1.1 General<\/b><\/p>\n
This document specifies security requirements and recommendations for Trustworthy Systems Supporting Server Signing (TW4S) that generate digital signatures.<\/p>\n
The TW4S is composed at least of one Server Signing Application (SSA) and one Signature Creation Device (SCDev) or one remote Signature Creation Device.<\/p>\n
A remote SCDev is a SCDev extended with remote control provided by a Signature Activation Module (SAM) executed in a tamper protected environment. This module uses the Signature Activation Data (SAD), collected through a Signature Activation Protocol (SAP), in order to guarantee with a high level of confidence that the signing keys are used under sole control of the signer.<\/p>\n
The SSA uses a SCDev or a remote SCDev in order to generate, maintain and use the signing keys under the sole control of their authorized signer. Signing key import from CAs is out of scope.<\/p>\n
So when the SSA uses a remote SCDev, the authorized signer remotely controls the signing key with a high level of confidence.<\/p>\n
A TW4S is intended to deliver to the signer or to some other application, a digital signature created based on the data to be signed.<\/p>\n
This standard:<\/p>\n
provides commonly recognized functional models of TW4S;<\/p>\n<\/li>\n
specifies overall requirements that apply across all of the services identified in the functional model;<\/p>\n<\/li>\n
specifies security requirements for each of the services identified in the TW4S;<\/p>\n<\/li>\n
specifies security requirements for sensitive system components which may be used by the TW4S.<\/p>\n<\/li>\n<\/ul>\n
This standard is technology and protocol neutral and focuses on security requirements.<\/p>\n
1.2 Outside of the scope<\/b><\/p>\n
The following aspects are considered outside of the scope of this document:<\/p>\n
other trusted services that may be used alongside this service such as certificate issuance, signature validation service, time-stamping service and information preservation service;<\/p>\n<\/li>\n
any application or system outside of the TW4S (in particular the signature creation application including the creation of advanced signature formats);<\/p>\n<\/li>\n
signing key and signing certificate import from CAs;<\/p>\n<\/li>\n
the legal interpretation of the form of signature (e.g. electronic signature, electronic seal, qualified or otherwise).<\/p>\n<\/li>\n<\/ul>\n
1.3 Audience<\/b><\/p>\n
This standard specifies security requirements that are intended to be followed by:<\/p>\n
providers of TW4S systems;<\/p>\n<\/li>\n
Trust Service Providers (TSP) offering a signature creation service.<\/p>\n<\/li>\n<\/ul>\n
| PDF Pages<\/th>\n | PDF Title<\/th>\n<\/tr>\n | ||||||
|---|---|---|---|---|---|---|---|
| 2<\/td>\n | undefined <\/td>\n<\/tr>\n | ||||||
| 9<\/td>\n | 1 Scope 1.1 General 1.2 Outside of the scope 1.3 Audience <\/td>\n<\/tr>\n | ||||||
| 10<\/td>\n | 2 Normative references 3 Terms and definitions <\/td>\n<\/tr>\n | ||||||
| 12<\/td>\n | 4 Symbols and abbreviations <\/td>\n<\/tr>\n | ||||||
| 13<\/td>\n | 5 Description of trustworthy systems supporting server signing 5.1 General 5.2 Signature creation and server signing objectives 5.3 Signature bound to a natural person or seal bound to a legal person 5.4 Sole control assurance levels <\/td>\n<\/tr>\n | ||||||
| 14<\/td>\n | 5.5 Batch server signing 5.6 Signing key and cryptographic module 5.7 Signer’s authentication 5.7.1 Electronic identification means 5.7.1.1 SCAL1 5.7.1.2 SCAL2 5.7.2 Authentication Mechanism 5.7.2.1 SCAL1 5.7.2.2 SCAL2 <\/td>\n<\/tr>\n | ||||||
| 15<\/td>\n | 5.7.3 Authentication target 5.7.3.1 SCAL1 5.7.3.2 SCAL2 5.7.4 Delegation of authentication to an external party 5.7.4.1 General 5.7.4.2 SCAL1 5.7.4.3 SCAL2 <\/td>\n<\/tr>\n | ||||||
| 16<\/td>\n | 5.8 Signature activation data 5.9 Signature activation protocol 5.10 Signer\u2019s interaction component <\/td>\n<\/tr>\n | ||||||
| 17<\/td>\n | 5.11 Signature activation module 5.12 Environments 5.12.1 Tamper protected environment 5.12.2 TSP protected environment <\/td>\n<\/tr>\n | ||||||
| 18<\/td>\n | 5.12.3 Signer\u2019s environment 5.13 Functional model 5.13.1 General 5.13.2 Scope of requirements <\/td>\n<\/tr>\n | ||||||
| 19<\/td>\n | 5.13.3 Signature activation mechanisms 5.13.3.1 General 5.13.3.2 Signature activation for SCAL1 <\/td>\n<\/tr>\n | ||||||
| 20<\/td>\n | 5.13.3.3 Signature activation for SCAL2 <\/td>\n<\/tr>\n | ||||||
| 21<\/td>\n | 5.13.4 TW4S components <\/td>\n<\/tr>\n | ||||||
| 22<\/td>\n | 6 Security requirements 6.1 General 6.2 General security requirements (SRG) 6.2.1 Management (SRG_M) 6.2.1.1 General 6.2.1.2 Systems and security management (SRG_M.1) <\/td>\n<\/tr>\n | ||||||
| 24<\/td>\n | 6.2.2 Systems and operations (SRG_SO) 6.2.2.1 Operations management (SRG_SO.1) 6.2.2.2 Time synchronization (SRG_SO.2) 6.2.3 Identification and authentication (SRG_IA) 6.2.3.1 General 6.2.3.2 Authentication for privileged and non-privileged roles other than signer (SRG_IA.1) <\/td>\n<\/tr>\n | ||||||
| 25<\/td>\n | 6.2.3.3 Authentication failure (SRG_IA.2) 6.2.4 System access control (SRG_SA) 6.2.4.1 General 6.2.4.2 Right management (SRG_SA.1) 6.2.5 Key management (SRG_KM) 6.2.5.1 General <\/td>\n<\/tr>\n | ||||||
| 26<\/td>\n | 6.2.5.2 Keys generation (SRG_KM.1) <\/td>\n<\/tr>\n | ||||||
| 27<\/td>\n | 6.2.5.3 Keys storage, backup and recovery (SRG_KM.2) 6.2.5.4 Key usage (SRG_KM.3) 6.2.5.5 Key distribution (SRG_KM.4) 6.2.5.6 Key renewal\/update\/change (SRG_KM.5) 6.2.5.7 Key archiving (SRG_KM.6) <\/td>\n<\/tr>\n | ||||||
| 28<\/td>\n | 6.2.5.8 Key deletion (SRG_KM.7) 6.2.6 Auditing (SRG_AA) 6.2.6.1 Audit data generation (SRG_AA.1) 6.2.6.2 Guarantees of audit data availability (SRG_AA.2) <\/td>\n<\/tr>\n | ||||||
| 29<\/td>\n | 6.2.6.3 Audit data parameters (SRG_AA.3) 6.2.6.4 Selectable audit review (SRG_AA.4) 6.2.6.5 Restricted audit review (SRG_AA.5) 6.2.6.6 Generation of warning (SRG_AA.6) 6.2.6.7 Guarantees of audit data integrity (SRG_AA.7) 6.2.6.8 Guarantees of audit timing (SRG_AA.8) <\/td>\n<\/tr>\n | ||||||
| 30<\/td>\n | 6.2.7 Archiving (SRG_AR) 6.2.7.1 Archive data generation (SRG_AR.1) 6.2.7.2 Integrity of archived data (SRG_AR.2) 6.2.8 Backup and recovery (SRG_BK) 6.2.8.1 General 6.2.8.2 Integrity and confidentiality of backup information (SRG_BK.1) 6.2.8.3 Recovery (SRG_BK.2) <\/td>\n<\/tr>\n | ||||||
| 31<\/td>\n | 6.3 Core components security requirements (SRC) 6.3.1 Signing key setup (SRC_SKS) – Cryptographic key (SRC_ SKS.1) 6.3.2 Signer authentication (SRC_SA) 6.3.2.1 Signer authentication for SCAL1 (SRC_SA.1) <\/td>\n<\/tr>\n | ||||||
| 32<\/td>\n | 6.3.2.2 Authentication failure handling (SRC_SA.2) 6.3.2.3 Signer authentication delegated to external system (SRC_SA.3) 6.3.3 Digital signature creation (SRC_DSC) – Cryptographic operation (SRC_DSC.1) 6.4 Additional security requirements for SCAL2 (SRA) 6.4.1 General 6.4.2 Signature activation protocol and signature activation data (SRA_SAP) 6.4.2.1 Threat resistance (SRA_SAP.1) <\/td>\n<\/tr>\n | ||||||
| 33<\/td>\n | 6.4.2.2 SAD Management (SRA_SAP.2) <\/td>\n<\/tr>\n | ||||||
| 34<\/td>\n | 6.4.3 Signing key management (SRA_SKM) 6.4.3.1 Signing key generation (SRA_SKM.1) <\/td>\n<\/tr>\n | ||||||
| 35<\/td>\n | 6.4.3.2 Signing key activation (SRA_SKM.2) <\/td>\n<\/tr>\n | ||||||
| 36<\/td>\n | Annex A (normative)Requirements for electronic identification means, characteristics and design A.1 Enrolment A.1.1 Application and registration A.1.2 Identity proofing and verification (natural person) <\/td>\n<\/tr>\n | ||||||
| 39<\/td>\n | A.1.3 Identity proofing and verification (legal person) <\/td>\n<\/tr>\n | ||||||
| 41<\/td>\n | A.1.4 Binding between the electronic identification means of natural and legal persons <\/td>\n<\/tr>\n | ||||||
| 42<\/td>\n | A.2 Electronic identification means and authentication A.2.1 Electronic identification means characteristics and design <\/td>\n<\/tr>\n | ||||||
| 43<\/td>\n | A.2.2 Authentication mechanism <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":" Trustworthy Systems Supporting Server Signing – General System Security Requirements<\/b><\/p>\n |