This document specifies a protection profile for trustworthy systems supporting time stamping.

  • Standard
    63 pages
    English language
    sale 10% off
    e-Library read for
    1 day

The scope of proposed 419 241 part 2 (PP TSCM) covers security requirements to reach compliance with Annex II of Regulation No 910/2014 of the remote (qualified TSP operated) parts of the system, other than those relating to Signature Activation Data (SAD) management and the operation of the Signature Activation Protocol (SAP), assuming use of a cryptographic module conforming to EN 419 221-5. EN 419 241 part 2 will be balloted simultaneously with EN 419241 Part 3 Protection profile for Signature Activation Data management and Signature Activation Protocol(PP-SAD+SAP). These two new parts of EN 419 241, used in conjunction with the protection for PP for Cryptographic Module for Trust Services (EN 419 221-5), will contain security requirements for level 2 (sole control) as specified in TS 419 241 in a formal manner aligned with common criteria. These two new parts of EN 419 241, with EN 419 221-5, will support the certification of a system for remote qualified electronic signature or seal creation devices (remote QSCD) which meet the requirements of EU Regulation No 910/2014: The electronic signature creation data can be reliably protected by the legitimate signatory (sole control) against use by others, where the generation and management of the signature creation data is carried out by a qualified trust service provider on behalf of a signatory.
The scope of proposed 419 241 part 3 (PP-SAD+SAP) covers security requirements to reach compliance with Annex II of Regulation No 910/2014 on the management of the SAD and the operation of the SAP used to provide sole control of the signatory or seal creator for the remote QSCD signing or sealing functions. The proposed parts 2 and 3 are to be independent of specific authentication mechanism and signature activation protocol to allow maximum flexibility with respect to future solutions and to allow supporting several authentication mechanisms. The proposed part 3 is to take into account: a) potential implementations that require dedicated functional components, owned by the signatory or seal creator, which are for the purposes of ensuring sole control, and b) potential implementations that do not require such dedicated functional components but still ensuring sole control of the signatory or seal creator. The proposed part 3 covers requirements up to the interface to the signatory or seal creator needed for authentication and the interface to the signature creation application for selection, checking and display of data to be signed (e. g. a signature creation application as defined in EN 419 111) while requirements on the signature creation application itself are out of scope. It is proposed that part 3 (PP-SAD+SAP) forms the prime reference for server signing that may be certified according to Regulation No 910/2014 including Annex II, and that this part requires components certified according to part 2 (PP TSCM) and EN 419221-5.

  • Standard
    75 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This document specifies conditions for use of an EN 419221-5 certified device in the case the signatory or seal creator has direct local control of the cryptographic module with the aim of being recognised as a qualified seal and/or signature creation device as defined in Regulation EU 910/2014 [1].
This document is aimed at use by entities other than trust service providers. Trust service providers can use EN 419221-5 directly without the need to take into account specific conditions as specified in the present document.

  • Technical specification
    9 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This document considers requirements of the eIDAS regulation and use cases for qualified electronic seal creation devices and how these requirements may be met by standards.
These use cases will take into account differences in articles 26 and 36 of eIDAS on (sole) control of the signatory and seal creator on its signature / seal creation data, whilst also recognizing the commonalities.
This may possibly lead to identifying requirements for updates to existing standards.
The proposed table of content is the following:
1 Scope
2 References
3 Terms and definitions
3.1 Terminology
3.2 Abbreviations
4 A Consideration of Relevant Regulatory Requirements
5 Use cases
6 Analysis of features of Standard and Use cases
6.1 EN 419 211-x
6.1.1 Main Features relating to use cases
6.1.2 Applicability to use cases
6.2 EN 419 221-5
6.2.1 Main Features relating to use cases
6.2.2 Applicability to use cases
6.3 EN 419 241-1 / -2
6.3.1 Main Features relating to use cases
7 Summary of Conclusions

  • Technical report
    22 pages
    English language
    sale 10% off
    e-Library read for
    1 day

1.1   General
This document specifies security requirements and recommendations for Trustworthy Systems Supporting Server Signing (TW4S) that generate digital signatures.
The TW4S is composed at least of one Server Signing Application (SSA) and one Signature Creation Device (SCDev) or one remote Signature Creation Device.
A remote SCDev is a SCDev extended with remote control provided by a Signature Activation Module (SAM) executed in a tamper protected environment. This module uses the Signature Activation Data (SAD), collected through a Signature Activation Protocol (SAP), in order to guarantee with a high level of confidence that the signing keys are used under sole control of the signer.
The SSA uses a SCDev or a remote SCDev in order to generate, maintain and use the signing keys under the sole control of their authorized signer. Signing key import from CAs is out of scope.
So when the SSA uses a remote SCDev, the authorized signer remotely controls the signing key with a high level of confidence.
A TW4S is intended to deliver to the signer or to some other application, a digital signature created based on the data to be signed.
This standard:
-   provides commonly recognized functional models of TW4S;
-   specifies overall requirements that apply across all of the services identified in the functional model;
-   specifies security requirements for each of the services identified in the TW4S;
-   specifies security requirements for sensitive system components which may be used by the TW4S.
This standard is technology and protocol neutral and focuses on security requirements.
1.2   Outside of the scope
The following aspects are considered outside of the scope of this document:
-   other trusted services that may be used alongside this service such as certificate issuance, signature validation service, time-stamping service and information preservation service;
-   any application or system outside of the TW4S (in particular the signature creation application including the creation of advanced signature formats);
-   signing key and signing certificate import from CAs;
-   the legal interpretation of the form of signature (e.g. electronic signature, electronic seal, qualified or otherwise).
1.3   Audience
This standard specifies security requirements that are intended to be followed by:
-   providers of TW4S systems;
-   Trust Service Providers (TSP) offering a signature creation service.

  • Standard
    43 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This part of EN 419221 specifies a Protection Profile for cryptographic modules suitable for use by trust service providers supporting electronic signature and electronic sealing operations, certificate issuance and revocation, time stamp operations, and authentication services, as identified by the (EU) No 910/2014 regulation of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market (eIDAS) in [Regulation]. The Protection Profile also includes optional support for protected backup of keys.
The document follows the rules and conventions laid out in Common Criteria part 1 [CC1], Annex B "Specification of Protection Profiles".

  • Standard
    79 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This Technical Standard specifies a protection profile for cryptographic module for CSP key generation services.

  • Technical specification
    41 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This Technical Specification specifies a protection profile for cryptographic modules used by certification service providers (as specified in Directive 1999/93) for signing operations, with key backup. Target applications include root certification authorities (certification authorities who issue certificates to other CAs and who are at the top of a CA hierarchy) and other certification service providers where there is a high risk of direct physical attacks against the module.

  • Technical specification
    55 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This Technical Specification provides an overview of the protection profiles specified in other parts of CEN/TS 419221.

  • Technical specification
    12 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This Technical Specification specifies a protection profile for cryptographic modules used by certification service providers (as specified in Directive 1999/93) for signing operations, without key backup. Target applications include root certification authorities (certification authorities which issue certificates to other CAs and is at the top of a CA hierarchy) and other certification service providers where there is a high risk of direct physical attacks against the module.

  • Technical specification
    47 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This European Standard specifies a protection profile for a secure signature creation device that may import signing keys and communicate with the signature creation application in protected manner: secure signature creation device with key import and trusted communication with signature creation application (SSCD KI TCSCA).

  • Standard
    24 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This European Standard:
-   specifies terms used in specifying protection profiles for secure signature creation devices,
-   specifies functional and operational requirements for secure signature creation devices,
-   describes the targets of evaluation for these protection profiles.

  • Standard
    21 pages
    English language
    sale 10% off
    e-Library read for
    1 day

1.1   General
This Technical Specification establishes security requirements for TWSs that can be used by a TSP in order to issue QCs and Non-Qualified Certificates (NQCs) as well as electronic time-stamps in accordance with Dir.1999/93/EC and with [Reg.910/2014/EU].
Security requirements for the Subject Device Provision Service, which includes SCDev/QSCD provision to subjects, are defined in this TS. However, requirements specific to SCDev/QSCD devices, as used by subjects of the TSP, are outside the scope of this TS. These requirements are defined as Common Criteria [CC] Protection Profiles (PP) in the EN 419211 series.
Recommendations for the cryptographic algorithms to be supported by TWSs are provided in ETSI/TS 119 312.
Although this TS is based on the use of public key cryptography, it does not require or define any particular communication protocol or format for electronic signatures, certificates, certificate revocation lists, certificate status information and time-stamp tokens. It only assumes certain types of information to be present in the certificates in accordance with Annex I of Dir.1999/93/EC and of [Reg.910/2014/EU]. Interoperability between TSP systems and subject systems is outside the scope of this document.
The use of TWSs that are already compliant to relevant security requirements of this TS should support TSPs in reducing their burden to establish conformance of their policy to ETSI TS 119 411-1, 119 411-2, and 119 421 (or equivalent ENs to be subsequently published) and in meeting the Annex I and Annex II requirements of Dir.1999/93/EC as well as the requirements from Annex I and Article 24.2 (e) of [Reg.910/2014/EU].
1.2   European Regulation-specific
The main focus of this document is on the requirements in Article 24.2 (e) of [Reg.910/2014/EU] whilst still facilitating the meeting of requirements in Dir.1999/93/EC, Annex II (f). In considering [Reg.910/2014/EU] it is important to take into account the following requirements of particular relevance to TSP trustworthy systems:
a)   Article 24.2 (f) – “use trustworthy systems to store data provided to it, in a verifiable form so that:
(i)   they are publicly available for retrieval only where the consent of the person to whom the data relates has been obtained,
(ii)   only authorised persons can make entries and changes to the stored data,
(iii)   the data can be checked for authenticity”;
b)   Article 24.2 (g) – “take appropriate measures against forgery and theft of data”;
c)   Article 24.2 (h) – “record and keep accessible for an appropriate period of time, including after the activities of the qualified trust service provider have ceased, all relevant information concerning data issued and received by the qualified trust service provider, in particular, for the purpose of providing evidence in legal proceedings and for the purpose of ensuring continuity of the service. Such recording may be done electronically”;
d)   Article 24.2 (j) – “ensure lawful processing of personal data in accordance with Directive 95/46/EC”;
e)   Article 24.2 (k) – “in case of qualified trust service providers issuing qualified certificates, establish and keep updated a certificate database”;
f)   Article 24.3 – “If a qualified trust service provider issuing qualified certificates decides to revoke a certificate, it shall register such revocation in its certificate database and publish the revocation status of the certificate in a timely manner, and in any event within 24 hours after the receipt of the request. The revocation shall become effective immediately upon its publication”;
g)   Article 24.4 – "With regard to paragraph 3, qualified trust service providers issuing qualified certificates shall provide to any relying party information on the validity or revocation status of qualified certificates issued by them.

  • Technical specification
    56 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This European Standard specifies a protection profile for a secure signature creation device that may generate signing keys internally and communicate with the signature creation application in protected manner: secure signature creation device with key generation and trusted communication with signature creation application (SSCD KG TCSCA).

  • Standard
    24 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This European Standard specifies a protection profile for a secure signature creation device that may generate signing keys internally and export the public key in protected manner: secure signature creation device with key generation and trusted communication with certificate generation application (SSCD KG TCCGA).

  • Standard
    25 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This European Standard specifies a protection profile for a secure signature creation device with signing keys import possibility: SSCD with key import (SSCD KI).

  • Standard
    45 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This European Standard specifies a protection profile for a secure signature creation device that may generate signing keys internally: secure signature creation device with key generation (SSCD KG).

  • Standard
    42 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This European Standard contains packages that define security requirements for an authentication device. This document is Part 3. Part 1 and Part 2 are Protections Profiles - PP - based on the packages defined in this document. Packages contained in this document can be added in a Security Target - ST- claiming PP of Part 1 or Part 2.

  • Standard
    79 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This European Standard is a Protection Profile that defines the security requirements for an authentication device.

  • Standard
    50 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This European Standard is a Protection Profile that defines the security requirements for an authentication device.

  • Standard
    71 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This document contains a set of packages. These packages describe security functions that may be added to the core SCA PP prEN 419111-2:2013. The following packages are available:
-  Checker package
-  Certificate management package
-  Secure channel with SSCD package

  • Draft
    24 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This document is a Protection Profile that defines the security requirements for a Signature Creation Application. This is the core document, which means that only the security functions that are mandatory are included. The ST writer can include other security functions in his TOE. For this purpose, he can include some of those described in prEN 419111-3:2013.

  • Draft
    42 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This document is an introduction to EN 419111, the European Standard that contains Protection Profiles defining the security requirements for Signature Creation and Signature Verification applications.

  • Draft
    32 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This document contains a set of packages. These packages describe security functions that may be added to the core SVA PP prEN 419111-4:2013. The following packages are available:
-  Checker package
-  Certificate management package
-  Explicit SP management package

  • Draft
    26 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This document is a Protection Profile that defines the security requirements for a Signature Verification Application.

  • Draft
    38 pages
    English language
    sale 10% off
    e-Library read for
    1 day

1.1   General
This document specifies security requirements and recommendations for Trustworthy System Supporting Server Signing (TW4S) that generate advanced electronic signatures as defined in Directive 1999/93/EC. This document may also be applied to electronic signatures complying to Article 5(1) of Directive 1999/93/EC employing a Secure Signature Creation Device (SSCD) compliant with Annex III and supported by a qualified electronic signature.
The Server Signing Application (SSA) runs on a networked server supporting one or more signatories to remotely sign electronic documents using centralized signature keys held on the signing server under sole control of the signatory.
An SSA is intended to deliver to the user or to some other application process in a form specified by the user, an Advanced- or where applicable a Qualified - Electronic Signature associated with a Signer's Document as a Signed Data Object.
This document:
-   provides commonly recognized functional models of TW4S;
-   specifies overall requirements that apply across all of the services identified in the functional model;
-   specifies security requirements for each of the services identified in the SSA.
-   specifies security requirements for sensitive system components which may be used by the SSA (e.g. Signature Creation Device (SCDev)).
This document does not specify technologies and protocols, but rather identifies requirements on the security on technologies to be employed.
1.2   Out of scope
The following aspects are considered to be out of scope:
-   other trusted services that may be used alongside this service such as signature validation service, time-stamping service and information preservation service,
-   any application or system outside of the SSA,
-   the legal interpretation of any form of signature (e.g. the implications of countersignatures, of multiple signatures and of signatures covering complex information structures containing other signatures).
1.3   Audience
This document specifies security requirements that are intended to be followed by:
-   providers of SSA systems.
-   Trust Service Providers (TSP) offering signature generation service.

  • Technical specification
    26 pages
    English language
    sale 10% off
    e-Library read for
    1 day