ETSI - SR 019 510
Electronic Signatures and Infrastructures (ESI); Scoping study and framework for standardization of long-term data preservation services, including preservation of/with digital signatures
|Publication Date:||1 May 2017|
The present document provides a scoping study for long-term data preservation (including preservation of/with digital signatures).
The present document aims at supporting preservation services in different regulatory frameworks.
NOTE 1: Specifically, but not exclusively, the preservation service addressed in the present document aims at supporting qualified preservation service for qualified electronic signatures or seals as per Regulation (EU) No 910/2014 [i.1].
NOTE 2: Specifically, but not exclusively, digital signatures in the present document cover electronic signatures, advanced electronic signatures, qualified electronic signatures, electronic seals, advanced electronic seals, and qualified electronic seals as per Regulation (EU) No 910/2014 [i.1].
The present document covers two main cases:
1) The preservation of the validity status of the digital signatures (using time-stamps, Evidence Records, etc.) and of the associated signed data
NOTE 3: A qualified preservation service for qualified electronic signatures or seals as per Regulation (EU) No 910/2014 [i.1] for which the status of the technical validity needs to be preserved, is covered in this case. This special report cannot say anything about the legal validity of a signature.
NOTE 4: The validity of a signature means the status of the signature that will not change over time, e.g. if a signature was valid (TOTAL_PASSED according to ETSI EN 319 102-1 [i.9]) or invalid (TOTAL_FAILED and in certain cases for INDETERMINATE according to ETSI EN 319 102-1 [i.9]). The long-term preservation of the validity status includes the preservation of the bits of:
• the documents being signed; and/or
• other digital objects like certificates, OCSPs, Time-Stamp Tokens, etc.
2) Preservation of the integrity of bits of digital objects, whether they are signed or not, using digital signature techniques (digital signatures, time-stamp tokens, Evidence Records, etc.)
NOTE 5: In this case, if the main object to be preserved is a signature, it is treated in the same way as any other file.
NOTE 6: The preservation of the integrity of bits of digital object not using digital signature techniques is not in the scope of the present document.
In addition, the present document provides an inventory of existing standards and selected legal frameworks on the topic of preservation services.
The present document provides as well a proposal for a framework of standards.