Conditions for use of EN 419221-5 as a qualified electronic signature or seal creation device

This document specifies conditions for use of an EN 419221-5 certified device in the case the signatory or seal creator has direct local control of the cryptographic module with the aim of being recognised as a qualified seal and/or signature creation device as defined in Regulation EU 910/2014 [1].
This document is aimed at use by entities other than trust service providers. Trust service providers can use EN 419221-5 directly without the need to take into account specific conditions as specified in the present document.

Bedingungen zu lokalen Verwendung von EN 419221-5 als qualifizierte elektronische Signatur- oder Siegelerstellungseinheit

Conditions d'utilisation de l'EN 419221-5 en tant dispositif de création de signature ou cachet électronique qualifié

Le présent document spécifie les conditions d'utilisation d'un dispositif certifié selon l'EN 419221-5 dans le cas où le créateur du cachet ou de la signature exerce un contrôle local direct du module cryptographique en vue d'être reconnu en tant que dispositif de création de cachet et/ou de signature qualifié comme défini dans le Règlement UE N°910/2014 [1].
Le présent document est destiné à être utilisé par d'autres entités que les prestataires de services de confiance. Les prestataires de services de confiance peuvent utiliser l'EN 419221-5 directement sans être dans l'obligation de tenir compte des conditions spécifiques spécifiées dans le présent document.

Pogoji za uporabo EN 419221-5 kot sredstva za ustvarjanje kvalificiranega elektronskega podpisa ali pečata

Ta dokument določa pogoje za uporabo naprave, potrjene v skladu s standardom EN 419221-5, v primeru da ima podpisnik ali ustvarjalec pečata neposreden lokalni nadzor nad kriptografskim modulom, s ciljem, da bi bila prepoznana kot potrjena naprava za ustvarjanje pečata in/ali podpisa, kot je opredeljeno v Uredbi EU 910/2014 [1].
Ta dokument je namenjen za uporabo v subjektih, ki niso ponudniki storitev zaupanja. Ponudniki storitev zaupanja lahko neposredno uporabljajo standard EN 419221-5, ne da bi morali upoštevati posebne pogoje, kot so opredeljeni v tem dokumentu.

General Information

Status
Published
Publication Date
14-May-2019
Technical Committee
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
29-Apr-2019
Due Date
04-Jul-2019
Completion Date
15-May-2019

Buy Standard

Technical specification
TS CEN/TS 419221-6:2019
English language
9 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

SLOVENSKI STANDARD
SIST-TS CEN/TS 419221-6:2019
01-junij-2019
Pogoji za uporabo EN 419221-5 kot sredstva za ustvarjanje kvalificiranega
elektronskega podpisa ali pečata
Conditions for use of EN 419221-5 as a qualified electronic signature or seal creation
device
Bedingungen zu lokalen Verwendung von EN 419221-5 als qualifizierte elektronische
Signatur- oder Siegelerstellungseinheit
Conditions d'utilisation de l'EN 419221-5 en tant dispositif de création de signature ou
cachet électronique qualifié
Ta slovenski standard je istoveten z: CEN/TS 419221-6:2019
ICS:
35.040.01 Kodiranje informacij na Information coding in general
splošno
SIST-TS CEN/TS 419221-6:2019 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST-TS CEN/TS 419221-6:2019

---------------------- Page: 2 ----------------------

SIST-TS CEN/TS 419221-6:2019


CEN/TS 419221-6
TECHNICAL SPECIFICATION

SPÉCIFICATION TECHNIQUE

March 2019
TECHNISCHE SPEZIFIKATION
ICS 35.040.01; 35.240.30
English Version

Conditions for use of EN 419221-5 as a qualified electronic
signature or seal creation device
Conditions d'utilisation de l'EN 419221-5 en tant Bedingungen zu lokalen Verwendung von EN 419221-
dispositif de création de signature ou cachet 5 als qualifizierte elektronische Signatur- oder
électronique qualifié Siegelerstellungseinheit
This Technical Specification (CEN/TS) was approved by CEN on 11 February 2019 for provisional application.

The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to
submit their comments, particularly on the question whether the CEN/TS can be converted into a European Standard.

CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS
available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in
parallel to the CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN is reached.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and United Kingdom.





EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2019 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TS 419221-6:2019 E
worldwide for CEN national Members.

---------------------- Page: 3 ----------------------

SIST-TS CEN/TS 419221-6:2019
CEN/TS 419221-6:2019 (E)
Contents Page

European foreword . 3
Introduction . 4
1 Scope . 5
2 Normative references . 5
3 Terms and definitions . 5
3.1 Terminology . 5
3.2 Abbreviations . 5
4 Conditions for use of EN 419221-5 Certified device as QSealCD. 6
5 Conditions for use of EN 419221-5 Certified device as QSigCD . 6
Annex A (informative) Guidance on meeting Objectives of the Operation Environment . 7
A.1 Introduction . 7
A.2 OE.ExternalData — Protection of data outside TOE control . 7
A.3 OE.Env — Protected operating environment . 7
A.4 OE.DataContext — Appropriate use of TOE functions . 8
A.5 OE.Uauth — Authentication of application users . 8
A.6 OE.AuditSupport — Audit data review . 8
A.7 OE.AppSupport — Application security support . 8
Bibliography . 9


2

---------------------- Page: 4 ----------------------

SIST-TS CEN/TS 419221-6:2019
CEN/TS 419221-6:2019 (E)
European foreword
This document (CEN/TS 419221-6:2019) has been prepared by Technical Committee CEN/TC 224
“Personal identification, electronic signature and cards and their related systems and operations”, the
secretariat of which is held by AFNOR.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
This document has been prepared under a mandate given to CEN by the European Commission and the
European Free Trade Association.
According to the CEN/CENELEC Internal Regulations, the national standards organisations of the
following countries are bound to announce this Technical Specification: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia,
France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta,
Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.
3

---------------------- Page: 5 ----------------------

SIST-TS CEN/TS 419221-6:2019
FprCEN/TS 419221-6:2018 (E)
Introduction
EU Regulation N° 910/2014 (eIDAS) on electronic identification and trust services for electronic
transactions in the internal market [1] builds on the concept and requirements defined in the earlier EU
Directive 1999/93 on Electronic Signatures [i.3]. eIDAS defines an electronic signature which has legal
equivalence to handwritten signature. eIDAS defines a variant of the electronic signature called electronic
seal. An electronic seal authenticates the origin of data but created under control, as opposed to “sole
control” for electronic signatures, of a legal person (e.g. organization), as opposed to natural person (i.e.
individual). eIDAS recognizes a special level of qualified electronic signature and seal which is created
using a qualified signature creation device (QSigCD) or qualified seal creation device (QSealCD) and
supported by a qualified certificate. The requirements for a qualified seal creation device are described
to be “mutatis mutandis” as for a qualified signature creation device.
The EN 419221-5 standard states that a conformant cryptographic module is intended to be used as a
qualified electronic signatures and seal creation device under Regulation 910/2014 (see Clause 1.2.1)
but the scope of the document is aimed at trust service providers. This document aims to give users,
implementers and regulators a clear basis for acceptance of EN 419221-5 certified devices for use as a
qualified signature creation device or a qualified electronic seal creation device under Regulation
910/2014 even if not operated by a qualified TSP.
Annex A of EN 419221-5:2018 describes how the requirements for a Qualified Signature Creation Device
(as defined in Annex II of (EU) No 910/2014) are covered by the standard. The equivalent may also be
applied “Mutatis Mutandis” to Qualified Seal Creation Device where the requirements for control are
considered to be less stringent (“control” instead of “sole control”).

4

---------------------- Page: 6 ----------------------

SIST-TS CEN/TS 419221-6:2019
CEN/TS 419221-6:2019 (E)
1 Scope
This document specifies conditions for use of an EN 419221-5 certified device in the case the signatory
or seal creator has direct local control of the cryptographic module with the aim of being recognized as a
qualified seal and/or signature
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.