UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

ETSI - TS 119 101

Electronic Signatures and Infrastructures (ESI); Policy and security requirements for applications for signature creation and signature validation

active, Most Current
Organization: ETSI
Publication Date: 1 March 2016
Status: active
Page Count: 42
scope:

The present document provides general security and policy requirements for applications for signature creation, validation and augmentation.

The present document is primarily relevant to the following actors:

• Implementers and providers of applications for signature creation, signature validation and/or signature augmentation, who need to ensure that relevant requirements are covered.

• Actors that integrate applications for signature creation, signature validation and/or signature augmentation components with business process software (or use standalone software), who want to ensure proper functioning of the overall signature creation/validation/augmentation process and that the signature creation/validation is done in a sufficiently secure environment.

The present document is applicable to these actors, and their evaluators (for a self-evaluation or an evaluation by a third party) to have a list of criteria against which to check the implementation.

The requirements cover applications for signature creation, signature validation and/or signature augmentation, i.e. the implementation and provision of the Signature Creation/Validation/Augmentation Application modules (SCA/SVA/SAA), the driving application (DA), the communication between the SCA and the signature creation device (SCDev) and the environment in which the SCA/SVA/SAA is used. It also specifies user interface requirements, while the user interface can be part of the SCA/SVA/SAA or of the DA which calls the SCA/SVA/SAA. Any entity using SCA/SVA/SAA components in its business process acts as driving application. The document covers:

 • Legal driven policy requirements.

• Information security (management system) requirements.

• Signature creation, signature validation and signature augmentation processes requirements.

• Development and coding policy requirements.

• General requirements.

Protection Profiles (PP) for signature creation applications and signature validation applications are out of scope and are defined in the CEN standard "Protection Profiles for Signature Creation & Validation Applications" [i.9].

General requirements for trust service providers are provided in ETSI EN 319 401 [i.24]. Requirements for trust service providers providing signature creation or validation services are out of scope. Requirements on trust service providers providing signature creation services are to be defined in ETSI TS 119 431 [i.22], with CEN EN 419 241 [i.21] defining requirements for a remote signature creation device. Requirements on trust service providers providing signature validation services are to be defined in ETSI TS 119 441 [i.23].

Document History

TS 119 101
March 1, 2016
Electronic Signatures and Infrastructures (ESI); Policy and security requirements for applications for signature creation and signature validation
The present document provides general security and policy requirements for applications for signature creation, validation and augmentation. The present document is primarily relevant to the...

References

This document references:
TR 119 100 - Electronic Signatures and Infrastructures (ESI); Guidance on the use of standards for signature creation and validation
Published by ETSI on March 1, 2016
The present document, which addresses area 1 of the Framework [i.1], provides a business driven guided process for implementing generation and validation of digital signatures in business' electronic...
This document references:
EN 319 122-1 - Electronic Signatures and Infrastructures (ESI); CAdES digital signatures; Part 1: Building blocks and CAdES baseline signatures
Published by ETSI on June 1, 2023
The present document specifies CAdES digital signatures. CAdES signatures are built on CMS signatures [7], by incorporation of signed and unsigned attributes, which fulfil certain common requirements...
This document references:
EN 319 132-1 - Electronic Signatures and Infrastructures (ESI); XAdES digital signatures; Part 1: Building blocks and XAdES baseline signatures
Published by ETSI on February 1, 2022
The present document specifies XAdES digital signatures. XAdES signatures build on XML digital signatures [1], by incorporation of signed and unsigned qualifying properties, which fulfil certain...
This document references:
EN 319 142-1 - Electronic Signatures and Infrastructures (ESI); PAdES digital signatures; Part 1: Building blocks and PAdES baseline signatures
Published by ETSI on January 1, 2024
The present document specifies PAdES digital signatures. PAdES signatures build on PDF signatures specified in ISO 32000-1 [1] with an alternative signature encoding to support digital signature...
This document references:
EN 319 162-1 - Electronic Signatures and Infrastructures (ESI); Associated Signature Containers (ASiC); Part 1: Building blocks and ASiC baseline containers
Published by ETSI on April 1, 2016
The present document specifies Associated Signature Containers (ASiC) which bind together into one single digital container based on ZIP [5] either detached digital signatures or time assertions,...
This document references:
TR 119 100 - Electronic Signatures and Infrastructures (ESI); Guidance on the use of standards for signature creation and validation
Published by ETSI on March 1, 2016
The present document, which addresses area 1 of the Framework [i.1], provides a business driven guided process for implementing generation and validation of digital signatures in business' electronic...
This document is referenced by:
SR 019 020 - The framework for standardization of signatures; Standards for AdES digital signatures in mobile and distributed environments
Published by ETSI on August 1, 2016
The present document provides a framework for further standardization for the creation and validation of AdES digital signatures, such as specified in ETSI EN 319 122 [i.2], ETSI EN 319 132 [i.3],...
This document is referenced by:
EN 419241-1 - Trustworthy Systems Supporting Server Signing - Part 1: General System Security Requirements
Published by CEN on July 1, 2018
General This document specifies security requirements and recommendations for Trustworthy Systems Supporting Server Signing (TW4S) that generate digital signatures. The TW4S is composed at least of...
This document is referenced by:
TS 119 441 - Electronic Signatures and Infrastructures (ESI); Policy requirements for TSP providing signature validation services
Published by ETSI on October 1, 2023
The present document, based on the general policy requirements specified in ETSI EN 319 401 [2], specifies policy and security requirements for signature validation services operated by a TSP. NOTE...
This document is referenced by:
DIN EN 419241-1 - Trustworthy Systems Supporting Server Signing - Part 1: General System Security Requirements; German version EN 419241-1:2018
Published by DIN on September 1, 2018
Allgemeines Dieses Dokument legt Sicherheitsanforderungen und Empfehlungen für Vertrauenswürdige Systeme, die Serversignaturen unterstützen (TW4S) und digitale Signaturen generieren, fest. Das TW4S...
View Less
View All
Advertisement