UNLIMITED FREE ACCESS TO THE WORLD'S BEST IDEAS

close
Already an Engineering360 user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your Engineering360 Experience

close
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

ETSI - TS 119 101

Electronic Signatures and Infrastructures (ESI); Policy and security requirements for applications for signature creation and signature validation

active, Most Current
Organization: ETSI
Publication Date: 1 March 2016
Status: active
Page Count: 42
scope:

The present document provides general security and policy requirements for applications for signature creation, validation and augmentation.

The present document is primarily relevant to the following actors:

• Implementers and providers of applications for signature creation, signature validation and/or signature augmentation, who need to ensure that relevant requirements are covered.

• Actors that integrate applications for signature creation, signature validation and/or signature augmentation components with business process software (or use standalone software), who want to ensure proper functioning of the overall signature creation/validation/augmentation process and that the signature creation/validation is done in a sufficiently secure environment.

The present document is applicable to these actors, and their evaluators (for a self-evaluation or an evaluation by a third party) to have a list of criteria against which to check the implementation.

The requirements cover applications for signature creation, signature validation and/or signature augmentation, i.e. the implementation and provision of the Signature Creation/Validation/Augmentation Application modules (SCA/SVA/SAA), the driving application (DA), the communication between the SCA and the signature creation device (SCDev) and the environment in which the SCA/SVA/SAA is used. It also specifies user interface requirements, while the user interface can be part of the SCA/SVA/SAA or of the DA which calls the SCA/SVA/SAA. Any entity using SCA/SVA/SAA components in its business process acts as driving application. The document covers:

 • Legal driven policy requirements.

• Information security (management system) requirements.

• Signature creation, signature validation and signature augmentation processes requirements.

• Development and coding policy requirements.

• General requirements.

Protection Profiles (PP) for signature creation applications and signature validation applications are out of scope and are defined in the CEN standard "Protection Profiles for Signature Creation & Validation Applications" [i.9].

General requirements for trust service providers are provided in ETSI EN 319 401 [i.24]. Requirements for trust service providers providing signature creation or validation services are out of scope. Requirements on trust service providers providing signature creation services are to be defined in ETSI TS 119 431 [i.22], with CEN EN 419 241 [i.21] defining requirements for a remote signature creation device. Requirements on trust service providers providing signature validation services are to be defined in ETSI TS 119 441 [i.23].

Document History

TS 119 101
March 1, 2016
Electronic Signatures and Infrastructures (ESI); Policy and security requirements for applications for signature creation and signature validation
The present document provides general security and policy requirements for applications for signature creation, validation and augmentation. The present document is primarily relevant to the...

References

Advertisement