NA 043

DIN Standards Committee Information Technology and selected IT Applications

Project

Trustworthy Systems Supporting Server Signing - Part 2: Protection profile for QSCD for Server Signing; German and English version prEN 419241-2:2017

Abstract

The scope of proposed 419 241 part 2 (PP TSCM) covers security requirements to reach compliance with Annex II of Regulation No 910/2014 of the remote (qualified TSP operated) parts of the system, other than those relating to Signature Activation Data (SAD) management and the operation of the Signature Activation Protocol (SAP), assuming use of a cryptographic module conforming to EN 419 221-5. EN 419 241 part 2 will be balloted simultaneously with EN 419241 Part 3 Protection profile for Signature Activation Data management and Signature Activation Protocol(PP-SAD+SAP). These two new parts of EN 419 241, used in conjunction with the protection for PP for Cryptographic Module for Trust Services (EN 419 221-5), will contain security requirements for level 2 (sole control) as specified in TS 419 241 in a formal manner aligned with common criteria. These two new parts of EN 419 241, with EN 419 221-5, will support the certification of a system for remote qualified electronic signature or seal creation devices (remote QSCD) which meet the requirements of EU Regulation No 910/2014: The electronic signature creation data can be reliably protected by the legitimate signatory (sole control) against use by others, where the generation and management of the signature creation data is carried out by a qualified trust service provider on behalf of a signatory. The scope of proposed 419 241 part 3 (PP-SAD+SAP) covers security requirements to reach compliance with Annex II of Regulation No 910/2014 on the management of the SAD and the operation of the SAP used to provide sole control of the signatory or seal creator for the remote QSCD signing or sealing functions. The proposed parts 2 and 3 are to be independent of specific authentication mechanism and signature activation protocol to allow maximum flexibility with respect to future solutions and to allow supporting several authentication mechanisms. The proposed part 3 is to take into account: a) potential implementations that require dedicated functional components, owned by the signatory or seal creator, which are for the purposes of ensuring sole control, and b) potential implementations that do not require such dedicated functional components but still ensuring sole control of the signatory or seal creator. The proposed part 3 covers requirements up to the interface to the signatory or seal creator needed for authentication and the interface to the signature creation application for selection, checking and display of data to be signed (e. g. a signature creation application as defined in EN 419 111) while requirements on the signature creation application itself are out of scope. It is proposed that part 3 (PP-SAD+SAP) forms the prime reference for server signing that may be certified according to Regulation No 910/2014 including Annex II, and that this part requires components certified according to part 2 (PP TSCM) and EN 419221-5.

Begin

2015-05-18

WI

00224246

Planned document number

DIN EN 419241-2

Project number

04300773

Responsible national committee

NA 043-01-17-04 UA - Exchange protocols for integrated circuit cards 

Responsible european committee

CEN/TC 224/WG 17 - Protection Profiles in the context of SSCD 

draft standard

Trustworthy Systems Supporting Server Signing - Part 2: Protection profile for QSCD for Server Signing; German and English version prEN 419241-2:2017
2017-06
Order from Beuth Verlag

previous edition(s)

Security Requirements for Trustworthy Systems supporting Server Signing; English version CEN/TS 419241:2014
2014-06

Order from Beuth Verlag

Contact

Andreas Lamm

Burggrafenstr. 6
10787 Berlin

Tel.: +49 30 2601-2064
Fax: +49 30 2601-42064

Send message to contact