iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
CEN

CEN/TS 419241:2014

(Main)

Security Requirements for Trustworthy Systems Supporting Server Signing

Security Requirements for Trustworthy Systems Supporting Server Signing

1.1   General
This document specifies security requirements and recommendations for Trustworthy System Supporting Server Signing (TW4S) that generate advanced electronic signatures as defined in Directive 1999/93/EC. This document may also be applied to electronic signatures complying to Article 5(1) of Directive 1999/93/EC employing a Secure Signature Creation Device (SSCD) compliant with Annex III and supported by a qualified electronic signature.
The Server Signing Application (SSA) runs on a networked server supporting one or more signatories to remotely sign electronic documents using centralized signature keys held on the signing server under sole control of the signatory.
An SSA is intended to deliver to the user or to some other application process in a form specified by the user, an Advanced- or where applicable a Qualified - Electronic Signature associated with a Signer's Document as a Signed Data Object.
This document:
-   provides commonly recognized functional models of TW4S;
-   specifies overall requirements that apply across all of the services identified in the functional model;
-   specifies security requirements for each of the services identified in the SSA.
-   specifies security requirements for sensitive system components which may be used by the SSA (e.g. Signature Creation Device (SCDev)).
This document does not specify technologies and protocols, but rather identifies requirements on the security on technologies to be employed.
1.2   Out of scope
The following aspects are considered to be out of scope:
-   other trusted services that may be used alongside this service such as signature validation service, time-stamping service and information preservation service,
-   any application or system outside of the SSA,
-   the legal interpretation of any form of signature (e.g. the implications of countersignatures, of multiple signatures and of signatures covering complex information structures containing other signatures).
1.3   Audience
This document specifies security requirements that are intended to be followed by:
-   providers of SSA systems.
-   Trust Service Providers (TSP) offering signature generation service.

Sicherheitsanforderungen für Vertrauenswürdige Systeme, die Serversignaturen unterstützen

Exigences de sécurité pour des systèmes fiables de serveur de signature électronique

Varnostne zahteve za zaupanja vredne sisteme, ki podpirajo strežniško podpisovanje

CEN/TS 419241 podaja varnostne zahteve in priporočila za zaupanja vredne sisteme, ki podpirajo strežniško podpisovanje (TW4S) in ki ustvarijo napredne elektronske podpise v skladu z opredelitvijo v Direktivi 1999/93/ES. Ta dokument se lahko uporablja tudi za elektronske podpise v skladu s prvim odstavkom člena 5 Direktive 1999/93/ES, pri katerih se uporabi sredstvo za varno elektronsko podpisovanje (SSCD), skladno z Dodatkom III in podprto s kvalificiranim elektronskih podpisom. Strežniška aplikacija za podpisovanje (SSA) deluje v omrežnem strežniku, ki podpira oddaljeno elektronsko podpisovanje enega ali več podpisnikov z uporabo centraliziranih podpisniških ključev, hranjenih v strežniku za podpisovanje pod izključnim nadzorom podpisnika. Strežniška aplikacija za podpisovanje je namenjena za zagotavljanje naprednega ali, kjer je primerno, kvalificiranega elektronskega podpisa, povezanega z dokumentom kot predmetom podpisnih podatkov podpisnika uporabniku ali drugim aplikacijskim postopkom v obliki, ki jo navede uporabnik. Ta dokument: – podaja splošno priznane funkcionalne modele za zaupanja vredne sisteme, ki podpirajo strežniško podpisovanje; – določa splošne zahteve, ki veljajo za vse storitve, določene v funkcionalnem modelu; – določa varnostne zahteve za vsako od storitev, opredeljeno v strežniški aplikaciji za podpisovanje; – določa varnostne zahteve za občutljive sistemske komponente, ki jih lahko uporabi strežniška aplikacija za podpisovanje (npr. sredstvo za elektronsko podpisovanje (SCDev)). Ta dokument ne določa tehnologij in protokolov, temveč identificira zahteve glede varnosti za tehnologije, ki se uporabijo.

General Information

Status
Withdrawn
Publication Date
25-Mar-2014
Withdrawal Date
03-Jul-2018
ICS
35.240.99 - IT applications in other fields
Technical Committee
CEN/TC 224 - Machine-readable cards, related device interfaces and operations
Drafting Committee
CEN/TC 224/WG 17 - Protection Profiles in the context of SSCD
Current Stage
9960 - Withdrawal effective - Withdrawal
Completion Date
04-Jul-2018
Mandate
M/460 - Standardisation Mandate to the European Standardisation Organizations CEN, CENELEC and ETSI in the field of Information and Communication Technologies applied to Electronic Signatures
Ref Project
SIST-TS CEN/TS 419241:2014 - Security Requirements for Trustworthy Systems Supporting Server Signing

Relations

Replaced By
EN 419241-1:2018 - Trustworthy Systems Supporting Server Signing - Part 1: General System Security Requirements
Effective Date
15-Jul-2018

Buy Standard

TS CEN/TS 419241:2014 - BARVETS CEN/TS 419241:2014 - BARVE
PreviousNext
Technical specification
TS CEN/TS 419241:2014 - BARVE
English language
26 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

SLOVENSKI STANDARD
SIST-TS CEN/TS 419241:2014
01-julij-2014
Varnostne zahteve za zaupanja vredne sisteme, ki podpirajo strežniško
podpisovanje
Security Requirements for Trustworthy Systems Supporting Server Signing
Sicherheitsanforderungen für Vertrauenswürdige Systeme, die Serversignaturen
unterstützen
Exigences de sécurité pour des systèmes fiables de serveur de signature électronique
Ta slovenski standard je istoveten z: CEN/TS 419241:2014
ICS:
35.240.99 8SRUDEQLãNHUHãLWYH,7QD IT applications in other fields
GUXJLKSRGURþMLK
SIST-TS CEN/TS 419241:2014 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST-TS CEN/TS 419241:2014

---------------------- Page: 2 ----------------------

SIST-TS CEN/TS 419241:2014

TECHNICAL SPECIFICATION
CEN/TS 419241

SPÉCIFICATION TECHNIQUE

TECHNISCHE SPEZIFIKATION
March 2014
ICS 35.240.99
English Version
Security Requirements for Trustworthy Systems Supporting
Server Signing
Exigences de sécurité pour des systèmes fiables de Sicherheitsanforderungen für Vertrauenswürdige Systeme,
serveur de signature électronique die Serversignaturen unterstützen
This Technical Specification (CEN/TS) was approved by CEN on 14 October 2013 for provisional application.

The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to submit their
comments, particularly on the question whether the CEN/TS can be converted into a European Standard.

CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS available
promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in parallel to the CEN/TS)
until the final decision about the possible conversion of the CEN/TS into an EN is reached.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United
Kingdom.





EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2014 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TS 419241:2014 E
worldwide for CEN national Members.

---------------------- Page: 3 ----------------------

SIST-TS CEN/TS 419241:2014
CEN/TS 419241:2014 (E)
Contents Page
Foreword .3
Introduction .4
1 Scope .5
1.1 General .5
1.2 Out of scope .5
1.3 Audience .5
2 Normative references .6
3 Terms and definitions .6
4 Symbols and abbreviations .9
5 Description of Trustworthy Systems Supporting Server Signing . 10
5.1 General . 10
5.2 Signature Creation and Server Signing Objectives . 10
5.3 AdES bound to a natural or legal person . 10
5.4 Levels of sole control . 10
5.5 Batch Server Signing .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

CEN
EN ISO 16484-1:2024(Main)
Building automation and control systems (BACS) - Part 1: Project specification and implementation (ISO 16484-1:2024)
SIST EN ISO 16484-1:2024

This document specifies guiding principles for project design and implementation and for the integration of other systems into the building automation and control systems (BACS).
This document specifies the phases required for the BACS project, including
—     design (determination of project requirements and production of design documents including technical specifications),
—     engineering (detailed function and hardware design),
—     installation (installing and commissioning of the BACS), and
—     completion (handover, acceptance and project finalization).
This document also specifies the requirements for as-built documentation and training.
This document is not applicable to operation and maintenance, nor is it applicable to retro or continuous commissioning, including a commissioning authority.

  • Standard
    30 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 13757-2:2018+A1:2023(Main)
Communication systems for meters - Part 2: Wired M-Bus communication
SIST EN 13757-2:2018+A1:2024

This draft European standard is applicable to the physical and link layer parameters of baseband communication over twisted pair (M Bus) for meter communication systems. It is especially applicable to thermal energy meters, heat cost allocators, water meters and gas meters.
NOTE    It is usable also for other meters (like electricity meters) and for sensors and actuators. For generic descriptions concerning communication systems for meters and remote reading of meters see EN 13757-1.

  • Standard
    38 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TR 17167:2023(Main)
Communication system for meters - Accompanying TR to EN 13757-2,-3 and -7, Examples and supplementary information
SIST-TP CEN/TR 17167:2024

This Technical Report contains additional information to the requirements determined in EN 13757-2, EN 13757-3 and EN 13757-7, in particular examples for the implementation, Datagram examples secured by security mechanism of part 7 and additional non-normative requirements beyond meter communication itself.

  • Technical report
    90 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 15518-3:2023(Main)
Winter maintenance equipment - Road weather information systems - Part 3: Requirements on measured values of stationary equipment
SIST EN 15518-3:2024

This document specifies the terminology and performance requirements for all sensor components of stationary equipment within a Road Weather Information System (RWIS).

  • Standard
    15 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TS 15518-4:2023(Main)
Winter maintenance equipment - Road weather information systems - Part 4: Test methods for stationary equipment
SIST-TS CEN/TS 15518-4:2024

This document specifies the test methods, the experimental set-up and result analysis for the laboratory qualification of stationary equipment within a RWIS.

  • Technical specification
    42 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 17531:2021+A1:2023(Main)
Reporting in support of supervision of online gambling services by the gambling regulatory authorities of the Member States
SIST EN 17531:2021+A1:2023

The development of a European standard(s) on reporting by online gambling service operators and suppliers to the gambling regulatory authorities in the Member States for the purpose of supervision of online gambling services will specify the core data for reporting purposes, while ensuring integrity and security of the data as well as personal data protection.
The requested European standard(s) will provide a voluntary tool to the gambling regulatory authorities in the Member States without prejudice to the scope of competence of Member States in the regulation of online gambling and without imposing any obligation on them to introduce reporting requirements or to authorize or deny authorization to any operators or suppliers.

  • Standard
    271 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 25119-2:2023(Main)
Tractors and machinery for agriculture and forestry - Safety-related parts of control systems - Part 2: Concept phase (ISO 25119-2:2019)
SIST EN ISO 25119-2:2023

This document specifies the concept phase of the development of safety-related parts of control systems (SRP/CS) on tractors used in agriculture and forestry and on self-propelled ride-on machines and mounted, semi-mounted and trailed machines used in agriculture. It can also be applied to mobile municipal equipment (such as street-sweeping machines).
This document is not applicable to:
—          aircraft and air-cushion vehicles used in agriculture;
—          lawn and garden equipment.
This document specifies the characteristics and categories required of SRP/CS for carrying out their safety-related functions. It does not identify performance levels for specific applications.
NOTE 1    Machine specific type-C standards can specify performance levels (AgPL) for safety-related functions in machines within their scope. Otherwise, the specification of AgPL is the responsibility of the manufacturer.
This document is applicable to the safety-related parts of electrical/electronic/programmable electronic systems (E/E/PES), as these relate to mechatronic systems. It covers the possible hazards caused by malfunctioning behaviour of E/E/PES safety-related systems, including interaction of these systems. It does not address hazards related to electric shock, fire, smoke, heat, radiation, toxicity, flammability, reactivity, corrosion, release of energy, and similar hazards., unless directly caused by malfunctioning behaviour of E/E/PES safety-related systems. It also covers malfunctioning behaviour of E/E/PES safety-related systems involved in protection measures, safeguards, or safety-related functions in response to non-E/E/PES hazards.
Examples included within the scope of this document:
—          SRP/CS's limiting current flow in electric hybrids to prevent insulation failure/shock hazards;
—          electromagnetic interference with the SRP/CS;
—           SRP/CS's designed to prevent fire.
Examples not included within the scope of this document:
—          insulation failure due to friction that leads to electric shock hazards;
—          nominal electromagnetic radiation impacting nearby machine control systems;
—          corrosion causing electric cables to overheat.
This document is not applicable to non-E/E/PES systems (such as hydraulic, mechanic or pneumatic).
NOTE 2    See also ISO 12100 for design principles related to the safety of machinery.
This document is not applicable to safety-related parts of control systems manufactured before the date of its publication.

  • Standard
    63 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 25119-3:2023(Main)
Tractors and machinery for agriculture and forestry - Safety-related parts of control systems - Part 3: Series development, hardware and software (ISO 25119-3:2018)
SIST EN ISO 25119-3:2023

This document sets out general principles for the design and development of safety-related parts of control systems (SRP/CS) on tractors used in agriculture and forestry and on self-propelled ride-on machines and mounted, semi-mounted and trailed machines used in agriculture. It can also be applied to mobile municipal equipment (e.g. street-sweeping machines).
This document is not applicable to:
—          aircraft and air-cushion vehicles used in agriculture;
—          lawn and garden equipment.
This document specifies the characteristics and categories required of SRP/CS for carrying out their safety-related functions. It does not identify performance levels for specific applications.
NOTE 1    Machine specific type-C standards can specify performance levels (AgPL) for safety-related functions in machines within their scope. Otherwise, the specification of AgPL is the responsibility of the manufacturer.
This document is applicable to the safety-related parts of electrical/electronic/programmable electronic systems (E/E/PES), as these relate to mechatronic systems. It covers the possible hazards caused by malfunctioning behaviour of E/E/PES safety-related systems, including interaction of these systems. It does not address hazards related to electric shock, fire, smoke, heat, radiation, toxicity, flammability, reactivity, corrosion, release of energy, and similar hazards, unless directly caused by malfunctioning behaviour of E/E/PES safety-related systems. It also covers malfunctioning behaviour of E/E/PES safety-related systems involved in protective measures, safeguards, or safety-related functions in response to non-E/E/PES hazards.
Examples included within the scope of this document:
—          SRP/CS's limiting current flow in electric hybrids to prevent insulation failure/shock hazards;
—          electromagnetic interference with the SRP/CS;
—          SRP/CS's designed to prevent fire.
Examples not included in the scope of this document:
—          insulation failure due to friction that leads to electric shock hazards;
—          nominal electromagnetic radiation impacting nearby machine control systems;
—          corrosion causing electric cables to overheat.
This document is not applicable to non-E/E/PES systems (e.g. hydraulic, mechanic or pneumatic).
NOTE 2    See also ISO 12100 for design principles related to the safety of machinery.
This document is not applicable to safety related parts of control systems manufactured before the date of its publication.

  • Standard
    75 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 25119-1:2023(Main)
Tractors and machinery for agriculture and forestry - Safety-related parts of control systems - Part 1: General principles for design and development (ISO 25119-1:2018)
SIST EN ISO 25119-1:2023

This document sets out general principles for the design and development of safety-related parts of control systems (SRP/CS) on tractors used in agriculture and forestry and on self-propelled ride-on machines and mounted, semi-mounted and trailed machines used in agriculture. It can also be applied to mobile municipal equipment (e.g. street-sweeping machines).
This document is not applicable to:
—          aircraft and air-cushion vehicles used in agriculture;
—          lawn and garden equipment.
This document specifies the characteristics and categories required of SRP/CS for carrying out their safety-related functions. It does not identify performance levels for specific applications.
NOTE 1    Machine specific type-C standards can specify performance levels (AgPL) for safety-related functions in machines within their scope. Otherwise, the specification of AgPL is the responsibility of the manufacturer.
This document is applicable to the safety-related parts of electrical/electronic/programmable electronic systems (E/E/PES), as these relate to mechatronic systems. It covers the possible hazards caused by malfunctioning behaviour of E/E/PES safety-related systems, including interaction of these systems. It does not address hazards related to electric shock, fire, smoke, heat, radiation, toxicity, flammability, reactivity, corrosion, release of energy, and similar hazards, unless directly caused by malfunctioning behaviour of E/E/PES safety-related systems. It also covers malfunctioning behaviour of E/E/PES safety-related systems involved in protective measures, safeguards, or safety-related functions in response to non-E/E/PES hazards.
Examples included within the scope of this document:
—          SRP/CS limiting current flow in electric hybrids to prevent insulation failure/shock hazards;
—          electromagnetic interference with the SRP/CS;
—          SRP/CS designed to prevent fire.
Examples not included in the scope of this document:
—          insulation failure due to friction that leads to electric shock hazards;
—          nominal electromagnetic radiation impacting nearby machine control systems;
—          corrosion causing electric cables to overheat.
This document is not applicable to non-E/E/PES systems (e.g. hydraulic, mechanic or pneumatic).
NOTE 2    See also ISO 12100 for design principles related to the safety of machinery.
This document is not applicable to safety related parts of control systems manufactured before the date of its publication.

  • Standard
    39 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 25119-3:2023/A1:2023(Amendment)
Tractors and machinery for agriculture and forestry - Safety-related parts of control systems - Part 3: Series development, hardware and software - Amendment 1 (ISO 25119-3:2018/Amd 1:2020)
SIST EN ISO 25119-3:2023/A1:2023
  • Amendment
    9 pages
    English language
    sale 10% off
    e-Library read for
    1 day