iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
CEN

CEN/TS 419241:2014

(Main)

Security Requirements for Trustworthy Systems Supporting Server Signing

Security Requirements for Trustworthy Systems Supporting Server Signing

1.1   General
This document specifies security requirements and recommendations for Trustworthy System Supporting Server Signing (TW4S) that generate advanced electronic signatures as defined in Directive 1999/93/EC. This document may also be applied to electronic signatures complying to Article 5(1) of Directive 1999/93/EC employing a Secure Signature Creation Device (SSCD) compliant with Annex III and supported by a qualified electronic signature.
The Server Signing Application (SSA) runs on a networked server supporting one or more signatories to remotely sign electronic documents using centralized signature keys held on the signing server under sole control of the signatory.
An SSA is intended to deliver to the user or to some other application process in a form specified by the user, an Advanced- or where applicable a Qualified - Electronic Signature associated with a Signer's Document as a Signed Data Object.
This document:
-   provides commonly recognized functional models of TW4S;
-   specifies overall requirements that apply across all of the services identified in the functional model;
-   specifies security requirements for each of the services identified in the SSA.
-   specifies security requirements for sensitive system components which may be used by the SSA (e.g. Signature Creation Device (SCDev)).
This document does not specify technologies and protocols, but rather identifies requirements on the security on technologies to be employed.
1.2   Out of scope
The following aspects are considered to be out of scope:
-   other trusted services that may be used alongside this service such as signature validation service, time-stamping service and information preservation service,
-   any application or system outside of the SSA,
-   the legal interpretation of any form of signature (e.g. the implications of countersignatures, of multiple signatures and of signatures covering complex information structures containing other signatures).
1.3   Audience
This document specifies security requirements that are intended to be followed by:
-   providers of SSA systems.
-   Trust Service Providers (TSP) offering signature generation service.

Sicherheitsanforderungen für Vertrauenswürdige Systeme, die Serversignaturen unterstützen

Exigences de sécurité pour des systèmes fiables de serveur de signature électronique

Varnostne zahteve za zaupanja vredne sisteme, ki podpirajo strežniško podpisovanje

CEN/TS 419241 podaja varnostne zahteve in priporočila za zaupanja vredne sisteme, ki podpirajo strežniško podpisovanje (TW4S) in ki ustvarijo napredne elektronske podpise v skladu z opredelitvijo v Direktivi 1999/93/ES. Ta dokument se lahko uporablja tudi za elektronske podpise v skladu s prvim odstavkom člena 5 Direktive 1999/93/ES, pri katerih se uporabi sredstvo za varno elektronsko podpisovanje (SSCD), skladno z Dodatkom III in podprto s kvalificiranim elektronskih podpisom. Strežniška aplikacija za podpisovanje (SSA) deluje v omrežnem strežniku, ki podpira oddaljeno elektronsko podpisovanje enega ali več podpisnikov z uporabo centraliziranih podpisniških ključev, hranjenih v strežniku za podpisovanje pod izključnim nadzorom podpisnika. Strežniška aplikacija za podpisovanje je namenjena za zagotavljanje naprednega ali, kjer je primerno, kvalificiranega elektronskega podpisa, povezanega z dokumentom kot predmetom podpisnih podatkov podpisnika uporabniku ali drugim aplikacijskim postopkom v obliki, ki jo navede uporabnik. Ta dokument: – podaja splošno priznane funkcionalne modele za zaupanja vredne sisteme, ki podpirajo strežniško podpisovanje; – določa splošne zahteve, ki veljajo za vse storitve, določene v funkcionalnem modelu; – določa varnostne zahteve za vsako od storitev, opredeljeno v strežniški aplikaciji za podpisovanje; – določa varnostne zahteve za občutljive sistemske komponente, ki jih lahko uporabi strežniška aplikacija za podpisovanje (npr. sredstvo za elektronsko podpisovanje (SCDev)). Ta dokument ne določa tehnologij in protokolov, temveč identificira zahteve glede varnosti za tehnologije, ki se uporabijo.

General Information

Status
Withdrawn
Publication Date
25-Mar-2014
Withdrawal Date
03-Jul-2018
ICS
35.240.99 - IT applications in other fields
Technical Committee
CEN/TC 224 - Machine-readable cards, related device interfaces and operations
Drafting Committee
CEN/TC 224/WG 17 - Protection Profiles in the context of SSCD
Current Stage
9960 - Withdrawal effective - Withdrawal
Completion Date
04-Jul-2018
Mandate
M/460 - Standardisation Mandate to the European Standardisation Organizations CEN, CENELEC and ETSI in the field of Information and Communication Technologies applied to Electronic Signatures
Ref Project
SIST-TS CEN/TS 419241:2014 - Security Requirements for Trustworthy Systems Supporting Server Signing

Relations

Replaced By
EN 419241-1:2018 - Trustworthy Systems Supporting Server Signing - Part 1: General System Security Requirements
Effective Date
15-Jul-2018

Buy Standard

TS CEN/TS 419241:2014 - BARVETS CEN/TS 419241:2014 - BARVE
PreviousNext
Technical specification
TS CEN/TS 419241:2014 - BARVE
English language
26 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
01-julij-2014
Varnostne zahteve za zaupanja vredne sisteme, ki podpirajo strežniško
podpisovanje
Security Requirements for Trustworthy Systems Supporting Server Signing
Sicherheitsanforderungen für Vertrauenswürdige Systeme, die Serversignaturen
unterstützen
Exigences de sécurité pour des systèmes fiables de serveur de signature électronique
Ta slovenski standard je istoveten z: CEN/TS 419241:2014
ICS:
35.240.99 8SRUDEQLãNHUHãLWYH,7QD IT applications in other fields
GUXJLKSRGURþMLK
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

TECHNICAL SPECIFICATION
CEN/TS 419241
SPÉCIFICATION TECHNIQUE
TECHNISCHE SPEZIFIKATION
March 2014
ICS 35.240.99
English Version
Security Requirements for Trustworthy Systems Supporting
Server Signing
Exigences de sécurité pour des systèmes fiables de Sicherheitsanforderungen für Vertrauenswürdige Systeme,
serveur de signature électronique die Serversignaturen unterstützen
This Technical Specification (CEN/TS) was approved by CEN on 14 October 2013 for provisional application.

The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to submit their
comments, particularly on the question whether the CEN/TS can be converted into a European Standard.

CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS available
promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in parallel to the CEN/TS)
until the final decision about the possible conversion of the CEN/TS into an EN is reached.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United
Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2014 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TS 419241:2014 E
worldwide for CEN national Members.

Contents Page
Foreword .3
Introduction .4
1 Scope .5
1.1 General .5
1.2 Out of scope .5
1.3 Audience .5
2 Normative references .6
3 Terms and definitions .6
4 Symbols and abbreviations .9
5 Description of Trustworthy Systems Supporting Server Signing . 10
5.1 General . 10
5.2 Signature Creation and Server Signing Objectives . 10
5.3 AdES bound to a natural or legal person . 10
5.4 Levels of sole control . 10
5.5 Batch Server Signing . 11
5.6 SCD . 11
5.6.1 General . 11
5.6.2 SCD for AdES . 11
5.6.3 SCD for QES . 11
5.6.4 Signer's authentication and SAD . 12
5.6.5 Privileged system users . 12
5.7 Functional model . 12
5.7.1 General . 12
5.7.2 Scopes of requirements depending of sole control levels . 12
5.7.3 SSA Core Components . 13
5.7.4 SCD activation mechanisms . 14
6 Security Requirements . 16
6.1 General . 16
6.2 General Security Requirements (SRG) . 16
6.2.1 Management (SRG_M) . 16
6.2.2 Systems and Operations (SRG_SO) . 17
6.2.3 Identification and Authentication (SRG_IA) . 18
6.2.4 System Access Control (SRG_SA) . 18
6.2.5 Key Management (SRG_KM) . 19
6.2.6 Accounting and Auditing (SRG_AA). 20
6.2.7 Archiving (SRG_AR) . 22
6.2.8 Backup and Recovery (SRG_BK) . 22
6.3 Core Components Security Requirements (SRC) . 23
6.3.1 SCD Setup (SRC_DS) — Cryptographic key (SRC_DS.1) . 23
6.3.2 Signer Authentication (SRC_SA) . 23
6.3.3 Signature Creation (SRC_SC) . 23
6.4 Additional Security Requirements for Level 2 (SRA) . 23
6.4.1 General . 23
6.4.2 SCD Activation (SRA_DA) . 24
Bibliography . 26

Foreword
This document (CEN/TS 419241:2014) has been prepared by Technical Committee CEN/TC 224 “Personal
identification, electronic signature and cards and their related systems and operations”, the secretariat of
which is held by AFNOR.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent rights.
This document has been prepared under a mandate given to CEN by the European Commission and the
European Free Trade Association.
Successful implementation of European Directive 1999/93/EC on a community framework for electronic
signatures requires standards for services, processes, systems and products related to electronic signatures
as well as guidance for conformity assessment of such services, processes, systems and products.
In 1999 the European ICT Standards Board, with the support of the European Commission, undertook an
initiative bringing together industry and public authorities, experts and other market players, to create the
European Electronic Signature Standardization Initiative (EESSI).
Within this framework the Comité Européen de Normalisation / Information Society Standardization System
(CEN/ISSS) and the European Telecommunications Standards Institute / Electronic Signatures and
Infrastructures (ETSI/ESI) were entrusted with the execution of a work programme to develop generally
recognized standards to support the implementation of Directive 1999/93/EC and the development of a
European electronic signature infrastructure.
This document will describe security requirements for a server-side system using certificates in order to create
advanced electronic signatures (AdES) in accordance with the requirements of the European Directive on
Electronic Signature 1999/93. The signature is to be supported by a qualified certificate, or other public key
certificate issued for the purposes of signing, issued by a Trust Services Provider (TSP) operating to
recognized good practices (e.g. ETSI EN 319 411-3 (aka ETSI/TS 102 042) or ETSI EN 319 411-2 (aka
ETSI/TS 101 456)). The document will include requirements for the use of the appropriate protection profiles
for the Signature Creation Device (SCDev).
The purpose of the trustworthy system is to produce an advanced electronic signature created under sole
control of a natural person, or a legal person (such advanced electronic signatures produced by legal persons
are called electronic seals).
The Signature Generation Service Provider (SGSP) operates the trustworthy system in an environment with a
security policy which incorporates general physical, personnel, procedural and documentation security
requirements as defined in ETSI EN 319 411-2 / ETSI EN 319 411-3.
This document is identified as CEN/TS 419241 within the Rationalised Framework for Electronic Signature
Standardization ETSI SR 001 604.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the following
countries are bound to announce this Technical Specification: Austria, Belgium, Bulgaria, Croatia, Cyprus,
Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany,
Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland,
Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom.
Introduction
The European Directive 1999/93/EC establishes a framework of requirements for the use of electronic
signatures. This Directive also introduces the notion of advanced electronic signature which is defined as
legally equivalent to a hand-written one if generated by a physical person using a qualified certificate stored in
a Secure Signature Creation Device (SSCD).
Since the publication of the Directive, other forms of electronic signatures have appeared in order to meet
market needs (e.g. e-Invoicing, e-Procurement). These other forms do not necessarily require the use by a
natural or legal person of a secure signature creation device and/or qualified certificate.
One of these forms is an electronic signature created using a networked server. The Signature Creation Data
(SCD) is under control of an individual user but held centrally within a shared server, instead on a secure
signature creation device held by the signatory.
It is not the intent of this standard to limit the type of public key certificate, qualified or otherwise, used by the
networked signing server.
The main objective of this standard is to define requirements and recommendations for a networked signing
server which may process electronic certificates used by natural or legal persons for electronically signing
documents.
This document specifies basic requirements for server signing. Additional specifications may be issued which
provide more detailed requirements. For further details see ETSI SR 001 604.
1 Scope
1.1 General
This document specifies security requirements and rec
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

CEN
EN ISO 16484-1:2024(Main)
Building automation and control systems (BACS) - Part 1: Project specification and implementation (ISO 16484-1:2024)
SIST EN ISO 16484-1:2024

This document specifies guiding principles for project design and implementation and for the integration of other systems into the building automation and control systems (BACS).
This document specifies the phases required for the BACS project, including
—     design (determination of project requirements and production of design documents including technical specifications),
—     engineering (detailed function and hardware design),
—     installation (installing and commissioning of the BACS), and
—     completion (handover, acceptance and project finalization).
This document also specifies the requirements for as-built documentation and training.
This document is not applicable to operation and maintenance, nor is it applicable to retro or continuous commissioning, including a commissioning authority.

  • Standard
    30 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 13757-2:2018+A1:2023(Main)
Communication systems for meters - Part 2: Wired M-Bus communication
SIST EN 13757-2:2018+A1:2024

This draft European standard is applicable to the physical and link layer parameters of baseband communication over twisted pair (M Bus) for meter communication systems. It is especially applicable to thermal energy meters, heat cost allocators, water meters and gas meters.
NOTE    It is usable also for other meters (like electricity meters) and for sensors and actuators. For generic descriptions concerning communication systems for meters and remote reading of meters see EN 13757-1.

  • Standard
    38 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TR 17167:2023(Main)
Communication system for meters - Accompanying TR to EN 13757-2,-3 and -7, Examples and supplementary information
SIST-TP CEN/TR 17167:2024

This Technical Report contains additional information to the requirements determined in EN 13757-2, EN 13757-3 and EN 13757-7, in particular examples for the implementation, Datagram examples secured by security mechanism of part 7 and additional non-normative requirements beyond meter communication itself.

  • Technical report
    90 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 15518-3:2023(Main)
Winter maintenance equipment - Road weather information systems - Part 3: Requirements on measured values of stationary equipment
SIST EN 15518-3:2024

This document specifies the terminology and performance requirements for all sensor components of stationary equipment within a Road Weather Information System (RWIS).

  • Standard
    15 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TS 15518-4:2023(Main)
Winter maintenance equipment - Road weather information systems - Part 4: Test methods for stationary equipment
SIST-TS CEN/TS 15518-4:2024

This document specifies the test methods, the experimental set-up and result analysis for the laboratory qualification of stationary equipment within a RWIS.

  • Technical specification
    42 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 17531:2021+A1:2023(Main)
Reporting in support of supervision of online gambling services by the gambling regulatory authorities of the Member States
SIST EN 17531:2021+A1:2023

The development of a European standard(s) on reporting by online gambling service operators and suppliers to the gambling regulatory authorities in the Member States for the purpose of supervision of online gambling services will specify the core data for reporting purposes, while ensuring integrity and security of the data as well as personal data protection.
The requested European standard(s) will provide a voluntary tool to the gambling regulatory authorities in the Member States without prejudice to the scope of competence of Member States in the regulation of online gambling and without imposing any obligation on them to introduce reporting requirements or to authorize or deny authorization to any operators or suppliers.

  • Standard
    271 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 25119-3:2023(Main)
Tractors and machinery for agriculture and forestry - Safety-related parts of control systems - Part 3: Series development, hardware and software (ISO 25119-3:2018)
SIST EN ISO 25119-3:2023

This document sets out general principles for the design and development of safety-related parts of control systems (SRP/CS) on tractors used in agriculture and forestry and on self-propelled ride-on machines and mounted, semi-mounted and trailed machines used in agriculture. It can also be applied to mobile municipal equipment (e.g. street-sweeping machines).
This document is not applicable to:
—          aircraft and air-cushion vehicles used in agriculture;
—          lawn and garden equipment.
This document specifies the characteristics and categories required of SRP/CS for carrying out their safety-related functions. It does not identify performance levels for specific applications.
NOTE 1    Machine specific type-C standards can specify performance levels (AgPL) for safety-related functions in machines within their scope. Otherwise, the specification of AgPL is the responsibility of the manufacturer.
This document is applicable to the safety-related parts of electrical/electronic/programmable electronic systems (E/E/PES), as these relate to mechatronic systems. It covers the possible hazards caused by malfunctioning behaviour of E/E/PES safety-related systems, including interaction of these systems. It does not address hazards related to electric shock, fire, smoke, heat, radiation, toxicity, flammability, reactivity, corrosion, release of energy, and similar hazards, unless directly caused by malfunctioning behaviour of E/E/PES safety-related systems. It also covers malfunctioning behaviour of E/E/PES safety-related systems involved in protective measures, safeguards, or safety-related functions in response to non-E/E/PES hazards.
Examples included within the scope of this document:
—          SRP/CS's limiting current flow in electric hybrids to prevent insulation failure/shock hazards;
—          electromagnetic interference with the SRP/CS;
—          SRP/CS's designed to prevent fire.
Examples not included in the scope of this document:
—          insulation failure due to friction that leads to electric shock hazards;
—          nominal electromagnetic radiation impacting nearby machine control systems;
—          corrosion causing electric cables to overheat.
This document is not applicable to non-E/E/PES systems (e.g. hydraulic, mechanic or pneumatic).
NOTE 2    See also ISO 12100 for design principles related to the safety of machinery.
This document is not applicable to safety related parts of control systems manufactured before the date of its publication.

  • Standard
    75 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 25119-3:2023/A1:2023(Amendment)
Tractors and machinery for agriculture and forestry - Safety-related parts of control systems - Part 3: Series development, hardware and software - Amendment 1 (ISO 25119-3:2018/Amd 1:2020)
SIST EN ISO 25119-3:2023/A1:2023
  • Amendment
    9 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 25119-4:2023/A1:2023(Amendment)
Tractors and machinery for agriculture and forestry - Safety-related parts of control systems - Part 4: Production, operation, modification and supporting processes - Amendment 1 (ISO 25119-4:2018/Amd 1:2020)
SIST EN ISO 25119-4:2023/A1:2023
  • Amendment
    9 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 25119-1:2023/A1:2023(Amendment)
Tractors and machinery for agriculture and forestry - Safety-related parts of control systems - Part 1: General principles for design and development - Amendment 1 (ISO 25119-1:2018/Amd 1:2020)
SIST EN ISO 25119-1:2023/A1:2023
  • Amendment
    8 pages
    English language
    sale 10% off
    e-Library read for
    1 day