electronic signatures legal status of qualified electronic signatures 1 "certification service...
TRANSCRIPT
Electronic Signatures
Legal Status ofQualified Electronic Signatures
11
"certification service provider"means
a natural or legal person
who issues
qualified certificates or qualified time stamps.
Definition according to section 2,paragraph 8 of the Electronic Signatures Act:
Electronic Signatures
Legal Status22
What is different about qualified signatures?
- Validity model(sections 16 and 19 of the Electronic Signatures Act)
- Algorithms (specified annually)
- Hardware compulsory (non-repudiation)
- Long-term verifiability (at least 5/35 years)
- National root certificate for accredited certification serviceproviders only
- Quality mark for accredited certification service providersonly
Section IS 15
ElectronicSignatures
RecognisesRecognised evaluation and certification bodies
BSI debis TÜVIT
Publishes
Federal Gazette/RegTP Official
Gazette/Internet
Evaluation andcertification bodies Proposes
AlgorithmsAlgorithms
Certify compliancewith the
Electronic SignaturesAct and Ordinance
Security concept
- Products- Management- Staff, etc
Technical components
- Signature creation device- Directory service- Time stamp service- Key generator, etc
Products
Certification serviceproviders
Signature key holders
AccreditsAccredits
Certification serviceproviders
Operates
National rootcertification authority
Competent Authority'skeys
Certifies
Certification serviceproviders
Electronic Signatures
Legal Status44
Enhanced quality through voluntary accreditation
Enhance the level of the certification services to be provided towards the levelsof trust, security and quality demanded by the evolving market.Electronic Signatures Directive, Recital 11
= Secure procedures, archivability, availability, etc
Voluntary accreditationArticle 2, paragraph 13 of the Electronic Signatures DirectiveSection 15 of the Electronic Signatures Act= Permission, setting out rights and obligations for the provision of certification services and granted at the request of the certification service provider concerned by the competent body. The certification service provider is not entitled to exercise the rights and obligations stemming from the permission until it has received the permission.
PermissionCompetent
bodyApplication Right to operate as accredited provider
Electronic Signatures
Legal Status55
EU Directive for Electronic Signatures
Continental European Approach Anglo-Saxon Approach
Prevention throughcomprehensive pre-implementation checks for- products,- technical, administrative and organisational aspects of certification activities, and- reliability and specialised knowledge of staff.
Ensuring adequate minimum level of - competition in the market, and- liability.
Liability depends on- ability and willingness to assume liability in cases of damage, and- recognised cases of damage.
Long-term problem
- Development costs (evaluation of products and security concepts)- More time-intensive in initial stages
"Teething problem"
Electronic Signatures
Legal Status66
Unregulated area – section 1(2)
Unregulated area – section 1(2)
Qualified electronic signatures (section 2 paragraph 3)
- Certification service providers:
Certification service providerssubject to
supervision
Certification service providersgranted
accreditation(can be made mandatory
in the public sector)
Legal status: equivalence with handwritten signatures(section 126a of the Civil Code)
Implementation in the Electronic Signatures Act
Electronic Signatures
Legal Status77
Time horizon
Developmental stage(Act and Ordinance)
Evaluation of products, proceduresand acceptance bodies
"Equivalence" ofelectronic signatures
1998
2000
1996
2001 Amendment of legislation requiringwriting as the legal form
Electronic Signatures Ordinance16 November 2001
Amendment of Formal Requirements Act1 August 2001
Electronic Signatures Act22 May 2001