esignature & electronic trust services ......‐ part 5: pp for cryptographic module for tsp...

ESIGNATURE & ELECTRONIC TRUST SERVICESESIGNATURE & ELECTRONIC TRUST SERVICES STANDARDISATION WORKSHOP – 3RD DECEMBER 2013

Work Progress for Phase 2 of m460 Mandate

© ETSI 2013. All rights reserved

Work Progress for Phase 2 of m460 Mandate

Presented by CEN & ETSI

Agenda

Introduction

Key points & new items in each Area0. Rationalised Framework

1. Signature creation and validation

2 Signature creation & other related devices2. Signature creation & other related devices

3. Cryptographic suites

4. TSPs supporting electronic signatures

5. Trust Application Service Providers

6. Trust service status list providers

Testing conformance & interoperability

Conclusions and next steps

© ETSI 2013. All rights reserved2

m460 scope & objectives

Easier implementation & use of eSignatures and related trust services by Business stakeholders

Objectives (focusing on cross‐border interoperability & usability)• Business practices oriented/driven standardsp /

• True international standards wanted (EN & even beyond)

• Covering all eSignature product/service categories

Policy & Security Requirements

Guidance

Technical Specifications

Conformity Assessment

Testing Conformance & Interoperability

• Improved guidance and implementation guidelines

• Improved promotion and marketing

• Improved maintenance


• Full referencing by future Regulation / Secondary legislation

M/460 Phase 1 – Output summary

Objectives: Rationalised structure:Objectives:Inventory

Rationalised structure

G A l iTrust ApplicationService Providers5

TSPs supporting eSignature 4

Trust Service Status Lists Providers6

Gap Analysis

Work Programme

Quick fixes Signature Creation &Validation

1

Service Providers5eSignature 4

& Validation

Signature Creation & other related Devices

2Cryptographic

Suites3

0

C i b i ( 19 000 i )

Introductory deliverables0

Consistent numbering (x19 000 series):

DD L19 xxx-zFunctional Area & Sub‐Area


Functional Area & Sub Area

Document typePolicy & Security Requirements

Guidance

Conformity Assessment


Technical Specifications

m460 Rationalised Framework

List of TSP services approved (supervised)6 approved (supervised) by National Bodies (e.g. Trusted lists)

TSP issuing certificates

hi T t A li tiTSP ti


eDelivery / Reged email

Long term preservation

Time Stamping Authies

Signing Services

Validation Services

Trust ApplicationService Providers5


XAdES

CAdES

PAdES

AdES in mobile envmt

Rules & procedures

Formats

Signature creation / lid ti li ti

Signature Creation & V lid ti

1

AdES in mobile envmt

ASiC (containers)validation application protection profiles

CC Protection Profiles Key generation

& Validation

Signature C t hiSmart Cards

HSM’s

Signing Services

y g

Hash functions

Signature algorithsm

Parameters, …

Signature Creation & other related Devices

2Cryptographic

Suites3

0



Area 0 ‐ Rationalized Framework(introductory deliverables)(introductory deliverables)


Framework documents

Phase 1 resulted in Rationalized Framework (SR 001 604)

Phase 2 work in progressp g• Updating Rationalised framework document (TR 119 000)

• Study on Extended Rationalised structure incl. identification & authentication (TR 419 010)

• Study on Rationalised Framework of Stds for AdES in Mobile environments (SR 019 020)y ( )

• Guidelines for SMEs & citizens (TR 419 030 & TR 419 040)

• Document centralising definitions and abbreviations (TR 119 001)

Rationalised structure for Electronic Signature Standardisation Sub‐areas

GuidanceTR 1 19 0 0 0 Rationalised structure for Electronic Signature StandardisationTR 4 19 0 1 0 Rationalised structure for Electronic Signature Standardisation:

Extended Rationalised structure including IASSR 0 19 0 2 0 Rationalised structure for Electronic Signature Standardisation:

Rationalised Framework of Standards for AdES in Mobile environmentsTR 4 19 0 3 0 Rationalised structure for Electronic Signature Standardisation:

Best practices for SMEsTR 4 19 0 4 0 Rationalised structure for Electronic Signature Standardisation:

Quite all the documents in this area are new!


Guidelines for citizensPolicies

TR 1 19 0 0 1 Rationalised Framework for Electronic Signature Standardisation: Definitions and abbreviations

About extending the Framework

Rationalized Framework to be extended to authentication and identification• TR 419 010

• Authentication and identification are central of the proposal for the replacement ofthe proposal for the replacement of 1999/93/EC: eIDAS regulation

• Driven by authentication assurance levels (ISO, NIST STORK)NIST, STORK)

8 © ETSI 2013. All rights reserved

About extending the Framework

Rationalized Framework to be extended to mobile environment• SR 019 020

• “Mobile” (mobility driven) device is everywhere and is a perfect vector for IAS deploymentand is a perfect vector for IAS deployment

• The document describes • Scenarios for local signing and remote signing

• Life cycle management

• List of standardization requirements

• Further standardization workFurther standardization work

• The document is to be consistent with CEN work

• Included support for other distributed


environments

About guidelines

Contribute to improve business practices orientation

and implementation guidance for each of the e‐

signature standardization area of the framework

O id li f SME ( )One guidelines for SMEs (TR 419 030)

One guidelines for citizens (TR 419 040)

A business driven implementation guidance perA business driven implementation guidance per area (TR 119 x00 series)

Business Requirements Analysis dRi kA tand Risk Assessment

Business Modeling

Policy and Security RequirementsManagementRequirements Management

Scoping business driven parameters for implementation

Iterativeprocess


Specifying technical mechanisms and standards

Area 1 – Signature creation and validation


Signature Creation & Validation

Phase 1 Quick fixes

Phase 2 work in progress• Business driven guidance for implementation (new – TR 119 100)

• Policy requirements for Sig Creation / Validation Applications (new TS 119 101)• Policy requirements for Sig. Creation / Validation Applications (new – TS 119 101)

• Protection Profiles for Sig. Creation / Validation Applications (new – EN 419 111)

• Signature formats (core + baseline) to EN’s

• revisions

• Signature Creation / Validation procedures

• New ‐ EN 319 102

• Signature Policies

• New/reviewed – TS 119 172

• Conformity Assessment for SCA / SVAConformity Assessment for SCA / SVA

• New – EN 419 103

• Testing Conformance & Interoperability

• Signature formats TS 119 1x4


• Signature formats – TS 119 1x4

• Signature Policies – TS 119 174

Technical Specificationson Signature Policyon Signature Policy

EN 319 172-1. Signature Policy

Signature Policy • Signature Policy concept.• Main components of a Signature Policy.

EN 319 172-2. XML Format

a co po e ts o a S g atu e o cy.• Methodology for designing a Signature Policy

(close to ETSI TR 119 100).• Normalized structure for a Signature Policy.

EN 319 172-3. ASN.1 Formatg y

• Human being consumption format

Structured formats forStructured formats for computer consumption.

Implementers Signature Policy


issuers

Technical Specifications on Formats

CAdES

EN 319 122-1. Core Specification

EN 319 122-2. Baseline Profile


XAdES

ImplementersEN 319 132-2. Baseline Profile

EN 319 142 1 F k

PAdESEN 319 142-1. Framework

EN 319 142 6 B li P fil

. . . . . .EN 319 142-5. Visual representation

EN 319 142-6. Baseline Profile

EN 319 162 1 Core Specification

ASiCTechnical approach:

Respect legacy (not disruptive)



EN 319 162-2. Baseline Profile react to stakeholders’ requests.

Technical Specification on Procedures for signature creation and validationfor signature creation and validation

EN 319 102: Procedures for signature Creation and Validation Implementers (signer)

Procedures for signature creation

Procedures for signature validation

AdES signatures lifecycle

Sign request

Implementers (verifier)

Sign response

Implementers (verifier)

Signing/Validation Services Providers

Validate request

✔V lid t


✔Validate response.

Conformity Assessment of SCA/SVA’s

ImplementersAuditorsEN 319 101:Policy Requirements forSignature Creation and Validation pAuditorsControl Objectives & Controls

Legal Driven Policy Reqs.

g

ISMS Reqs.

Si C ti RCAG Sig. Creation Reqs.

Development & coding Reqs.

General Reqs.

CAGEN 419 103

Signature Creation / Validation Applications

Protection ProfilesStandaloneSCA/SVA

Protection Profilesfor SCA/SVA’s

(EN 419 111)

Signature Policies Serverbased(TS 119 172)

Sig. Creation & Validation Procedures(EN 319 102)

basedSCA/SVA

Catalyzing toolkit

I t bilit

Signature Formats (EN 319 1x2)

X/C/PAdES & ASiC& b li

(EN 319 102) Interoperability test events and specifications

Conformance d


core & baseline specs

Crypto Suites(TS 119 312)

test events and specifications

Area 2 – Signature creation and other related devices


Sig. Creation & other related devices

Phase 1 resulted in a work plan including new topics and revision and maintenancePhase 1 resulted in a work plan including new topics and revision and maintenance of existing documents• Protection Profiles for SSCD (Phase 1), EN 419 211

Signature creation and other related devicesSub‐areas

GuidanceTR 4 19 2 0 0 Business Driven Guidance for Signature Creation and Other Related Devices

Policy & Security RequirementsEN 4 19 2 1 1 Protection Profiles for Secure Signature Creation Device (SSCD)

‐ Part 1: Overview‐ Part 2: SSCD ‐ PP ‐ Device with Key Generation

Phase 2 work in progress• Business driven guidance

• Protection Profiles ‐ Part 3: SSCD ‐ PP ‐ Device with Key Import ‐ Part 4: SSCD ‐ PP ‐ Extension for Device with Key Generation and trusted communication with certificate generation application ‐ Part 5: SSCD ‐ PP ‐ Extension for Device with Key Generation and trusted communication with signature creation application ‐ Part 6: SSCD ‐ PP ‐ Extension for Device with Key Import and trusted communication with signature creation application

EN 4 19 2 2 1 Security requirements for trustworthy systems managing certificates for electronic signature ‐ Part 1: OverviewP t 2 PP f C t hi d l f CSP i i ti ith b k hi h it l l

• New (Time Stamping EN 419 231)

• Move to EN (PP crypto module EN 419 221 & 419 261, Security

‐ Part 2: PP for Cryptographic module for CSP signing operations with backup ‐ high security level ‐ Part 3: PP for Cryptographic module for CSP key generation services ‐ high security level ‐ Part 4: PP for Cryptographic module for CSP signing operations ‐ high security level ‐ Part 5: PP for Cryptographic module for TSP signing and authentication ‐ moderate security level

EN 4 19 2 3 1 Protection Profile for trustworthy systems supporting time‐stamping

EN 4 19 2 4 1 Trustworthy Systems supporting Server SigningEN 4 19 2 5 1 Security Requirements for Device for Authentication

‐ Part 1: Protection Profile for core functionality ‐ Part 2: Protection Profile for extension for trusted channel to certificate generation application

requirements for server signing EN 419 241)

• Evaluation & Certification (PP DAUTH EN 419 251) ‐ Part 3: Additional functionality for security targets

EN 4 19 2 6 1 Security Requirements for Trustworthy Systems Managing Certificates for Electronic SignaturesTechnical Specifications

EN 4 19 2 1 2 Application Interfaces for Secure Signature Creation Devices‐ Part 1: Introduction‐ Part 2: Basic services for electronic signatures‐ Part 3: Additional Services in the context of electronic signatures‐ Part 4: Context specific authentication protocols for SSCDs

Conformity Assessmentf f d h

EN 419 251)

• Application Interfaces for SSCDs EN 419 212

• Mobile device study (new)


EN 4 19 2 0 3 Conformity Assessment of Secure Devices and Trustworthy systemsTesting Conformance & Interoperability

‐ ‐ ‐ ‐ ‐ no requirement identified

• Mobile device study (new)

• Conformity assessment EN 419 203 (New)

About Protection Profiles

New Time Stamping protection profile ‐ EN 419 231p g p p

Trustworthy systems supporting time‐stamping

Proposal for new HSM protection profile ‐ EN 419 221‐5 Part 5 Cryptographic Module for Trust ServicesPart 5 Cryptographic Module for Trust Services

Server signingServer signing security

i TS 419 241

Cryptographic Suites

Cryptographic Suites

requirements TS 419 241Phase 1: TS approved

(Sep. 2013)

Phase 2: Completion and

SCDev

SSA

SignerSCD

Components

Su tes Suites

Phase 2: Completion and publication as EN

Proposal for new server signing protection profile – EN

Policies

Certificates Database

419 241‐2&3Protection profiles for Trustworthy systems generating Qualified

Server OS


generating Qualified Electronic Signature

About SSCD and smart card

Trustworthy systems ‐ EN 419 212Trustworthy systems EN 419 212New introduction part

Highlighting market requirements: mobile, ID‐cards and ID‐tokens, g g g q , ,contactless cards, digital money, server based signatures, driver's license, health cards, home banking

Highlighting new technologies: blind signatures pseudonymousHighlighting new technologies: blind signatures, pseudonymous signatures, derived credentials

:New structure reflecting the new EC Regulation eIDAS

A new part for device authentication

A new part for privacyA new part for privacy


Other documents

Study for additional protection profiles or otherStudy for additional protection profiles or other form of security certification and security evaluation processes may be required, to

h h ff h l l l fensure that they offer the relevant level of security, for other types of devices such as, e.g.:• Mobile phones with hardware‐based securityMobile phones with hardware based security

(e.g. SE, TEE).

• HSM being recognised as an SSCD.

• SSCD used for mass signing operations (e.g. for signing a series of documents).

T b i t t ith WG16 d WG17 kTo be consistent with WG16 and WG17 work.

To be consistent with SR 019 020 “AdES in mobile environment”mobile environment .


Area 3 – Cryptographic suites


Cryptographic suites

Cryptographic SuitesbPhase 1 resulted in updating

TS 102 176‐1

Sub‐areasGuidance

TR 1 19 3 0 0 Business Driven Guidance for Cryptographic SuitesTechnical Specifications

TS 1 19 3 1 2 Cryptographic Suites for Secure Electronic SignaturesT i C f & I bili

Phase 2 work in progress• Updating “Cryptographic suites” document (TS 119 312)

• Maintenance to be ensured by ETSI for next 3‐4 years

Testing Conformance & Interoperability‐ ‐ ‐ ‐ ‐ no requirement identified

Maintenance to be ensured by ETSI for next 3‐4 years

• Reference Table for signature suites (TS 119 312 – Sep. 2013)


• Business driven guidance (TR 119 300)

Area 4 – TSPs supporting electronic signatures


TSPs supporting electronic signatures

Main activitiesTSPs Supporting Electronic Signatures and related services

Sub‐areasGuidance

TR 1 19 4 0 0 Business Driven Guidance for TSPs Supporting Electronic Signatures

Business Guidance (TR 119 400)

TSP Conformity Assessment

Policy & Security RequirementsEN 3 19 4 0 1 General Policy Requirements for TSPs Supporting Electronic SignaturesEN 3 19 4 1 1 Policy & Security Requirements for TSPs Issuing Certificates

EN 3 19 4 2 1 Policy & Security Requirements for TSPs providing Time‐Stamping Services

EN 3 19 4 3 1 Policy & Security Requirements for TSPs providing Signature Generation Services

EN 3 19 4 4 1 Policy & Security Requirements for TSPs providing Signature Validation Services

Technical SpecificationsEN 3 19 4 1 2 Profiles for TSPs issuing Certificates

EN 3 19 4 2 2 Profiles for TSPs providing Time‐Stamping servicesy• Draft EN 319 403

TSP Policy requirements

EN 3 19 4 3 2 Profiles for TSPs providing Signature Generation ServicesEN 3 19 4 4 2 Profiles for TSPs providing Signature Validation Services

Conformity AssessmentEN 3 19 4 0 3 Trust Service Provider Conformity Assessment ‐ Requirements for conformity assessment bodies assessing Trust

Service ProvidersEN 3 19 4 1 3 Conformity Assessment for TSPs Issuing Certificates

EN 3 19 4 2 3 Conformity Assessment for TSP providing time‐stamping services

EN 3 19 4 3 3 Conformity Assessment for TSPs providing Signature Generation ServicesEN 3 19 4 4 3 Conformity Assessment for TSPs providing Signature Validation Services

• Revised EN 319 401: General requ’t

• Revised EN 319 411‐2 & ‐3 Qualified and other public key certificates

d f b f

Testing Conformance & Interoperability‐ ‐ ‐ ‐ ‐ no requirement identified for such a document

• New draft EN 319 411‐1 Web site certificates

• New draft EN 319 411‐4 Attribute certificates

• New draft EN 319 421 Time‐stampingNew draft EN 319 421 Time stamping

Certificate and time‐stamp profiles• Draft EN 319 412‐1 to ‐5 Certificates (natural, legal, web, qualified)


( , g , , q )

• Draft EN 319 422 Time‐stamping

Policy requirements document structuredocument structure

EN 319 401General Policy Requirements for TSPs

EN 319 411-1P li R t

EN 319 411-2P li R t

EN 319 411-3P li R t

EN 319 411-4P li R t

EN 319 421P li R tPolicy Reqmts

for CAs issuing website

certificates

Policy Reqmtsfor CAs issuing

qualified certificates


public key certificates


attribute certificates

Policy Reqmtsfor TSPs

providing time-stamping

…

CAB Forum

p gservices

(qualified & non-qualified)

Web cert Guide


TSP Conformity Assessment Model: Regulatory AdoptionRegulatory Adoption


TSP Conformity Assessment Model: Non‐Regulatory AdoptionNon Regulatory Adoption

TrustedLists


Key points

Global Adoption of TSP standards: Already used in majority of EU, North Africa, Japan CA Browser Forum etcJapan, CA Browser Forum, etc.

TSP Conformity Assessment (Audit)aligned with existing schemes• Aligned with standards (ISO 17065, 17021, 27006)

Fit i i ti EU id l ti (765/2008)• Fits in existing EU wide regulations (765/2008)

TSP Security requirements likely to need regular updates taking into account incident reports


Area 5 – Trust Application Service Providers


Trust Application Service Providers

i i i iTrust Application Service Providers

Sub‐areasGuidance

Main activities

• Business Guidance (TR 119 500)

TR 1 19 5 0 0 Business Driven Guidance for Trust Application Service ProvidersSR 0 19 5 3 0 Study on standardisation requirements for e‐Delivery services applying e‐Signatures

Policy & Security RequirementsEN 3 19 5 1 1 Policy & Security Requirements for Registered Electronic Mail (REM) Service ProvidersEN 3 19 5 2 1 Policy & Security Requirements for Data Preservation Service Providers (DPSPs)

Technical SpecificationsEN 3 19 5 1 2 Registered Electronic Mail (REM) ServicesEN 3 19 5 2 2 Data Preservation Services through signing

Conformity AssessmentEN 3 19 5 1 3 Conformity Assessment for REM Service ProvidersEN 3 19 5 2 3 Conformity Assessment of Data Preservation Service Providers

• Study on e‐Delivery standardisationneeds (SR 019 530)

Testing Conformance & InteroperabilityTS 1 19 5 0 4 General requirements for Testing Conformance & Interoperability of TASPsTS 1 19 5 1 4 Testing Conformance & Interoperability of REM Service Providers

• Addressing e‐Delivery services as defined in Regulation proposal

• Identify standards required to be Electronic Deliver abstract model

SR 019 530: Rationalised Frameworkof Standards for Electronic Delivery

Identify standards required to be produced

• Define scope and purported contents

Analysis of standardisation statusfor e-Delivery components

Proposed Framework of Standards

• Raise recommendations Amended Framework of Standards for Registered e-Mail

Proposal for e-Delivery standardisation activities


sta da d sat o act t es

DraftedBeing drafted

Area 6 – Trust Service Status Lists Service Providers


TSLs & Trusted Lists

Phase 2 work in progressp g

• Business driven guidance (TR 119 600)

• Testing conformance & interoperability (TS 119 614)g p y ( )

Trusted Lists (TS 119 612)

V1 1 1 bli h d J 2013• V1.1.1 published June 2013

• Referenced by CD 2009/767/EC (amended 14/10/2013)

• Allow non‐EU countries and International organisations to set‐up TL’s in order to facilitate (mutual) recognition of “approved” trust services

• Tools available:

• TLManager (EC – Joinup)Trust Service Status Lists Providers

Sub‐areasTLManager (EC Joinup)

• TL Conformance Tester (ETSI)Guidance

TR 1 19 6 0 0 Business Driven Guidance for Trust Service Status Lists ProvidersPolicy & Security Requirements

EN 3 19 6 0 1 General Policy & Security Requirements for Trust Service Status Lists Providers (TSSLPs)EN 3 19 6 1 1 Policy & Security Requirements for Trusted Lists Providers

Technical SpecificationsTS 1 19 6 0 2 Trust Service Status Lists FormatTS 1 19 6 1 2 Trusted Lists


Conformity AssessmentEN 3 19 6 0 3 General requirements and guidance for Conformity Assessment of TSSLPsEN 3 19 6 1 3 Conformity Assessment of Trusted List Providers

Testing Conformance & InteroperabilityTS 1 19 6 0 4 General requirements for Testing Conformance & Interoperability of TSSLPsTS 1 19 6 1 4 Testing Conformance & Interoperability of Trusted Lists


Generate a Special Report detailing activities related to testing interoperability and conformity to be run during theand conformity to be run during the implementation and deployment of the Rationalised Framework of Electronic Signatures (RF henceforth).

Production of a set of Technical Specifications defining test suites for testing interoperability and conformity

i t t d d f th RFagainst core standards of the RF.

Design and implement a set of conformity testing toolstesting tools.


“Tools” within the Rationalised FrameworkFramework

TS 119 1X4 & 614 are the basis for creating a Toolbox for Testing

TS 119 1X4 & 119 614C f Interop test cases

creating a Toolbox for Testing

Requirements for testing conformanceConformance

CheckersInterop test cases

definitions

Test suites for testing interoperability

(C/X/P/)AdES, ASiC, TLs

Tools for testing conformance of signatures against (C/P/X)AdES, ASiC and EUMS TLs against EN 319 612

ANDTest suites for testing interoperability of applications generating,

upgrading and validating (C/P/X)AdES and ASiC


ARE DEPLOYED IN AN ETSI PORTAL FOR SUPPORTING REMOTE INTEROP AND CONFORM.

CHECK EVENTS

Remote testing interoperability

ETSI Electronic Signatures Portal

<?xml version="1.0" encoding="utf-8"?><SignatureRequest>

Signatures Portal

Test suites for interoperability

1.Download material

… … … … … …<UnsignedAttributes>

<ArchiveTimeStampV3/></UnsignedAttributes>

interoperability

Scripts for ex- ✗Scripts for ex-Changing signatures and validation reportsAND

✗✗

✗

building interop. matrixes

4. Validate (& upgrade)

7. Validate


Testing Conformance remotely

ETSI Electronic Test assertions

derived from

Signatures PortalETSI TS

Conf. Checkers

Scripts for l di iuploading signs.

And feeding conformance checkers Trace details of certain computations that

may help implementers to identify sources

of interop. Problems (like archive time‐stamps’ message imprints computations)

© ETSI 2013. All rights reserved

Full report on every test assertion evaluation result

Testing interoperability & conformancePlans.Plans.

Published Special Report SR 003 186 formalizing plans for:Organization, definition and conduction of test events in the next two and a half years.

Scheduling of Technical Specifications and the software tools production will mainly depend on the plans formalized for the testproduction will mainly depend on the plans formalized for the test events.

Schedule available fromSchedule available from • ETSI Publications Download Area:

http://pda.etsi.org/pda/queryform.asp

© ETSI 2013 All rights reserved39

Conclusions and next steps


Conclusions & Challenges

Complete and Rationalised Framework for standards

• Addressing both security & interoperability

• Business oriented/driven

• Focused on cross‐border interoperabilityTrust ApplicationService Providers5



• Focused on cross‐border interoperability

• Targeting easier implementation

• Mapped to legal requirements

Signature Creation & Validation

1

Signature Creation & other 2

Cryptographic Suites3

• Aligned with global standards and practices

… meeting stakeholders’ needs

related DevicesSuites


g• Growing adoption by the market

• Ready for referencing by eIDAS secondary legislation as reference standards


Website & Stakeholders mailing list

www.e‐signatures‐standards.euwww.e signatures standards.eu

Stakeholders mailing list:


• Subscription via above website

(via “Subscribe to the newsletter”).

Useful links

e‐Signature Standards Portal: http://www.e‐signatures‐standards.eu

STF web pages• STF 457: http://portal.etsi.org/STFs/STF_HomePages/STF457/STF457.asp

• STF 458: http://portal.etsi.org/STFs/STF_HomePages/STF458/STF458.asp

• STF 459: http://portal etsi org/STFs/STF HomePages/STF459/STF459 asp• STF 459: http://portal.etsi.org/STFs/STF_HomePages/STF459/STF459.asp

ETSI Publications Download Area: http://pda.etsi.org/pda/queryform.asp

ETSI Electronic Signatures Portal:http://xades‐portal.etsi.org/pub/index.shtmlhttp://xades portal.etsi.org/pub/index.shtml

Standardisation mandate m460 to CEN and ETSI on electronic signatureshttps://ec.europa.eu/digital‐agenda/en/news/standardisation‐aspects‐esignatures

Study on Cross‐Border Interoperability of eSignature (CROBIES) ‐ (2008‐2010): y p y g ( ) ( )

https://ec.europa.eu/digital‐agenda/en/news/crobies‐study‐cross‐border‐interoperability‐esignatures‐2010

European Commission page on EU Member States Trusted Lists: https://ec.europa.eu/digital‐agenda/en/eu‐trusted‐lists‐certification‐service‐providersp p g g p

Revision aspects of European electronic signature Directive 1999/93/EC & Draft proposal for a Regulation "on electronic identification and trusted services for electronic transactions in the internal market": https://ec.europa.eu/digital‐agenda/en/trust‐services

Studies on an electronic identification, authentication and signature policy (2011‐2012, 2013): http://iasproject.eu/home.html


esignature & electronic trust services ......‐ part 5: pp for cryptographic module for tsp...

Documents