CEN/TS 419241:2014
Withdrawn
A Withdrawn Standard is one, which is removed from sale, and its unique number can no longer be used. The Standard can be withdrawn and not replaced, or it can be withdrawn and replaced by a Standard with a different number.
View Superseded by
Security Requirements for Trustworthy Systems Supporting Server Signing
11-03-2023
26-03-2014
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Symbols and abbreviations
5 Description of Trustworthy Systems
Supporting Server Signing
6 Security Requirements
Bibliography
1.1GeneralThis document specifies security requirements and recommendations for Trustworthy System Supporting Server Signing (TW4S) that generate advanced electronic signatures as defined in Directive 1999/93/EC. This document may also be applied to electronic signatures complying to Article 5(1) of Directive 1999/93/EC employing a Secure Signature Creation Device (SSCD) compliant with Annex III and supported by a qualified electronic signature.The Server Signing Application (SSA) runs on a networked server supporting one or more signatories to remotely sign electronic documents using centralized signature keys held on the signing server under sole control of the signatory.An SSA is intended to deliver to the user or to some other application process in a form specified by the user, an Advanced- or where applicable a Qualified - Electronic Signature associated with a Signer's Document as a Signed Data Object.This document:-provides commonly recognized functional models of TW4S;-specifies overall requirements that apply across all of the services identified in the functional model;-specifies security requirements for each of the services identified in the SSA.-specifies security requirements for sensitive system components which may be used by the SSA (e.g. Signature Creation Device (SCDev)).This document does not specify technologies and protocols, but rather identifies requirements on the security on technologies to be employed.1.2Out of scopeThe following aspects are considered to be out of scope:-other trusted services that may be used alongside this service such as signature validation service, time-stamping service and information preservation service,-any application or system outside of the SSA,-the legal interpretation of any form of signature (e.g. the implications of countersignatures, of multiple signatures and of signatures covering complex information structures containing other signatures).1.3AudienceThis document specifies security requirements that are intended to be followed by:-providers of SSA systems.-Trust Service Providers (TSP) offering signature generation service.
| Committee |
CEN/TC 224
|
| DocumentType |
Technical Specification
|
| PublisherName |
Comite Europeen de Normalisation
|
| Status |
Withdrawn
|
| SupersededBy |
| Standards | Relationship |
| NEN NPR CEN/TS 419241 : 2014 | Identical |
| ONORM ONR CEN/TS 419241 : 2014 | Identical |
| S.R. CEN/TS 419241:2014 | Identical |
| UNI CEN/TS 419241 : 2014 | Identical |
| DIN CEN/TS 419241;DIN SPEC 91126:2014-06 | Identical |
| PD CEN/TS 419241:2014 | Identical |
| DIN SPEC 91126 : 2014 | Identical |
| PREN 419221-5 : DRAFT 2016 | PROTECTION PROFILES FOR TRUST SERVICE PROVIDER CRYPTOGRAPHIC MODULES - PART 5: CRYPTOGRAPHIC MODULE FOR TRUST SERVICES |
| S.R. CEN/TS 419221-1:2016 | PROTECTION PROFILES FOR TSP CRYPTOGRAPHIC MODULES - PART 1: OVERVIEW |
| CEN/TS 419221-1:2016 | Protection Profiles for TSP cryptographic modules - Part 1: Overview |
| CEN/TR 419200:2017 | Guidance for signature creation and other related devices |
| PD CEN/TS 419221-1:2016 | Protection Profiles for TSP cryptographic modules Overview |
| PD CEN/TR 419010:2017 | Framework for standardization of signatures. Extended structure including electronic identification and authentication |
| CEN/TR 419010:2017 | Framework for standardization of signatures - Extended structure including electronic identification and authentication |
| S.R. CEN/TR 419200:2017 | GUIDANCE FOR SIGNATURE CREATION AND OTHER RELATED DEVICES |
| PD CEN/TR 419200:2017 | Guidance for signature creation and other related devices |
| 17/30346588 DC : 0 | BS EN 419221-5 - PROTECTION PROFILES FOR TRUST SERVICE PROVIDER CRYPTOGRAPHIC MODULES - PART 5: CRYPTOGRAPHIC MODULE FOR TRUST SERVICES |
| S.R. CEN/TR 419010:2017 | FRAMEWORK FOR STANDARDIZATION OF SIGNATURES - EXTENDED STRUCTURE INCLUDING ELECTRONIC IDENTIFICATION AND AUTHENTICATION |
| EN 419251-1:2013 | Security requirements for device for authentication - Part 1: Protection profile for core functionality |
| FIPS PUB 140-2 : 0 | SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES |
| ISO/IEC 19790:2012 | Information technology — Security techniques — Security requirements for cryptographic modules |
| EN 319 401 : 2.1.1 | ELECTRONIC SIGNATURES AND INFRASTRUCTURES (ESI); GENERAL POLICY REQUIREMENTS FOR TRUST SERVICE PROVIDERS |
| ISO/IEC 29115:2013 | Information technology — Security techniques — Entity authentication assurance framework |
| EN 319 411-2 : 2.1.1 | ELECTRONIC SIGNATURES AND INFRASTRUCTURES (ESI); POLICY AND SECURITY REQUIREMENTS FOR TRUST SERVICE PROVIDERS ISSUING CERTIFICATES; PART 2: REQUIREMENTS FOR TRUST SERVICE PROVIDERS ISSUING EU QUALIFIED CERTIFICATES |
| TS 101 733 : 2.2.1 | ELECTRONIC SIGNATURES AND INFRASTRUCTURES (ESI); CMS ADVANCED ELECTRONIC SIGNATURES (CADES) |
| TS 102 853 : 1.2.1 | ELECTRONIC SIGNATURES AND INFRASTRUCTURES (ESI); SIGNATURE VALIDATION PROCEDURES AND POLICIES |
| EN 319 411-3 : 1.1.1 | ELECTRONIC SIGNATURES AND INFRASTRUCTURES (ESI); POLICY AND SECURITY REQUIREMENTS FOR TRUST SERVICE PROVIDERS ISSUING CERTIFICATES; PART 3: POLICY REQUIREMENTS FOR CERTIFICATION AUTHORITIES ISSUING PUBLIC KEY CERTIFICATES |
| EN 14890-2:2008 | Application Interface for smart cards used as Secure Signature Creation Devices - Part 2: Additional Services |
| EN 14890-1:2008 | Application Interface for smart cards used as Secure Signature Creation Devices - Part 1: Basic services |
| SR 001 604 : 1.1.1 | RATIONALISED FRAMEWORK FOR ELECTRONIC SIGNATURE STANDARDISATION |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.