CEN/TR 419200:2017
(Main)Guidance for signature creation and other related devices
Guidance for signature creation and other related devices
The present Technical Report provides guidance on the selection of standards and options for the signature/seal creation and other related devices (area 2) as identified in the framework for standardization of signatures: overview ETSI/TR 119 000 [16].
The present Technical Report describes the Business Scoping Parameters relevant to this area (see Clause 5) and how the relevant standards and options for this area can be identified given the Business Scoping Parameters (Clause 6).
The target audience of this document includes:
- business managers who potentially require support from electronic signatures/seals in their business and will find here an explanation of how electronic signatures/seals standards can be used to meet their business needs;
- application architects who will find here material that will guide them throughout the process of designing a system that fully and properly satisfies all the business and legal/regulatory requirements specific to electronic signatures/seals, and will gain a better understanding on how to select the appropriate standards to be implemented and/or used;
- developers of the systems who will find in this document an understanding of the reasons that lead the systems to be designed as they were, as well as a proper knowledge of the standards that exist in the field and that they need to know in detail for a proper development.
Anleitung zur Signaturerstellung und andere ähnliche Geräte
Lignes directrices pour la création de signatires et autres dispositifs associés
Navodilo za elektronsko podpisovanje in druge podobne operacije
To tehnično poročilo podaja smernice za izbiro standardov in možnosti za oblikovanje podpisa/pečata in drugih povezanih naprav (območje 2), kot so opredeljene v okviru za standardizacijo podpisov: pregled ETSI/TR 119 000 [16].
To tehnično poročilo opisuje parametre za določevanje poslovnih dejavnosti, ki so ustrezni za to področje (glej točko 5), ter možnosti določevanja ustreznih standardov in možnosti za to področje glede na parametre za določevanje poslovnih dejavnosti (člen 6).
Ta dokument je namenjen:
– vodjem podjetij, ki pri svojem delu morda potrebujejo podporo elektronskih podpisov/pečatov in bodo v tem dokumentu našli razlago, kako lahko uporabijo standarde elektronskih podpisov/pečatov za svoje poslovne potrebe;
– arhitektom aplikacij, ki bodo v tem dokumentu našli smernice, ki jih bodo vodile skozi celoten postopek oblikovanja sistema, ki v celoti in ustrezno izpolnjuje vse poslovne in pravne/regulativne zahteve, ki se nanašajo na elektronske podpise/pečate, in bodo bolje razumeli, kako izbrati primerne standarde za uvedbo in/ali uporabo;
– razvijalcem sistemov, ki bodo s pomočjo tega dokumenta bolje razumeli razloge za določen način zasnove sistemov ter spoznali ustrezne standarde, ki obstajajo na tem področju in ki jih morajo za ustrezen razvoj sistemov podrobno poznati.
General Information
Standards Content (Sample)
SLOVENSKI STANDARD
01-oktober-2017
Navodilo za elektronsko podpisovanje in druge podobne operacije
Guidance for signature creation and other related devices
Anleitung zur Signaturerstellung und andere ähnliche Geräte
Lignes directrices pour la création de signatires et autres dispositifs associés
Ta slovenski standard je istoveten z: CEN/TR 419200:2017
ICS:
35.040.01 Kodiranje informacij na Information coding in general
splošno
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
CEN/TR 419200
TECHNICAL REPORT
RAPPORT TECHNIQUE
May 2017
TECHNISCHER BERICHT
ICS 35.030; 35.240.30
English Version
Guidance for signature creation and other related devices
Lignes directrices pour la création de signatires et Anleitung zur Signaturerstellung und andere ähnliche
autres dispositifs associés Geräte
This Technical Report was approved by CEN on 17 April 2017. It has been drawn up by the Technical Committee CEN/TC 224.
CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2017 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TR 419200:2017 E
worldwide for CEN national Members.
Contents Page
European foreword . 4
Introduction . 5
1 Scope . 6
2 Terms and definitions . 6
3 Symbols and abbreviations . 7
4 Some concepts related to signature creation and other related devices . 8
4.1 Different types of signatures and seals . 8
4.2 Signature versus seal . 8
4.3 What are a signature creation device or other related devices . 8
4.3.1 General . 8
4.3.2 Qualified electronic signature creation device . 8
4.3.3 Qualified electronic seal creation device . 10
4.4 Trusted versus un-trusted environment for electronic signature . 10
4.5 Mobile environment . 11
5 Types of services related to signature – Scoping factors . 11
5.1 General . 11
5.2 Services related to signature for a QSCD . 12
5.2.1 General . 12
5.2.2 Signature service . 12
5.2.3 Privacy aspects . 12
5.2.4 Identification service . 14
5.2.5 Authentication service . 14
5.2.6 Other potential services . 14
5.3 Services related to signature for a TSP. 16
5.3.1 General . 16
5.3.2 Signature service . 16
5.3.3 Certification Authority service . 17
5.3.4 Other services . 17
6 Selecting the Most Appropriate Standards and options . 17
6.1 Sub-Areas of Standardization . 17
6.1.1 General . 17
6.1.2 Policy and security Requirements . 18
6.1.3 Technical Specifications . 20
6.1.4 Conformity Assessment . 20
6.1.5 Interoperability Testing . 20
6.2 Selection of standards . 21
Annex A (informative) Business aspects/ Use cases from signature creation devices view . 22
A.1 General . 22
A.2 Telecommunications . 22
A.3 Identity . 22
A.4 Health . 23
A.5 Corporate . 23
A.6 Bank . 24
Annex B (informative) Illustration of Application of Standards . 25
B.1 General . 25
B.2 Telecommunications . 25
B.2.1 First example . 25
B.2.2 Second example . 25
B.3 Identity . 25
B.3.1 General . 25
B.3.2 First example . 26
B.3.3 Second example . 26
B.3.4 Third example . 27
B.4 Health . 27
B.4.1 First example . 27
B.4.2 Second example . 28
B.5 Corporate . 28
B.5.1 First example . 28
B.5.2 Second example . 28
B.6 Bank . 28
B.6.1 First example . 28
B.6.2 Second example . 29
Annex C (informative) Comparison of definitions between Directive 1999/93/EC and
Regulation (EU) 910/2014 . 30
Bibliography . 32
European foreword
This document (CEN/TR 419200:2017) has been prepared by Technical Committee CEN/TC 224
“Personal identification and related personal devices with secure element, systems, operations and
privacy in a multi sectorial environment”, the secretariat of which is held by AFNOR.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent
rights.
This document has been prepared under a mandate given to CEN by the European Commission and the
European Free Trade Association.
Introduction
ETSI/TR 119 000 [16] provides a general structure for electronic signatures standardization outlining
existing and potential standards for electronic signatures. This identifies six areas of standardization
with a list of existing and potential future standards in each area.
This guide is part of a series of guidance documents assisting users and their suppliers in identifying the
electronic signature standards and options relevant to their need. Each guide addresses a particular
area as identified in ETSI/TR 119 000 [16].
This series is based on the process of selecting Business Scoping Parameters for each area of
standardization based on an analysis of the business requirements. The selection of these scoping
parameters is based on a process involving an analysis of the business requirements and associated
risks leading to an identification of the policy and security requirements and the resulting Business
Scoping Parameters from which the appropriate standards and options can be selected. Having
identified the requirements in terms of Business Scoping Parameters for an area, each guidance
document provides assistance in selecting the appropriate standards and options for that area. Where
standards and options within one area make use of another area this is stated in terms of Scoping
Parameters of that other area.
This guidance does not include any normative requirements but provides guidance on addressing the
signature creation and other related devices area, on the selection of a
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.