SIST EN 419241-1:2018

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.Zaupanja vredni sistemi, ki podpirajo strežniško podpisovanje - 1. del: Splošne varnostne zahteve sistemaVertrauenswürdige Systeme, die Serversignaturen unterstützen - Teil 1: Allgemeine SystemsicherheitsanforderungenSystèmes fiables de Serveur de Signature électronique - Partie 1: Exigences de sécurité générales du systèmeTrustworthy Systems Supporting Server Signing - Part 1: General System Security Requirements35.030Informacijska varnostIT SecurityICS:Ta slovenski standard je istoveten z:EN 419241-1:2018SIST EN 419241-1:2018en,fr,de01-oktober-2018SIST EN 419241-1:2018SLOVENSKI
STANDARDSIST-TS CEN/TS 419241:20141DGRPHãþD



SIST EN 419241-1:2018



EUROPEAN STANDARD NORME EUROPÉENNE EUROPÄISCHE NORM
EN 419241-1
July
t r s z English Version
Trustworthy Systems Supporting Server Signing æ Part
sã General System Security Requirements Systèmes fiables de serveur de signature électronique æPartie
sã Exigences de sécurité générales du système
Vertrauenswürdige Systemeá die Serversignaturen unterstützen æ Teil
sã Allgemeine Systemsicherheitsanforderungen This European Standard was approved by CEN on
u r April
t r s zä
egulations which stipulate the conditions for giving this European Standard the status of a national standard without any alterationä Upætoædate lists and bibliographical references concerning such national standards may be obtained on application to the CENæCENELEC Management Centre or to any CEN memberä
translation under the responsibility of a CEN member into its own language and notified to the CENæCENELEC Management Centre has the same status as the official versionsä
CEN members are the national standards bodies of Austriaá Belgiumá Bulgariaá Croatiaá Cyprusá Czech Republicá Denmarká Estoniaá Finlandá Former Yugoslav Republic of Macedoniaá Franceá Germanyá Greeceá Hungaryá Icelandá Irelandá Italyá Latviaá Lithuaniaá Luxembourgá Maltaá Netherlandsá Norwayá Polandá Portugalá Romaniaá Serbiaá Slovakiaá Sloveniaá Spainá Swedená Switzerlandá Turkey and United Kingdomä
EUROPEAN COMMITTEE FOR STANDARDIZATION COMITÉ EUROPÉEN DE NORMALISATION EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre:
Rue de la Science 23,
B-1040 Brussels
9
t r s z CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Membersä Refä Noä EN
v s { t v sæ sã t r s z ESIST EN 419241-1:2018



EN 419241-1:2018 (E) 2 Contents Page European foreword . 4 Introduction . 6 1 Scope . 7 1.1 General . 7 1.2 Outside of the scope . 7 1.3 Audience . 7 2 Normative references . 8 3 Terms and definitions . 8 4 Symbols and abbreviations . 10 5 Description of trustworthy systems supporting server signing . 11 5.1 General . 11 5.2 Signature creation and server signing objectives . 11 5.3 Signature bound to a natural person or seal bound to a legal person . 11 5.4 Sole control assurance levels . 11 5.5 Batch server signing . 12 5.6 Signing key and cryptographic module . 12 5.7 Signer's authentication . 12 5.7.1 Electronic identification means . 12 5.7.2 Authentication Mechanism . 12 5.7.3 Authentication target . 13 5.7.4 Delegation of authentication to an external party . 13 5.8 Signature activation data . 14 5.9 Signature activation protocol . 14 5.10 Signer’s interaction component . 14 5.11 Signature activation module . 15 5.12 Environments . 15 5.12.1 Tamper protected environment . 15 5.12.2 TSP protected environment . 15 5.12.3 Signer’s environment . 16 5.13 Functional model . 16 5.13.1 General . 16 5.13.2 Scope of requirements . 16 5.13.3 Signature activation mechanisms . 17 5.13.4 TW4S components . 19 6 Security requirements . 20 6.1 General . 20 6.2 General security requirements (SRG) . 20 6.2.1 Management (SRG_M) . 20 6.2.2 Systems and operations (SRG_SO). 22 6.2.3 Identification and authentication (SRG_IA) . 22 6.2.4 System access control (SRG_SA) . 23 6.2.5 Key management (SRG_KM) . 23 6.2.6 Auditing (SRG_AA). 26 6.2.7 Archiving (SRG_AR) . 28 SIST EN 419241-1:2018



EN 419241-1:2018 (E) 3 6.2.8 Backup and recovery (SRG_BK) . 28 6.3 Core components security requirements (SRC) . 29 6.3.1 Signing key setup (SRC_SKS) - Cryptographic key (SRC_ SKS.1) . 29 6.3.2 Signer authentication (SRC_SA) . 29 6.3.3 Digital signature creation (SRC_DSC) - Cryptographic operation (SRC_DSC.1) . 30 6.4 Additional security requirements for SCAL2 (SRA) . 30 6.4.1 General . 30 6.4.2 Signature activation protocol and signature activation data (SRA_SAP) . 30 6.4.3 Signing key management (SRA_SKM) . 32 Annex A (normative)
Requirements for electronic identification means, characteristics and design . 34 A.1 Enrolment . 34 A.1.1 Application and registration . 34 A.1.2 Identity proofing and verification (natural person) . 34 A.1.3 Identity proofing and verification (legal person) . 37 A.1.4 Binding between the electronic identification means of natural and legal persons . 39 A.2 Electronic identification means and authentication . 40 A.2.1 Electronic identification means characteristics and design . 40 A.2.2 Authentication mechanism . 41 Bibliography . 42
SIST EN 419241-1:2018



EN 419241-1:2018 (E) 4 European foreword This document (EN 419241-1:2018) has been prepared by Technical Committee CEN/TC 224 “Personal identification, electronic signature and cards and their related systems and operations”, the secretariat of which is held by AFNOR. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by January 2019, and conflicting national standards shall be withdrawn at the latest by January 2019. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN shall not be held responsible for identifying any or all such patent rights. This document supersedes CEN/TS 419241:2014. This document has been prepared under a mandate given to CEN by the European Commission and the European Free Trade Association. Successful implementation of European Regulation No 910/2014 on electronic identification and trust services for electronic transactions in the internal market (referred in this document as the eIDAS [4] Regulation), requires standards for services, processes, systems and products related to trust services as well as guidance for conformity assessment of such services, processes, systems and products. In line with Standardization Mandate 460, consequently issued by the Commission to CEN, CENELEC and ETSI for updating the existing eSignature standardization deliverables, CEN and ETSI have set up the eSignature Coordination Group in order to coordinate the activities achieved for Mandate 460. One of the first tasks was to establish a rationalized framework, the second phase to deliver a set of standards in order to cover the Trust Services defined in the eIDAS [4] Regulation. This document, being part of the set of European Standards, is aimed to meet the requirements of the eIDAS [4] Regulation for remote use of a signature creation device by a set of security requirements for a server-side system using private signing keys managed by a trust service provider in order to create digital signatures. The purpose of the trustworthy system is to create a digital signature under sole control of a natural person, or under control of a legal person which may be incorporated into an electronic signature or an electronic seal as defined in the eIDAS [4] Regulation. This standard is identified as EN 419241-1. A complete framework for standardization of signatures can be found in ETSI TR 119 000. This series of European Standards consists of the following parts under the general title Trustworthy Systems Supporting Server Signing: — Part 1: General System Security Requirements — Part 2: Protection Profile for QSCD for Server Signing SIST EN 419241-1:2018



EN 419241-1:2018 (E) 5 According to the CEN-CENELEC Internal Regulations, the national standards organisations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. SIST EN 419241-1:2018



EN 419241-1:2018 (E) 6 Introduction The European Regulation eIDAS establishes a legal framework of requirements for electronic signatures. This regulation also introduces the notion of electronic signatures which are created using a remote signature creation device to increase usage in the light of its multiple economic benefits and ease of use. The eIDAS [4] Regulation also introduces the concept of electronic seal which has similar technical properties to electronic signatures, but with a lower level of sole control. Both electronic signatures and electronic seals use technology based around asymmetric cryptography commonly referred to as digital signatures. However, in order to ensure that such remotely created digital signatures receive the same legal recognition as digital signatures created in an entirely user-managed environment (e.g. using smart cards), remote signature services providers should apply specific management and administrative security procedures, and use reliable systems and products, including secure electronic communication channels, in order to guarantee that the server signing environment is reliable and that signing keys are used with a high level of confidence, under the sole control of the signer. The main objective of this standard is to define requirements and recommendations for a networked signing server which may manage signing keys used by natural or legal persons for the creation of digital signatures. This part of the series of European Standards specifies the general requirements of systems for server signing. Additional specifications (e.g. protection profiles) may be issued which provide more detailed requirements for particular components of the system. It is assumed that the Trust Service Provider (TSP) which provides signature creation services, operates the trustworthy system in an environment with a security policy which incorporates general physical, personnel, procedural and documentation security requirements for TSPs providing signature creation services. It is recommended to follow, e.g. ETSI EN 319 401 to ensure that the above requirements are met. The present standard does not aim at limiting the legal form of signatures created; it could be electronic signature or electronic seals, qualified or not. Correspondence and comments to this Security Requirements for Trustworthy Systems Supporting Server Signing should be referred to: Editor: Franck Leroy Email: franck.leroy@docapost.fr SIST EN 419241-1:2018



EN 419241-1:2018 (E) 7 1 Scope 1.1 General This document specifies security requirements and recommendations for Trustworthy Systems Supporting Server Signing (TW4S) that generate digital signatures. The TW4S is composed at least of one Server Signing Application (SSA) and one Signature Creation Device (SCDev) or one remote Signature Creation Device. A remote SCDev is a SCDev extended with remote control provided by a Signature Activation Module (SAM) executed in a tamper protected environment. This module uses the Signature Activation Data (SAD), collected through a Signature Activation Protocol (SAP), in order to guarantee with a high level of confidence that the signing keys are used under sole control of the signer. The SSA uses a SCDev or a remote SCDev in order to generate, maintain and use the signing keys under the sole control of their authorized signer. Signing key import from CAs is out of scope. So when the SSA uses a remote SCDev, the authorized signer remotely controls the signing key with a high level of confidence. A TW4S is intended to deliver to the signer or to some other application, a digital signature created based on the data to be signed. This standard: — provides commonly recognized functional models of TW4S; — specifies overall requirements that apply across all of the services identified in the functional model; — specifies security requirements for each of the services identified in the TW4S; — specifies security requirements for sensitive system components which may be used by the TW4S. This standard is technology and protocol neutral and focuses on security requirements. 1.2 Outside of the scope The following aspects are considered outside of the scope of this document: — other trusted services that may be used alongside this service such as certificate issuance, signature validation service, time-stamping service and information preservation service; — any application or system outside of the TW4S (in particular the signature creation application including the creation of advanced signature formats); — signing key and signing certificate import from CAs; — the legal interpretation of the form of signature (e.g. electronic signature, electronic seal, qualified or otherwise). 1.3 Audience This standard specifies security requirements that are intended to be followed by: — providers of TW4S systems; — Trust Service Providers (TSP) offering a signature creation service. SIST EN 419241-1:2018



EN 419241-1:2018 (E) 8 2 Normative references The following documents are referred to in the text in such a way that some or all of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO/IEC 15408 (all parts), Information technology — Security techniques — Evaluation criteria for IT security ISO/IEC 19790, Information technology — Security techniques — Security requirements for cryptographic modules FIPS PUB 140-2, Security requirements for cryptographic modules 3 Terms and definitions For the purposes of this document, the following terms and definitions apply. ISO and IEC maintain terminological databases for use in standardization at the following addresses:
IEC Electropedia: available at http://www.electropedia.org/
ISO Online browsing platform: available at http://www.iso.org/obp 3.1 authentication provision of assurance in the identity of an entity [SOURCE: ISO/IEC 18014-2:2009] 3.2 authentication Factor piece of information and/or process used to authenticate or verify the identity of an entity [SOURCE: ISO/IEC 19790:2012] 3.3 data to be signed representation data formatted which is used to compute the digital signature value (e.g. hash value) [SOURCE: ETSI/TR 119 001:2016] 3.4 digital signature data unit appended to, or a cryptographic transformation of a data that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery e.g. by the recipient [SOURCE: ETSI/TR 119 001:2016] 3.5 eIDAS Regulation Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC SIST EN 419241-1:2018



EN 419241-1:2018 (E) 9 3.6 remote signature creation device signature creation device used remotely from signer perspective and applying the signature activation protocol to provide control of signing operation on its behalf and guarantees with a high level of confidence that the signing keys are used under sole control of the signer 3.7 signature activation data set of data, which is collected by the SAP, used to control with a high level of confidence a given signature operation, performed by a cryptographic module on behalf of the signer, that this under sole control of the signer Note 1 to entry: SAD can be a result of cryptographic operations (see details in 5.8). 3.8 signature activation module configured software that uses the SAD in order to guarantee with a high level of confidence that the signing keys are used under sole control of the signer 3.9 signature activation protocol protocol that collects the SAD used to control a signature operation on a (set of) DTBS/R, using the signing key of the signer 3.10 signature creation application application that creates a signed document, using the digital signature generated by a SCDev 3.11 signature creation sevice configured software and/or hardware cryptographic module used to create a digital signature 3.12 signature policy signature creation policy, signature augmentation policy, signature validation policy or any combination thereof, applicable to the same signature or set of signatures [SOURCE: ETSI/TS 119 001:2016] 3.13 signer entity (natural or legal person) being the creator of a digital signature [SOURCE: ETSI/TR 119 001:2016] 3.14 signer’s interaction component software and/or hardware component used by the signer to support the SAP 3.15 signing key private key of an asymmetric cryptographic key pair used to create a digital signature SIST EN 419241-1:2018



EN 419241-1:2018 (E) 10 3.16 trust service provider natural or a legal person who provides one or more trust services [SOURCE: ETSI/TS 119 001:2016] 3.17 trustworthy system supporting server signing client-server system using signing keys under control of the signer, in order to create digital signatures 4 Symbols and abbreviations CA Certificate Authority
CC Common Criteria, ISO/IEC 15408, Evaluation criteria for IT security CEN Comité Européen de Normalization (European Committee for Standardization) DTBS/R Data To Be Signed Representation EAL Evaluation Assurance Level ETSI European Telecommunications Standards Institute ISO/IEC International Organization for Standardization / International Electrotechnical Commission ISSS Information Society Standardization System QSCD Qualified Electronic Signature (or Electronic Seal) creation device as defined in the eIDAS Regulation RA Registration Authority SAD Signature Activation Data SAM Signature Activation Module SAP Signature Activation Protocol SCA Signature Creation Application SCAL Sole Control Assurance Level SCDev Signature Creation Device SIC Signer’s Interaction Component SSA Server Signing Application TSP Trust Service Provider TW4S Trustworthy System Supporting Server Signing SIST EN 419241-1:2018



EN 419241-1:2018 (E) 11 5 Description of trustworthy systems supporting server signing 5.1 General This clause describes the different concepts of server signing in order to clarify how the security requirements found in Clause 6 should be implemented. All the requirements of this standard are clearly stated and can be: — mandatory (indicated by SHALL (NOT)); — optional (indicated by SHOULD (NOT)); — permitted (indicated by MAY (NOT)). 5.2 Signature creation and server signing objectives The purpose of the TW4S is to take Data To Be Signed Representation (DTBS/R) and create a digital signature under signer control. 5.3 Signature bound to a natural person or seal bound to a legal person The digital signature can be used to represent an electronic signature or an electronic seal. The level of confidence of the control of the signing key is not necessarily expected to be the same if the digital signature represent a seal as when used to represent a signature. The digital signature created in compliance with this standard can be created under control of a natural or legal person. The term signer is used for convenience in this standard to cover a natural or legal person. The term SCDev is used for convenience in this standard to cover a signature creation device or a seal creation device. 5.4 Sole control assurance levels Two assurance levels for sole control are identified in the present document: — Sole control assurance level 1 (SCAL1): — The signing keys are used, with a low level of confidence, under the sole control of the signer. — The authorized signer’s use of its key for signing is enforced by the SSA which authenticates the signer. NOTE 1 It is not expected that such implementations would meet the requirements of sole control as it would be expected for a stand-alone QSCD as defined in the eIDAS [4] Regulation. — Sole control assurance level 2 (SCAL2): — The signing keys are used, with a high level of confidence, under the sole control of the signer. — The authorized signer’s use of its key for signing is enforced by the SAM by means of SAD provided, by the signer, using the SAP, in order to enable the use of the corresponding signing key. NOTE 2 The protocol is aimed to achieve the same sole control assurance level as what would be achieved by a stand-alone QSCD as defined in the eIDAS [4] Regulation. The decision to use sole control assurance level 1 or 2 depends on the signature policy and the applicable legal requirements. SIST EN 419241-1:2018



EN 419241-1:2018 (E) 12 5.5 Batch server signing In some EU Member States it is possible to sign a batch of documents, without requiring the signer to inspect and explicitly approve each document, or to have an opportunity to inspect them before signing, such as giving links to the documents in the batch rather than passing each document for inspection and approval. This means that the signer has only to apply sole controls to the signing process for a batch rather than each individual document. Some EU Member States do not allow batch signing. In this case, it is to be ascertained if this prohibition blindly applies to any kind of advanced electronic signatures or solely to qualified ones. As the legal applicability of batch signing depends on the legal and application environment, the TW4S SHOULD have configuration profiles to allow or disallow batch signing for digital signatures. 5.6 Signing key and cryptographic module To generate a digital signature at SCAL1 and to guarantee high flexibility, the signing key (e.g. private key of asymmetric keys pair) does not necessarily have to be generated, stored and used inside a cryptographic module (e.g. hardware security device or smart card). The signing key could also be stored in a file, and the SCDev can be software using that file. When using files, specific external security measures SHOULD be implemented in addition to protecting the files themselves from tampering (deletion, modification). Nevertheless this standard recommends that the TW4S uses signing keys protected by a tamper protected environment in order to create digital signatures. That is the SCDev SHOULD be a cryptographic module (e.g. hardware security devices conforming to the EN 419211 series or CEN/TS 419221 series). 5.7 Signer's authentication 5.7.1 Electronic identification means 5.7.1.1 SCAL1 The enrolment of the signer and the electronic identification means characteristics and design requirements are defined in SRC_SA
...