document formats, well defined signature formats and quality algorithms • Revocation guaranteed irrespective of the CSP Potential for standards The fact „5.1 signature“ must be transparent to the verifier, access to directories and revocation at the verifier without further contract

  10. Applicability of electronic signatures • Electronic signatures are generally admissible • Secure electronic signatures to replace written form • Except: family law, official certification, notarial deed, declaration of guarantee • To be used by the public sector unless a law states otherwise

  11. Technical requirements • Trustworthy systems • Secure electronic signature devices • ITSEC E3high/E2high until an agreed CC/PP exists • Certification and security statement to define the service and its security • Formats of signatures, certificates, etc. • Formats for documents • Technical environment at the CSP UNTIL SPECIFIC STANDARDS AVAILABLE Potential for standards

  12. Generating secure signatures • Signature creation data have been produced with qualified devices • Qualified certificates are based on verifiable and documented content • Document formats are well defined and not dynamic • In many cases a recipient is not a priory known – this fact and the durability requirement makes formats very important • Appropriate hash-computation and PIN control Potential for standards

  13. What can a verifier know about a secure signature • Directories are secure and available • Certificates available be verified • Revocation is prompt and available • Blocking and revocation 24/24 effective within max 3 office hours • Available irrespective of the CSP’s status without further contracts • Information about qualified certificate and secure electronic signature available • Through certificate or through directories • The certificate issuer must be able to perform a secure verification – at least for courts Potential for standards

  14. Accreditation - Notification Supervision A systematic view TSU-international 5.1(directive) Initiatives to foster trust Supervision If agreement existscan be the same Cross nations If nationalcan be the same TSU TSUnational Vol. Accredited Quality label obligation entitlement Service 5.1/5.2 Sig 5.1 Sig 5.1 Service 5.1/5.2

  15. Accreditation/Notification/Supervision – THE AUSTRIAN VIEW TSU-international 5.1(directive) Potential for international cooperation Supervision Aufsicht/Bestätigung Cross Nation TSU TSUnational Vol. Accredited Quality Label Service 5.1/5.2 Sig 5.1 Service 5.1/5.2 private initiatives? Regulated by SigG/SigV

  16. CSP: notification and supervision • CSP to define the technical methods and components • CSP to define formats for certificates, directories, signatures, documents etc.. • CSP to provide recommend signature creation devices • CSP to advise the signatories • CSP to provide evidence of compliance with evaluated security of devices • CSP to provide the procedures for application for certificates • CSP to provide appropriate formats • CSP to provide the security and certification statement • CSP to provide secure verification as a minimum for courts Supervision statement to give clarity

  17. Services for and from other countries • Certificates and their validity must be verifiable from Austria • Supervisory body supplies directories of supervised CSPs online • If not possible otherwise the supervisory body will continue the revocation services

  18. Important aspects Is a the quality assuredby supervision? singed document Is a third party able toknow the applied formats? hash funch = H(M) h Potential for standards =? h‘ Is certificate and revocationinformation available withoutcontracts at the verifier? public key Is the fact „5.1 signature“ transparent online?

  19. Final remarks Electronic signatures are a basic infrastructure of the information age Electronic signatures must be reliable so as to build confidence Further international clarification is still neededCSP and RA in different countriesCSP statement understandable to the verifierFormats available to a not yet existing verifierPublic administration approach in the international context http://www.a-sit.at/English/documents.htm

More Related