CEN TC224 esign activities ETSI Security workshop 2013/01/16. Beatrice PEIRANI, GEMALTO Expert ETSI STF 425, CEN WG16

Similar documents
Certification of the conformity of QSCDs for server-signing with the requirements laid down in Annex II of Regulation (EU) No.

CEN/TR :2017. Framework for standardization of signatures - Extended structure including electronic identification and authentication

Technical standards to support the evolution of technology enabled care services

Standardization in the Construction Sector Sustainability assessment and Environmental Product Declarations

The Process of making European Standards. Frank Moore Chairman CEN TC/248 Textiles

WORK PACKAGE 4 DELIVERABLE D.T4.1.4

Security Standardisation - Mandate M/487 Jolien van Zetten

cooperation in standardization Gonçalo Ascensão Seminar Bridge Design with Eurocodes, JRC-Ispra, 1-2 October 2012

Confused by standards Standards for social alarms

CEN strategies and plans for a global acceptance of the Eurocodes

BUSINESS PLAN CEN/TC 135 EXECUTION OF STEEL STRUCTURES AND ALUMINIUM STRUCTURES EXECUTIVE SUMMARY

BUSINESS PLAN CEN/TC 305 POTENTIALLY EXPLOSIVE ATMOSPHERES EXPLOSION PREVENTION AND PROTECTION EXECUTIVE SUMMARY

BUSINESS PLAN CEN/TC 72 FIRE DETECTION AND FIRE ALARM SYSTEMS EXECUTIVE SUMMARY

Role of Standards in Exploiting Technology and Research

Standardization through the European Committee for Standardization. Thomas Fischer SUB Göttingen

About European Standards

Standards for ITS, the perspective of CEN/TC278

BUSINESS PLAN CEN/TC 301 ROAD VEHICLES EXECUTIVE SUMMARY

CEN/TC 391 Business Plan Revision Nov 2010 Page 1 EXECUTIVE SUMMARY

IEC DLMS/COSEM seminar. Overview

EU Best practice of Technical Committees and benefits that could be achieved

BUSINESS PLAN CEN-CLC/TC 3 QUALITY MANAGEMENT AND CORRESPONDING GENERAL ASPECTS FOR MEDICAL DEVICES EXECUTIVE SUMMARY

The standards of the European gas infrastructure. Main functional standards for maximum operating pressure over 16 bar

BUSINESS PLAN CEN/TC 125 MASONRY EXECUTIVE SUMMARY

CEN System Delegated Decisions Dispatch 33:2016

EUROPEAN COMMITTEE FOR ELECTROTECHNICAL STANDARDIZATION (CENELEC) TECHNICAL COMMITTEE No. 62: ELECTRICALEQUIPMENT IN MEDICAL PRACTICE

The European Standardization System. Diana Dus Programme Manager International Cooperation

Implementation of the Construction Products Regulation (CPR) in harmonized standards - Template for Annex ZA -

BUSINESS PLAN CEN/TC 142 WOODWORKING MACHINES SAFETY EXECUTIVE SUMMARY

BSI the UK voice into European and national standards

On , CCMC received a proposal from DIN for the creation of a new Technical Committee in the area of Food Authenticity (see Annex 1).

FAQs Radio Equipment Directive (RE-D)

Interoperability from the perspective of standards

BUSINESS PLAN CEN/TC 239 RESCUE SYSTEMS EXECUTIVE SUMMARY

BUSINESS PLAN CEN/TC 164 WATER SUPPLY EXECUTIVE SUMMARY

BUSINESS PLAN CEN/TC 58 SAFETY AND CONTROL DEVICES FOR BURNERS AND APPLIANCES BURNING GASEOUS OR LIQUID FUELS EXECUTIVE SUMMARY

(Publication of titles and references of harmonised standards under Union harmonisation legislation) (Text with EEA relevance) (2018/C 209/02)

BUSINESS PLAN CEN/TC 194 USTENSILE IN CONTACT WITH FOOD EXECUTIVE SUMMARY

BUSINESS PLAN CEN/TC 160 PROTECTION AGAINST FALLS FROM A HEIGHT INCLUDING WORKING BELTS EXECUTIVE SUMMARY

European Standards and Services. Cinzia Missiroli CEN/CENELEC Programme Manager Port of Spain, 05 April 2011

ISO/IEC and CEN standardization activities + buildingsmart

Work Programme CEN/TC 251 Health informatics

BUSINESS PLAN CEN/TC 23 TRANSPORTABLE GAS CYLINDERS

Status report to ISO/TC204 October 2012

Standards and Standardisation. An Overview

National foreword. Compliance with a British Standard cannot confer immunity from legal obligations.

Smart Metering at VDE Our services at a glance

This document is a preview generated by EVS

Eress Forum 2018 Workshop 2: The Future of Energy Metering Data. Data security basics

BUSINESS PLAN CEN/TC 49 GAS COOKING APPLIANCES EXECUTIVE SUMMARY

BUSINESS PLAN CEN/TC 121 WELDING AND ALLIED PROCESSES EXECUTIVE SUMMARY

BUSINESS PLAN CEN/TC 208 ELASTOMERIC SEALS FOR JOINTS IN PIPEWORK AND PIPELINES EXECUTIVE SUMMARY

BUSINESS PLAN CEN/TC 250 STRUCTURAL EUROCODES EXECUTIVE SUMMARY

BUSINESS PLAN CEN/TC 249 PLASTICS

COMMISSION DELEGATED REGULATION (EU) /... of

European Standardization for the Natural Gas Infrastructure

BUSINESS PLAN CEN/TC 162 PROTECTIVE CLOTHING INCLUDING HAND AND ARM PROTECTION AND LIFEJACKETS EXECUTIVE SUMMARY

CEN/TC 442 Decisions taken /16

ISO Series of Standards on Management System. Christian Levy Président french commission of standardisation

(Publication of titles and references of harmonised standards under Union harmonisation legislation) (Text with EEA relevance) (2016/C 054/02)

BUSINESS PLAN CEN/TC 203 CAST IRON PIPES, FITTINGS AND THEIR JOINTS EXECUTIVE SUMMARY

CEN standardization work on refrigerating systems, especially standard EN 378

BUSINESS PLAN CEN/TC 145 PLASTICS AND RUBBER MACHINES EXECUTIVE SUMMARY

The future of the CPR, is CE marking changing? 26/10/2018

INTERNATIONAL STANDARD

DRAFT TANZANIA STANDARD

BUSINESS PLAN CEN/TC 149 POWER-OPERATED WAREHOUSE EQUIPMENT EXECUTIVE SUMMARY

CEN-CENELEC response to the European Commission consultation on H2020 Societal Challenge 5 priorities for

1. Terms defined in the Construction Products Regulation (CPR)

BUSINESS PLAN CEN/TC 10 LIFTS, ESCALATORS AND MOVING WALKS EXECUTIVE SUMMARY

BUSINESS PLAN CEN/TC 159 HEARING PROTECTORS EXECUTIVE SUMMARY

COMMISSION DELEGATED REGULATION (EU) /... of

BUSINESS PLAN CEN/TC 132 ALUMINUM AND ALUMINIUM ALLOYS EXECUTIVE SUMMARY

DGE 2 EUROPEAN UNION. Brussels, 20 September 2017 (OR. en) 2016/0287 (COD) PE-CONS 28/17 TELECOM 158 FC 54 CODEC 1008

Contents. EN :2012 (E) Issue 5 ( ) Page

COMMISSION DELEGATED REGULATION (EU) /... of XXX

TECHNICAL REPORT IEC/TR

Doc. Number: N Report of CEN/TC 267 Secretariat "Industrial piping and pipelines" for the 30 th Plenary Meeting 27 October 2016 (Paris)

Official Journal of the European Union. (Non-legislative acts) REGULATIONS

ISO/TC 211 GEOGRAPHIC INFORMATION AND GEOMATICS A FRAMEWORK AND REFERENCE MODEL

CEN/TC 442. Building Information Modelling SMART CE MARKING KICK-OF MEETING BRUSSELS ØIVIND ROOTH, CHAIR CEN/TC442

BUSINESS PLAN CEN/TC 197 PUMPS EXECUTIVE SUMMARY

Resource efficiency and Circular Economy in the EU and Japan Overview of the EU Ecodesign and Energy Labelling schemes. Tokyo, 15 February 2016

Eur Ing Keith J Hawken Technical and Standards Director ISO/TC 23/SC 7 Chairman

BUSINESS PLAN. CEN/TC 388 Perimeter Protection Products and Systems EXECUTIVE SUMMARY

COMMISSION DELEGATED REGULATION (EU) /... of

BUSINESS PLAN CEN/TC 189 GEOSYNTHETICS EXECUTIVE SUMMARY

Australian Standard. Functional safety Safety instrumented systems for the process industry sector

COMMISSION DELEGATED REGULATION (EU) /... of XXX. on the classification of the frost resistance performance for clay tiles under EN 1304

ISO/CEN ACTIVITIES. EURL-Campylobacter workshop 2018 Hanna Skarin

BS 7913 Launch event. 10 March 2014 Somerset House, London

BSI the UK National Standards Body: The Role of Standards

This document is a preview generated by EVS

TECHNICAL SPECIFICATION

Verification & Testing for Conformity Assessment / EC Verification. NB-Rail (ERTMS Group)

BUSINESS PLAN CEN/TC 124 TIMBER STRUCTURES EXECUTIVE SUMMARY

This is a preview - click here to buy the full publication

Standardization of diagnostic methods. Patrizia Rossi

INTERNATIONAL STANDARD

Standardization Programme ( ) Building & Construction Standards Committee

Transcription:

CEN TC224 esign activities ETSI Security workshop 2013/01/16 Beatrice PEIRANI, GEMALTO Expert ETSI STF 425, CEN WG16

Agenda Introduction EU Mandate M/460 EU regulation on electronic trust services CEN TC224 Perspectives 2

Agenda Introduction EU Mandate M/460 EU regulation on electronic trust services CEN TC224 Perspective 3

European Directive 1999/93/EC Motivation Electronic communication and commerce necessitate electronic signatures and related services for data authentication. Divergent rules with respect to legal recognition of electronic signatures; accreditation of certification-service providers in the Member states. Interoperability of electronic signature products should be promoted. Ancillary services should be considered. The European Directive 1999/93/EC «On a community framework for electronic signatures» Ensures legal recognition of electronic signatures. Equivalence with hand-written signature. Defines security and quality requirements for different levels of electronic signature. The Commission Decision 2003/511/EC on generally recognized standards for e-signature products lists in Annex: CWA 14167-1 (system security requirements for CSP) CWA 14167-2 (PP for crypto module for CSP signing operations) CWA 14169 (PP for SSCD) Two standardization groups involved: ETSI and CEN (within EESSI) 4

Agenda Introduction EU Mandate M/460 EU regulation on electronic trust services CEN TC224 Perspective 5

Digital Agenda for Europe EC Public consultation on electronic identification, authentication and signature (March-April 2011) Stresses need for standardization. New drivers for esignature and ancillary services: Public e-procurement Services Directive Business processes automation (invoicing, transferring documents) eid cards infrastructure European Mandate M/460 on Information and Communication Technologies applied to Electronic Signatures (launched end 2010) Decision to revise the Directive 1999/93/EC of the European Parliament and of the Council on a Community framework for electronic signatures 6

EC Mandate 460: objectives and organization Given to CEN TC224 and ETSI ESI 2011-2014 Objective: simplify the use of European esignature Standards: create a rationalized framework. provide guidance helping to implement esignature in an interoperable way. introduce usage guidelines & be more business oriented fill in details where existing standards have been too open to interpretation. update standards and develops missing standards See http://www.e-signatures-standards.eu 7

Rationalised Framework: global view Trust Service Status (Lists) Providers Testing Compliance Interoperability & 6 functional areas 5 types of documents TSPs supporting esignature Signature Creation & Validation Trust Application Service Providers TSP Certificates TSSP SGSP SVSP Registered email Data Preservation Testing Compliance & Interoperability Testing Compliance & Interoperability Testing Compliance & Interoperability CAdES XAdES PAdES ASiC Testing Compliance & Interoperability Testing Compliance Interoperability & Testing Compliance & Interoperability Testing Compliance Interoperability & Testing Compliance & Interoperability Testing Compliance Interoperability & Testing Compliance Interoperability & Testing Compliance Interoperability & Testing Compliance Interoperability & Testing Compliance & Interoperability Testing Compliance Interoperability & Signature Creation & other related Devices SSCD Testing Compliance Interoperability & Testing Compliance Interoperability & Other SCDs Testing Compliance Interoperability & Cryptographic Suites Suites Requirements 8

Agenda Introduction EU Mandate M/460 EU regulation on electronic trust services CEN TC224 Perspective 9

New regulation 2012, June 4th http://ec.europa.eu/information_society/policy/esig nature/eu_legislation/regulation/index_en.htm Proposal for a regulation of the European Parliament and of the Council on trust and confidence in electronic transactions in the internal market (Electronic Trust Services Regulation) To replace the European Directive on Electronic Signature 1999/93/EC Enlarged scope From signature to identification and trust services 10 Different application From directive to regulation

Agenda Introduction EU Mandate M/460 EU regulation on electronic trust services CEN TC224 General information Perspective 11

CEN/TC 224 General information Title Personal identification, electronic signature, cards and their related systems and operations History Established on 1989 by a CEN Technical Board decision BTC 193/1989. Referring to the new program of work including CEN/ISSS Workshop on electronic signature CWAs on 2005-04-14/15. Launching of new TC224 WGs on 2005. 12 One of the IT Technical Committee of CEN Production of EN and TS Support of European Policies Manufacturers, operators of various sectors, providers of applications and security, testing companies, public authorities, consumers Intersectorial Technical Committee

CEN/TC224: past and present Over 60 standards published 1990 General card 2000 2010 characteristics 4/0* Telecom ICC & Terminal 8/0* Intersector Electronic Purse 5/0* Health cards 4/0* Transport data elements & applications 5/2* User Interface 6/1* European Citizen Cards 4/5* Electronic Signature 2/19* Biometrics 1/2* 13 *X/Y - X: Published documents still active - Y: Drafts in progress (revision or new documents)

Working groups of CEN/TC 224 WG 6 User Interface WG 11 Surface Transport Applications WG 15 European Citizen Card J. JONES UK K. PHILIPP GERMANY M. FAHER FRANCE WG 16 Smart cards used as secure signature creation devices WG 17 Protection Profiles in the context of e-sign WG 18 Interoperability of Biometrics recorded data G. MEISTER GERMANY C. SUTTER GERMANY N. DELVAUX FRANCE 14

Agenda Introduction EU Mandate M/460 EU regulation on electronic trust services CEN TC224 Working groups involved in IAS Perspective 15

Signature context EN-14167 TSP CA, TSA Certificates CRL TST Advanced electronic signature SCA /SVA digest Cryptographic signature SSCD Private Key (M) Certificate (O) EN-14170 EN-14169 EN-14890 16

CEN/TC 224 WG17 Protection Profiles in the context of electronic signatures History CWA 14169 (published in 2004) CWA 14167 (published in 2004) CWA 14170 (published in 2004) 17

Global view on WG17 on-going work Device Application System PP 14169 (SSCD): Protection profiles for secure signature creation device Starting from CWA 14169 PP EAL 4+ AVA_VLA.4 (CC v2.3), BSI certified SCD/SVD generation, SCD storage, signature-creation. Core PPs + extensions for TC EN 419211 PP DAUTH: Security requirements for device for authentication Starting from EN 16248 CEN review New needs : Evaluation/Certification of PP (EAL4+ AVA_VAN.5) EN 419251 PP SCA/SVA: Security requirements for Signature Creation Applications and Signature Verification applications. Starting from CWA 14170 for SCA. CEN review. New needs: Evaluation/Certification of PP (EAL 4) EN 419111 PP 14167: Security Requirements for Trustworthy Systems Managing Certificates for Electronic Signatures Starting from CWA 14167 PP EAL4+ AVA_VLA.4 (CC v2.3), ANSSI certification in progress Registration, certificate generation, dissemination, revocation management and revocation status New needs: move from TS to EN EN 419221 PP Time-Stamping: Protection profile for Trustworthy systems supporting time stamping Starting point will be French ANSSI PP-SH-CCv3.1 (EAL3+ AVA_VAN.5, 2008) EN 419231 18

CEN/TC 224 WG16 EN 14890 «Application Interface for smart cards used as SSCD The smart card used as SSCD shall be able to produce Qualified electronic signatures. support the concrete implementation of the European legal framework for electronic signatures. be the base standard for cards personalized with Identification, Authentication and Digital Signature (IAS) services. The standard shall be compliant with other European standards developed in the framework of the EU Directive 1999/93. History CWA 14890 (CEN ESign Area K, published in 2004) EN 14890 (CEN TC 224 WG16, published in 2008) New EN 14890 planned for publication in 2013-2014 (draft delivery Q3 2011) 19

EN 14890: Crypto toolbox Basic services Digital signature service Certificates storage Key generation User verification Device authentication One symmetric protocol (Key transport protocol ) 2 asymmetric protocols (privacy protocol, meac protocol) 1 protocol for Password-based authentication (PACE v2) Secure Messaging Additional services Encryption key decipherment Client/server authentication Role authentication Signature verification Privacy context functions (Age verification, Restricted Identification, mera-based eservices with TTP) Consistency with ISO 7816-4 The basics for European Citizen Card (ECC TS 15480) 20

CEN/TC 224 WG15 TS 15480 European Citizen Card (ECC) First delivery in 2007 for part 1 and part 2 Technical Standard in conformance to ISO 7816 EN 14890 Services and additional Security Architecture according to ISO/IEC 7816-4 suitable for Citizen Cards Identity Cards Combined Cards 21

CEN/TC 224 WG15: ECC series 22 ECC-1 Physical, electrical and transport protocol (revision) Published on Nov. 2012 (published first on June 2007) ECC-2 Logical data structures and security services (revision) Published on July 2012 (published first on June 2007) ECC-3 ECC interoperability using application interface (revision) (Published first on 2010) ECC-4 Recommendations for European Citizen Card issuance, operation and use Published first on April 2011 ECC-5 General introduction Just starting Formal Vote (till Jan 2013), first TS publication planned on April 2013

Agenda Introduction EU Mandate M/460 EU regulation on electronic trust services CEN TC224 Perspective 23

Perspective A lot of work has been done Many standards available RF document But a lot of work still to be done M/460 Phase 2 Impact of Regulation Enlarged scope to IAS 24

Any question? Thanks! beatrice.peirani@gemalto.com

2024 © homedocbox.com Privacy Policy | Terms of Service | Feedback