Certification of the conformity of QSCDs for server-signing with the requirements laid down in Annex II of Regulation (EU) No.

Similar documents
CEN TC224 esign activities ETSI Security workshop 2013/01/16. Beatrice PEIRANI, GEMALTO Expert ETSI STF 425, CEN WG16

Guidelines Cooperation between authorities under Articles 17 and 23 of Regulation (EU) No 909/2014

COMMISSION DELEGATED REGULATION (EU) /... of XXX. on the classification of the frost resistance performance for clay tiles under EN 1304

1. Terms defined in the Construction Products Regulation (CPR)

COMMISSION DELEGATED REGULATION (EU) /... of

CEN/TR :2017. Framework for standardization of signatures - Extended structure including electronic identification and authentication

COMMISSION DELEGATED REGULATION (EU) /... of

DGG 1B EUROPEAN UNION. Brussels, 2 December 2016 (OR. en) 2016/0355 (COD) PE-CONS 51/16 EF 338 ECOFIN 1031 CODEC 1639

Implementation of the Construction Products Regulation (CPR) in harmonized standards - Template for Annex ZA -

COMMISSION DELEGATED REGULATION (EU)

Implementation of the Construction Products Regulation (CPR) in harmonized standards - Template for Annex ZA -

BUSINESS PLAN CEN/TC 305 POTENTIALLY EXPLOSIVE ATMOSPHERES EXPLOSION PREVENTION AND PROTECTION EXECUTIVE SUMMARY

COMMISSION DELEGATED REGULATION (EU) /... of XXX

Official Journal of the European Union. (Non-legislative acts) REGULATIONS

CEN TC 10 (Lifts, escalators and moving walks) Introduction to EN 81-20/50 (revision of EN 81-1/2)

COMMISSION DELEGATED REGULATION (EU) /... of XXX

A Notification under Article 12 of Regulation (EU) No 1025/2012 1

REDCA update on the RED. Days to go. 17 May 2017

CEN standardization work on refrigerating systems, especially standard EN 378

Standards and Standardisation. An Overview

FAQs Radio Equipment Directive (RE-D)

(recast) (Text with EEA relevance) out the conformity assessment procedure. Conformity 20 February 2014.

On , CCMC received a proposal from DIN for the creation of a new Technical Committee in the area of Food Authenticity (see Annex 1).

EUROPEAN UNION. Brussels, 13 February 2014 (OR. en) 2011/0357 (COD) PE-CONS 54/13 ENT 190 MI 550 CONSOM 128 COMPET 470 CODEC 1481

COMMISSION IMPLEMENTING REGULATION (EU) /... of XXX. on the European Rail Traffic Management System European deployment plan

Explosiv atmosfär Tillämpning av kvalitetssystem. Potentially explosive atmospheres Application of quality systems

Single Market : regulatory environment, standardisation and New Approach Pressure equipment, medical devices, metrology M/327

GNB-CPR Position Paper: Issuance of certificates under CPR

RULEBOOK ON ELECTROMAGNETIC COMPATIBILITY

Regulation 574_2014: Annex III CPR. and. Regulation 568_2014: Annex V CPR

This document is a preview generated by EVS

CE marking of noise barriers and foundations

DIRECTIVE 2014/34/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

PACKAGING - REQUIREMENTS FOR PACKAGING RECOVERABLE BY MATERIAL RECYCLING STANDARD I.S. EN 13430:2004. Price Code

European Technical Assessment. ETA-15/0352 of 12 April English translation prepared by DIBt - Original version in German language.

COMMISSION DELEGATED REGULATION (EU) /... of XXX

(Text with EEA relevance)

English Version. Daylight of buildings

European Technical ETA-07/0025 Assessment of 9 December 2016 General Part

European Technical ETA-11/0080 Assessment of 9 February 2016 General Part

European Technical Assessment. ETA-05/0069 of 5 August English translation prepared by DIBt - Original version in German language.

(Publication of titles and references of harmonised standards under Union harmonisation legislation) (Text with EEA relevance) (2016/C 054/02)

(Publication of titles and references of harmonised standards under Union harmonisation legislation) (Text with EEA relevance) (2018/C 209/02)

Conformity assessment procedures for the Alarm Components Scheme

This document is a preview generated by EVS

COMMISSION IMPLEMENTING REGULATION (EU) No /.. of [dd mm yyyy]

COMMISSION DELEGATED REGULATION (EU) /... of

BUSINESS PLAN CEN/TC 160 PROTECTION AGAINST FALLS FROM A HEIGHT INCLUDING WORKING BELTS EXECUTIVE SUMMARY

COMMISSION IMPLEMENTING REGULATION (EU) /... of XXX

BUSINESS PLAN CEN/TC 249 PLASTICS

BUSINESS PLAN CEN/TC 58 SAFETY AND CONTROL DEVICES FOR BURNERS AND APPLIANCES BURNING GASEOUS OR LIQUID FUELS EXECUTIVE SUMMARY

FINAL DRAFT RTS CORRECTING DELEGATED REGULATION (EU) 528/2014 & 604/2014 EBA/RTS/2015/ July Final Report

COMMISSION REGULATION (EU) No /.. of

BUSINESS PLAN CEN/TC 10 LIFTS, ESCALATORS AND MOVING WALKS EXECUTIVE SUMMARY

European Technical Assessment. ETA-05/0120 of 14 February English translation prepared by DIBt - Original version in German language

COUNCIL DIRECTIVE of 1 December 1986 on airborne noise emitted by household appliances (86/594/EEC)

BUSINESS PLAN CEN/TC 162 PROTECTIVE CLOTHING INCLUDING HAND AND ARM PROTECTION AND LIFEJACKETS EXECUTIVE SUMMARY

This document is a preview generated by EVS

This document is a preview generated by EVS

COMMISSION DELEGATED REGULATION (EU) /... of

Official Journal of the European Union

Co-ordination of the Group of Notified Bodies for the Construction Products /Regulation 305/2011/EU

Standardization in the Construction Sector Sustainability assessment and Environmental Product Declarations

EAK AKREDITEERITAVAD TAVAD VASTAVUSHINDAMISMENETLUSED EAK INF1 2016

Confused by standards Standards for social alarms

Retention of Conformity Following Modifications of Software at the Example of Fire Alarm Equipment Industry Requirements

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS

Council of the European Union Brussels, 5 September 2017 (OR. en) Mr Jeppe TRANHOLM-MIKKELSEN, Secretary-General of the Council of the European Union

Council of the European Union Brussels, 21 March 2017 (OR. en) Mr Jeppe TRANHOLM-MIKKELSEN, Secretary-General of the Council of the European Union

Electromagnetic compatibility (EMC)

Record of Amendments. Version Date Amendment Section/page affected

9 Standards, Regulations and Authorities

COMMISSION DELEGATED REGULATION (EU) No /.. of

European Technical ETA-07/0142 Assessment of 9 December 2016 General Part

BUSINESS PLAN CEN/TC 159 HEARING PROTECTORS EXECUTIVE SUMMARY

This document is a preview generated by EVS

CE MARKING OF WOOD-BASED PANELS

ÍST EN :2015. Gildistaka ICS: 53.06

BLUE ANGEL The German Ecolabel Stationary air conditioners DE-UZ 204 Basic Award Criteria Edition August 2016 Version 1

European Technical ETA-07/0135 Assessment of 9 December 2016 General Part

This document is a preview generated by EVS

Request for tender regarding the validation of ammonia testing methods as supplement to pren 16516

DRAFT COMMISSION DELEGATED REGULATION (EU) / of XXX

Gas Appliances Directive - Advisory Committee. Comité Consultatif de la Directive Appareils a Gaz

Council of the European Union Brussels, 30 September 2015 (OR. en)

Stanley Black & Decker Deutschland GmbH Richard-Klinger-Straße Idstein DEUTSCHLAND. Manufacturing plant Manufacturing Plant 4 and Plant 9

BUSINESS PLAN CEN/TC 208 ELASTOMERIC SEALS FOR JOINTS IN PIPEWORK AND PIPELINES EXECUTIVE SUMMARY

ICS ; Supersedes CEN ISO/TS :2005. English Version

Council of the European Union Brussels, 23 August 2017 (OR. en) Mr Jeppe TRANHOLM-MIKKELSEN, Secretary-General of the Council of the European Union

This document is a preview generated by EVS

Table of Contents for the REGULATION (EU) 2017/745 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 5 April 2017

PETROLEUM AND NATURAL GAS

European Technical ETA-12/0607 Assessment of 18 January 2018 General Part

DECLARATION OF PERFORMANCE. DoP: 0124 for fischer Ceiling Anchor FDZ (Metal anchors for use in concrete (light-duty type)) EN

This document is a preview generated by EVS

ISO INTERNATIONAL STANDARD. Plastics piping systems for hot and cold water installations Crosslinked polyethylene (PE-X) Part 1: General

Shipboard incinerators with capacities up to 4000 kw

This annex is valid from: to Replaces annex dated: Location(s) where activities are performed under accreditation

Council of the European Union Brussels, 25 October 2017 (OR. en) Mr Jeppe TRANHOLM-MIKKELSEN, Secretary-General of the Council of the European Union

Council of the European Union Brussels, 28 June 2017 (OR. en) Mr Jeppe TRANHOLM-MIKKELSEN, Secretary-General of the Council of the European Union

Transcription:

Certification of the conformity of QSCDs for server-signing with the requirements laid down in Annex II of Regulation (EU) No. 910/2014 Version 1.0 Date 14.09.2017 Designated Body SRC Security Research & Consulting GmbH Emil-Nolde-Straße 7 53113 Bonn

Document revisions Version Date Amendments Author 0.1 11.09.2017 First internal version SRC 0.2 12.09.2017 Quality Assurance SRC 1.0 14.09.2017 First version SRC 14.09.2017 SRC Security Research & Consulting GmbH Seite 2 von 8

Contents Document revisions... 2 Contents... 3 1 Introduction... 4 2 Security Evaluation Process... 5 3 References... 7 4 List of acronyms... 8 14.09.2017 SRC Security Research & Consulting GmbH Seite 3 von 8

1 Introduction For the certification of the conformity of qualified electronic signature creation devices and qualified electronic seal creation devices (QSCD 1 ) with the requirements laid down in Annex II of the eidas regulation [eidas] the EU commission has adopted the Commission Implementing Decision (EU) 2016/650 [CID (EU) 2016/650]. The corresponding Annex consists of a list of standards to be used for the security evaluation process, where the electronic signature resp. seal creation data is held in an entirely but not necessarily exclusively usermanaged environment ([CID (EU) 2016/650], Article 1 (1)). In the case where a qualified trust service provider manages the electronic signature resp. seal creation data on behalf of a signatory resp. of a creator of a seal, the certification of such products shall be based on a process that, pursuant to Article 30(3)(b), uses security levels comparable to those required by Article 30(3)(a) and that is notified to the Commission by the public or private body referred to in paragraph 1 of Article 30 of Regulation (EU) No 910/2014 ([CID (EU) 2016/650], Article 1 (2)). Based on this situation the designated certification body SRC Security Research & Consulting GmbH notifies to the Commission a security evaluation process for the certification of QSCDs to be used for the so-called server-signing scenario. Remark: SRC Security Research & Consulting GmbH is one of the German s designated certification bodies as stated in the list of certified qualified electronic signature creation devices and qualified electronic seal creation devices (cf. [EU QSCD list], section GERMANY (DE)). 1 In the following the abbreviation QSCD is used for both, qualified signature creation devices as well as qualified seal creation devices 14.09.2017 SRC Security Research & Consulting GmbH Seite 4 von 8

2 Security Evaluation Process The security evaluation process notified to the Commission consists of a security evaluation according to the ISO/IEC 15408 Evaluation criteria for IT-Security (Common Criteria Evaluation, cf. [ISO/IEC 15408-1], [ISO/IEC 15408-2], [ISO/IEC 15408-3]) as already listed in the Commission Implementing Decision (EU) 2016/650 [CID (EU) 2016/650] and the use of the following two protection profiles (PP): EN 419221-5 PP Cryptographic Module for Trust Services [pren 419221-5], and EN 419241-2, Trustworthy Systems Supporting Server Signing Part 2: Protection Profile for QSCD for Server Signing [pren 419241-2]. So the main difference of this security evaluation process is the use of two protection profiles that are not listed yet in [CID (EU) 2016/650]. Under the standardisation mandate M/460 given by the Commission these PPs were developed by CEN/TC224/WG17 for the security evaluation process of QSCDs for server-signing. For this both PPs have to be used, EN 419221-5 for the security evaluation of the cryptographic module and EN 419241-2 for the security evaluation of the signature activation module (SAM). SAM and the cryptographic module realise the QSCD. Figure 1: QSCD and related Protection Profiles In the above mentioned PPs the Evaluation Assurance Level EAL4+ (EAL 4 augmented with AVA_VAN.5) is claimed. Hereby the achieved security level of the notified security evaluation process is comparable to the security level defined by the listed security evaluation process. Both documents are under approval and already stable, essential changes of the contents or the defined requirements should not happen anymore. The version 0.15 of EN 419221-5 is 14.09.2017 SRC Security Research & Consulting GmbH Seite 5 von 8

already certified (cf. certification report [ANSSI CRP]) and available via the official Website of Common Criteria (www.commoncriteriaportal.org). The CEN Enquiry for the protection profile EN 419241-2 was successfully finished on August, 3 rd 2017 (closing date) and the evaluation of the PP is also in the final stage. The certification of EN 419241-2 is expected for nearly Q4/2017 or Q1/2018. Furthermore it can be assumed that these PPs will become part of the list in the Commission Implementing Decision (EU) 2016/650 [CID (EU) 2016/650] after their certification. Therefore the notified security evaluation process is an obvious solution for the certification of products based on a process pursuant to Article 30(3)(b) of Regulation (EU) No. 910/2014. 14.09.2017 SRC Security Research & Consulting GmbH Seite 6 von 8

3 References [eidas] REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC [CID (EU) 2016/650] COMMISSION IMPLEMENTING DECISION (EU) 2016/650 of 25 April 2016 laying down standards for the security assessment of qualified signature and seal creation devices pursuant to Articles 30(3) and 39(2) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market [EU QSCD list] Compilation of: Member States' notifications on: Designated Bodies under Article 30(2) and 39(2) of Regulation 910/2014 and Certified Qualified Signature Creation Devices under Article 31(1)-(2), and Certified Qualified Seal Creation Devices under Article 39(3) of Regulation 910/2014, and information from Member States on: Secure Signature Creation Devices benefiting from the transitional measure set in article 51(1) of Regulation 910/2014 [ISO/IEC 15408-1] ISO/IEC 15408-1:2009 - Information technology - Security techniques - Evaluation criteria for IT security - Part 1. ISO, 2009 [ISO/IEC 15408-2] ISO/IEC 15408-2:2008 - Information technology - Security techniques - Evaluation criteria for IT security - Part 2. ISO, 2008. [ISO/IEC 15408-3] ISO/IEC 15408-3:2008 - Information technology - Security techniques - Evaluation criteria for IT security - Part 3. ISO, 2008 [pren 419221-5] [ANSSI CRP] [pren 419241-2] CEN/prEN 419221-5:2016, Protection profiles for TSP Cryptographic modules - Part 5 Cryptographic Module for Trust Services, v0.15, 2016-11-29 ANSSI, Rapport de certification ANSSI-CC-PP-2016/05 du profil de protection Protection profiles for TSP Cryptographic modules - Part 5- Cryptographic Module for Trust Services (pren 419 221-5, version 0.15), 16.12.2016 CEN/prEN 419241-2:2017, Trustworthy Systems Supporting Server Signing Part 2: Protection Profile for QSCD for Server Signing, v0.12, 2017-06, or newer version 14.09.2017 SRC Security Research & Consulting GmbH Seite 7 von 8

4 List of acronyms CC CEN CID EAL EN HSM PP QSCD SAM SCD ST TC WG Common Criteria European Committee for Standardization Commission Implementing Decision Evaluation Assurance Level European Norm Hardware Security Module Protection Profile Qualified Signature / Seal Creation Device Signature Activation Module Signature Creation Data Security Target Technical Committee Working Group 14.09.2017 SRC Security Research & Consulting GmbH Seite 8 von 8

2024 © homedocbox.com Privacy Policy | Terms of Service | Feedback