Study on Mutual Recognition of esignatures: update of Country Profiles Icelandic country profile
|
|
- Clement Hudson
- 8 years ago
- Views:
Transcription
1 Study on Mutual Recognition of esignatures: update of Country Profiles Icelandic country profile
2 This report / paper was prepared for the IDABC programme by: Coordinated by: Hans Graux (time.lex), Brigitte Jossin (Siemens), Guy Lambert (Siemens), Eric Meyvis (Siemens) Contract No. 1, Framework contract ENTR/05/58-SECURITY, Specific contract N 13 Disclaimer The views expressed in this document are purely those of the writer and may not, in any circumstances, be interpreted as stating an official position of the European Commission. The European Commission does not guarantee the accuracy of the information included in this study, nor does it accept any responsibility for any use thereof. Reference herein to any specific products, specifications, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favouring by the European Commission. All care has been taken by the author to ensure that s/he has obtained, where necessary, permission to use any parts of manuscripts including illustrations, maps, and graphs, on which intellectual property rights already exist from the titular holder(s) of such rights or from her/his or their legal representative. This paper can be downloaded from the IDABC website: European Communities, 2009 Reproduction is authorised, except for commercial purposes, provided the source is acknowledged. Page 2 of 18
3 Table of Contents 1 GENERAL INTRODUCTION EGOVERNMENT STRUCTURE AND ROLE OF ESIGNATURES MAIN ESIGNATURE SOLUTIONS 6 2 LEGAL AND TECHNICAL FRAMEWORK FOR ESIGNATURES ESIGNATURES REGULATORY FRAMEWORK LAWS AND REGULATIONS ESIGNATURES TECHNICAL/INFRASTRUCTURAL FRAMEWORK 8 3 EGOVERNMENT APPLICATIONS USING ELECTRONIC SIGNATURES 15 Page 3 of 18
4 1 General introduction 1.1 egovernment structure and role of esignatures Electronic signatures are not commonly used in the egovernment context in Iceland. Only one egovernment service uses electronic signatures, as will be indicated below. Some fundamental foundations for an effective environment are in place but others are still missing. The fundamental foundations are the legal environment, distribution of certificates, policies and standards. The legal environment can be regarded as sufficient. The Government passed a bill on electronic signatures in the spring of 2001 based on the Directive 1999/93/EC on electronic signatures. The right of using electronic signatures is then supported in different laws such as the Public Administration Act. Soft PKI X.509 certificates have been used in egovernment since 2003 for authentication and for electronic signatures, but a mass distribution to citizens is still missing. Today the government is implementing a central eidm system in Iceland that is based on X.509 Client certificates and ETSI standards. The main objective of this project is to get mass distribution of electronic certificates to citizens and companies for authentication and electronic signature. One of the main building blocks for this is the creation of an open and standardized PKI environment in Iceland. Based on this structure eids will be distributed to all citizens in the country. Citizens will be able to use the eids in relations to both central and local government as well as any other business in Iceland. The Icelandic Government co-operates with the Icelandic Financial Services Association in building, implementing and maintaining this infrastructure. The Ministry of Finance has created a root certificate (self-signed), named Iceland Root (Íslandsrót 1 ), which issues intermediate certificates to Identity providers (subordinate certificates authorities) in Iceland. The first intermediate certificate (Fullgilt audkenni 2 ) was issued to the company Auðkenni hf. 3 (company owned by the banks) in June 2008 and they have started to distribute certificates on bank cards to citizens and companies. Auðkenni hf. has also started to distribute certificates on smartcards that are not bank cards. These certificates are issued under the same intermediate certificate as the certificates on bank cards and fulfil the same requirements. This will be available to all that either cannot get bank cards or for some other reason want special cards e.g. employee cards for companies. The National registry has also been planning the issuing of citizen cards with certificates though nothing has been decided yet. A technical standard committee on PKI infrastructure in Iceland was established in 2006 under the national standard body, Icelandic Standards. This committee has the objective to identify specific standards or formats for electronic signatures in Iceland Page 4 of 18
5 It is not common that electronic signatures are used by public administrations to issue signed documents to citizens or businesses. Currently there is only one egovernment application using electronic signatures. Electronic signatures are being used by professional accountants in signing tax reports to the Internal Revenue Directorate on behalf of their clients, and all electronic copies issued by the Internal Revenue Directorate are signed with an electronic certificate. Suitable electronic signature solutions for applications are not chosen based on any general risk management or risk assessment requirements or policies. The Icelandic policy and strategy on egovernment is determined by the Prime Minister s Office, which is also responsible for releasing policies on egovernment. The general organisational approach to egovernment in Iceland is centralised policy and strategy but decentralised implementation. The main government policy that focuses on egovernment was adopted in 2008 under the title Iceland the e-nation - Icelandic Government Policy on the Information Society In the policy are some goals that relate to eids and signatures. It states that The e-nation shall adopt online payment, eids and e-procurement, in addition to working on other key tasks. There are also some activities stated in the policy like Introducing eids in communications with public bodies and Services concerning eids and e-payments. The Ministry of Finance is responsible for matters that relate to distribution and usages of eid s in government. Implementation is undertaken by the Government offices (ministries) according to their role and subject. An earlier policy, Resources to Serve Everyone - Policy of the Government of Iceland on the Information Society includes some goals related to electronic certificates. They are at the responsibility of the Ministry of Finance. Since these goals haven t been achieved yet they are still regarded as valid and used within government. The three goals are: 1. The policy will be to aim for the general and widespread use of electronic certification so that any communicating partner may be positively identified; electronic signatures and coding shall be introduced insofar as is deemed appropriate. 2. An open but standardised market is Iceland's goal, through the use of electronic certificates and certifying services. The state's requirements shall be published with regard to the content, form and handling of electronic certificates for transactions with national institutions. Those requirements might become the model for a general Public Key Infrastructure (PKI) for industry and municipalities. A simple system, economic in operation, should be the object, so that cost may be distributed in proportion to user benefits. 3. European and international standards shall be adhered to, aiming for integration with the Public Key Infrastructure of neighbouring countries when the time seems right. The governmental policy on Information Society is coordinated by a steering group called the Information Society Taskforce, operating under the auspices of the Office of the Prime Minister. This Page 5 of 18
6 includes assisting public institutions in their efforts towards achieving the main objectives. Related to the policy the Department for the Information Society located at the Prime Minister s Office has a special fund every year to finance IT projects. A special project management team, The egovernment Taskforce focuses on egovernment issues in the policy. Several other committees are operating as well. 1.2 Main esignature solutions As noted above, electronic signatures are presently only used in a single application in Iceland, namely by professional accountants in signing Income Tax Declarations on behalf of their clients. However, they use a commercial application to do this. The Internal Revenue Directorate requires all accountants to sign these reports and their system communicates with this commercial application. There is no requirement to use qualified signatures and no special standards are being used in relation to the signatures. Electronic signatures are used by professional accountants in signing tax reports on behalf of their clients. The application relies on the eid on bank cards and soft signature certificates issued by private CSPs. In the near future, eids on bank cards will become the main eid token in Iceland. eids on bank cards are already being distributed to citizens and it is expected that a big percentage of citizens will be using them already in This will be further discussed below. 2 Legal and technical framework for esignatures 2.1 esignatures regulatory framework Laws and regulations Act No 28/2001 on electronic signatures The European Directive 1999/93/EC of 13 December 1999 on a Community framework for electronic signatures was transposed into Icelandic legislation in the spring of 2001, as Act No. 28/ Article 4 of the Act stipulates that fully qualified electronic signatures shall have the same force as handwritten signatures. Furthermore, it is stipulated that other electronic signatures can be legally binding. Icelandic legislation faithfully follows the definitions of the European Directive. The Ministry of Business Affairs is responsible for the act on electronic signatures. The Consumer Agency 7 (former name was State Accreditation Agency) is responsible for monitoring that the operation of certification-service-providers issuing qualified certificates conform to the provisions of the Act and regulations based on the Act. In the Act are articles that are on the Certification Service Providers Page 6 of 18
7 (CSPs). Chapter VI includes articles with requirements for Certification-Service-Providers Issuing Qualified Certificates. Chapter VII is on Supervision of Certification-Service-Providers Issuing Qualified Certificates. The ministry and the Consumer Agency are currently preparing regulations that are based on this Act. Supporting legislation comes through the Public Administration Act as amended in 2003 and the Electronic Commerce Act, The Public Administration Act, No. 37/1993 (egovernment legislation) On 10 March 2003 an amendment (No. 51/2003) 8 was approved to the Public Administration Act, No. 37/1993 9, adding a special chapter on the electronic handling of matters by public administration. Through this modification, general obstacles to the development of electronic administration were removed. While formulating the amendment, the committee in question was guided by the concept of equivalent value, and also emphasised the need to maintain technical impartiality. The alteration involved mere permission for the electronic handling of governmental administration cases, but not an obligation. Article 38 in the act handles Electronic Signatures, it states: When established law, custom or general administrative provisions require material from a party or government authority to be signed, the authority may determine that electronic signatures can serve in place of handwritten signatures, insofar as electronic signatures assure, in a similar degree to handwritten signatures, the personal confirmation of the one from whom the material originates. A qualified electronic signature, according to the Act on electronic signatures, shall always be considered to fulfil the legal requirements on signatures. When established law, custom or general administrative provisions require material or certain aspects of it to be certified, this requirement shall be considered to be fulfilled through certification by an electronic signature that conforms with the first paragraph above and confirms the aspects for which certification is demanded. When established law, custom or general administrative provisions do not require material from a party or government authority to be signed, the authority may determine that it is permissible to use means other than electronic signatures in order to confirm electronic material. Act on the Protection of Privacy as regards the Processing of Personal Data, No. 77/ The Act on the Protection of Privacy as regards the Processing of Personal Data, No. 77/2000, as amended, was passed in 2000 and came into effect on 1 January The act implements the EC Data Protection Directive and deals with how the protective principle relates to data quality and presented criteria for the legitimacy of data processing. The act applies to any automated processing of personal data and to manual processing of such data if it is, or is intended to become, a part of a file. It has been amended by Act No. 90/2001, Act No. 30/2002, Act No. 81/2002 and Act no. 46/2003. Act on Electronic Commerce and other Electronic Services, No 30/ Page 7 of 18
8 In the Act on Electronic Commerce and other Electronic Services, No 30/2002 it states that electronic contracts are equivalent to written contracts. In the act it is stated that it does not apply to contracts governed by family law or by the law of succession, contracts requiring stamps and contracts that create or transfer rights in real estate, except for rental rights. Furthermore, the provisions do not apply to public registration or notarial acts. In all contracts that can legally be electronic, electronic signatures can be used. National registry and official identity documents The Act on national registry, no. 54/ specifies the rules for public registration and assigns this task to The National Registry. The act on national ID card, no. 25/ specifies the framework for issuance and use of national ID cards in Iceland. The act on passports, no. 136/ specifies the rules for issuance of Icelandic passports. National ID cards and ordinary passports are issued by the National Registry. The act on road traffic no. 50/ assigns the task of issuing driving licences to the National Commissioner of the Icelandic Police Other esignatures regulatory framework issues Qualified signature certificates on bank cards are only issued after personal appearance, identification and authentication of the signatory. There are no national signature policies for egovernment applications and no rules regarding long term validity of signatures. This is something that has been discussed within government and is included in one of the actions of the current egovernment policy. There are no rules or laws regarding any cross border interoperability initiatives (such as e.g. the recognition of foreign signature solutions, the establishment of validation services, etc. There are no rules creating a legal hierarchy between multiple signature types used within Icelandic government (either nationally or cross-border), based on the technical/organisational characteristics of signature solution that are being used. 2.2 esignatures technical/infrastructural framework Electronic signatures are not commonly used in the egovernment context in Iceland. Only one egovernment service uses Electronic signatures. Some fundamental foundations for an effective environment are in place but there is still some missing. eids on bank cards will become the main eid token in Iceland in the near future. eids on bank cards are already being distributed to citizens and it is expected that a big percentage of citizens will be using them already in Because of this the focus will be on this infrastructure in this chapter Page 8 of 18
9 - PKI environment Iceland - The environment is structured in three main layers. Firstly there s the international environment, then the main related Icelandic laws, and then the national PKI environment. The PKI-Iceland environment shows three main requirement sets; Certification Service Provider (that includes the Certification Authority), Subject (the one certified) and the verifier (the one that relies on the certificate). In addition, we show the requirement sets for the relations between the entities; certificate profile, the CRL protocols, the format and syntax for signed and encrypted objects, smartcards and the time stamping. In the picture it is attempted to provide an overview of the relevant standards and recommendations in each requirement set. It is realized that there are other standards and recommendations that are references, but the standards and recommendations indicated should be the ones that are directly relevant. It is also indicated what requirement definitions and related documents are needed (shown as pages). Three of them have the scope of the entire PKI (PDS; requirements for PKI and definition of security levels), but others are specific for the requirement sets. The Certificate profile can be found at the general webpage about eids in Iceland 16. eid on bank cards 16 Page 9 of 18
10 Today the government is implementing a central eidm system in Iceland that is based on X.509 Client certificates and ETSI standards. The main objective of this project is to get mass distribution of electronic certificates to citizens and companies for authentication and electronic signature. One of the main building blocks for this is the creation of an open and standards compliant PKI environment in Iceland. Based on this structure eids are being distributed to all citizens in the country. Citizens are able to use their eids in relations to both central and local government as well as any other businesses in Iceland that accept them in communication. The Icelandic Government co-operates with the Icelandic Financial Services Association in building, implementing and maintaining this infrastructure. The Ministry of Finance has created a root certificate (self-signed), named Iceland Root (Íslandsrót 17 ), which issues intermediate certificates to Identity providers (subordinate certificates authorities) in Iceland. Islandsrot PKI architecture is a single CA Model/Hierarchy. Islandsrot is currently not linked to other PKI infrastructures through any existing Bridge-CA network or similar modal. Islandsrot issued an intermediate certificate (Fullgilt audkenni 18 ) to the company Auðkenni hf. 19 (company owned by the banks) in June 2008 and they have started to distribute certificates on bank cards to citizens and companies. Auðkenni has also started to distribute certificates on smartcards that are not bank cards. These certificates are issued under the same intermediate certificate as the certificates on bank cards and fulfill the same requirements. This will be available to all that either cannot get bank cards or for some other reason want special cards e.g. employee cards for companies. The Icelandic National registry has also been planning for issuance of citizen cards with certificates, but nothing definitive has been decided on this yet. Facts on eids on bank cards: The eid consists of two standard x509 client certificates, one for Authentication (standard SSL/TLS), and one for Non-Repudiation-Signatures (Qualified signature certificate). The certificates (and the corresponding private keys) are stored on smart-cards (ISO-7816 PKCS#15). Certification policies 20 fulfill the technical specification ETSI TS End certificates profile is based on ETSI: Qualified Certificate profile, ETSI TS End certificates for Non-Repudiation-Signatures are claimed to be qualified signatures on secure signature creation device that should fulfill the law on electronic signatures based on the EC Directive on electronic signature. Certificates for authentication fulfill the same requirements as the certificate for Non-Repudiation- Signatures but it is not claimed in the certificate that it fulfills the law since that is not required for Certificates for authentication. Citizens are provided with CSP-middleware 21 (MS-CSP, PKCS#11, AppleCSP). Support for CEN TS and ISO is planned. The issuer of the certificate is Auðkenni hf Page 10 of 18
11 The certificates are compliant with RFC 3739 and ETSI TS The description of the fields of the signature certificate for citizens and employees is contained in the table below: x.509 Fields Profile for an e-id citizen Qualified Signature Certificate Version Serial Number V3 Allocated automatically by the Root CA Subject Distinguished Name Country (C) Organizational Unit (OU) Organizational Unit (OU) Organizational Unit (OU) Serial Number (SN) Common Name (CN) IS einkaskilriki Undirritun [Sequential number from ARM] [Personal ID num. National registry] [name from National registry] Validity Signature Algorithm Key Length [value from ARM] (Three months longer than the validity of the payment card) SHA-1 hash with RSA 2048 bit x.509 Extensions Key Usage Digital Signature Non-Repudiation Key Encipherment Data Encipherment Key Agreement Certificate Signing CRL Signing Basic Constraints Subject Type Authority Key ID Subject Key ID Certificate Policy extension Critical Selected Critical End Entity 160 bit SHA bit SHA-1 Leave blank if not required Policy Identifier OID Page 11 of 18
12 Policy User Notice CPS URL CRL Distribution Point Directory location Publicly Available Location This certificate is intended for signing. This certificate is issued as a qualified certificate in accordance with act 28/2001 and Directive 99/93/EC. Non Critical Not used. Authority Information Access Non Critical [1]Access Method=On-line Certificate Status Protocol ( ) Alternative Name: URL=ocsp.audkenni.is [2]Authority Info Access Access Method=Certification Authority Issuer ( ) Alternative Name: URL= Qualified Certificate Statements ( ) ETSI and SSCD Profile for an e-id Employee Qualified Signature Certificate x.509 Fields Version Serial Number V3 Allocated automatically by the Root CA Subject Distinguished Name Country (C) Organization Organizational Unit (OU) Organizational Unit (OU) Organizational Unit (OU) Serial Number (SN) Common Name (CN) IS [From the ARM] starfsskilriki Undirritun [Sequential number from ARM] [Personal ID num. National registry]:[company Firm registry ID num.] [name from National registry] Validity Signature Algorithm Key Length [value from ARM] (Three months longer than the validity of the payment card) SHA-1 hash with RSA 2048 bit Page 12 of 18
13 x.509 Extensions Key Usage Digital Signature Non-Repudiation Key Encipherment Data Encipherment Key Agreement Certificate Signing CRL Signing Basic Constraints Subject Type Authority Key ID Subject Key ID Certificate Policy extension Critical Selected Critical End Entity 160 bit SHA bit SHA-1 Leave blank if not required Policy Identifier OID Policy User Notice CPS URL CRL Distribution Point Directory location Publicly Available Location This certificate is intended for signing This certificate is issued as a qualified certificate in accordance with act 28/2001 and Directive 99/93/EC. Non Critical Not used. Authority Information Access Non Critical [1]Access Method=On-line Certificate Status Protocol ( ) Alternative Name: URL=ocsp.audkenni.is [2]Authority Info Access Access Method=Certification Authority Issuer ( ) Alternative Name: URL= Qualified Certificate Statements ( ) ETSI and SSCD Any service provider who wants to take advantage of the existing infrastructure and allow/require citizens to use their Client Certificates for authentication/signatures to their services can do so. For Page 13 of 18
14 authentication, all that is needed is for the service provider to set up his own standard SSL web server certificate (e.g. from Verisign or any other issuing certificate authority) and configure the web server to allow/require client certificate authentication. No specific interaction is required between the citizen and the service provider although it is possible that, depending on various different configurations, that the service provider chooses to interact with the citizen. The Serial_Number field in the Certificate subject denotes the Personal Identification Number of the Certificate holder (the citizen) which is a unique number, created for all citizens by the National Central Registry. The Certificate also contains the name of the citizen. This information should be enough for most service providers. If needed, service providers will also be granted certificate-lookup-access for public certificates of their customers. Identity Provider runs validation service for the client certificates. Validation is done through standard 23 CRL/OCSP 24 lookup. Validation is open so that any service provider (domestic/international) can use the validation service. LDAP directory standard is used to publish certificates. Certificate on a bankcard for qualified signatures There are no limitations/legal obligations in Iceland on the use of hash algorithms (SHA-1, SHA-256, ) A technical standard committee 25 on PKI infrastructure in Iceland was established in 2006 under the national standard body, Icelandic Standards. This committee has the objective to identify specific standards or formats for electronic signatures in Iceland. It is currently working on the following papers: 1. Certificate Profile (in review; version 1.4 issued in January 2007) 2. Certificate Status Protocol 3. Profile for Signed Object 4. Definition of Security Levels 5. Requirements for CAs (based on agreement between the state and all Icelandic banks published in May 2008) 6. Technical Integration 7. Requirements for PKI 8. Time Stamping The only Validation Service Providers that are being used in egovernment applications is Auðkenni hf. But they issue the certificates on bank cards. 23 For Islandsrot it is but for eids on bank cards. It is Page 14 of 18
15 3 egovernment applications using electronic signatures It is not common that electronic signatures are used by public administrations to issue signed documents to citizens or businesses. Currently there is only one egovernment application using electronic signatures. Thus, descriptions cannot be provided for the sectors of public procurement, ehealth and ejustice. Electronic signatures are being used by professional accountants in signing Income Tax Declaration on behalf of their clients, but they use a commercial application to do this. The Internal Revenue Directorate requires all accountants to sign these reports and their system communicates with this commercial application. There is not a requirement to use qualified signatures and no special standards are being used in relation to the signatures. Electronic signatures are used by professional accountants in signing tax reports on behalf of their clients. Application/Service Classification CL1 Application/Service Name Income Tax Declaration from accountants CL2 Application/Service Type A2B CL3 Concerned sector Taxation CL4 Intended clients Accountants that sign Income Tax Declaration on behalf of their clients CL5 Abstract Description The application allows accountants to sign Income Tax Declarations and send them electronically to the tax authorities. The tax administration then validates the signature and files the report. The application is a desktop application that is installed at the computers of users. CL6 Application/Service responsible contact information esignature use in the application Organisational aspects OR1 Which institutions, providers, etc. are involved in the signature scheme, and how do they relate? OR2 Which validation service provider / validation authority is involved for the signature validation? The application supports the eid on bank cards and soft signature certificates issued under the old eidm schema. Organisational details for all of these have been provided in the general description above. No separate validation service is required; validation of the signatures will be possible through the general esignature validation methods for the eid card and commercial CAs as described above (OCSP lookups are supported for all). Page 15 of 18
16 OR3 How is the long term validity of the signatures (including longterm archiving of certificates and signatures) ensured, if applicable? Not applicable: after receipt and validation of the declaration, the report is signed and filed within the system of the tax administration. The application user can at any time get an official copy (in the form of a PDF document electronically signed by the tax administration), which then becomes the official copy of the declaration. Thus, long term validity of the original declaration is less relevant for this application esignature use in the application legal aspects LG1 LG2 LG3 LG4 LG5 LG6 Does the system require an advanced signature / advanced signature based on a qualified certificate / qualified signature? Does the choice of signature type result from a risk assessment process? What is the legal basis (law, decree, ) for this application? Does the legal basis impose additional legal requirements on the electronic signature beyond the aforementioned qualification? How does the application determine if the user is authorised to use the application (if applicable)? What information is signed by the user and what is the objective of the signature? Advanced signatures are sufficient No, the determining factor was the use of available signature solutions. The Act on Income Tax No The application is a commercial application that is run on the desktop at the company s computer. So authorised access to the application itself is in the hands of the company. But for the application to be able to communicate with the web service of the tax authorities the company has to sign a contract with the tax authorities and each user has to be approved by them. The tax authorities then require an electronic certificate and with that they check if it is an authorised user that s communication with them. The signature serves to confirm the accuracy of the information contained in the declaration. The user signs an xml file that includes all the information in the report. esignature use in the application technical aspects Page 16 of 18
17 esignature use in the application technical aspects T1 What kind of token or credentials are used (smart cards, software certificates, paper tokens, mobile tokens, ) to create the signature? The application supports the eid on bank cards were the user are able to create qualified signatures. Soft signature certificates issued under the old eidm schema are currently also accepted this year. T2 T3 T4 T5 T6 T7 T8 T9 What are the hard- and software requirements on the client side for the use of the esignature? How are the signature/certificate presented to the application? Is there specific information in the certificate that plays a notable role in the functioning of the application? Which standards have been implemented in the esignatures application? How is the signature verified and how is the verification data processed and stored? What types of validation protocols are used for the electronic certificate validation? (OCSP, CRLs, SCVP ) How is the signature type technically enforced by the application? Does the application require the use of time-stamping services? Users need have the tax form application installed on there computer. When the eid on bankcard is used: availability of the card and smart card reader. With regard to software, middleware described in the general sections above should be installed. If soft certificate is used then that needs to be installed on the computer. Support to usages is a part of the desktop application. Through the interface provided in the application: the user chooses to use either the eid bankcard or soft certificate after completing the declaration, and will then be prompted to enter the appropriate PIN number. No, the declaration is claims-based; while the certificate is necessary to ensure non-repudiation, the information contained in it is not strictly essential. The application does not follow any special standards on esignatures. Validation is done through standard OCSP lookup. Certificate validation and signature validation OCSP lookup is used. The application only supports the eid on bank cards and soft signature certificates issued under the old eidm schema. No. Interoperability aspects I1 Is the system accessible to nonnationals, and if so, how? Yes, provided that they have a certificate. Page 17 of 18
18 I2 Does the application support non-national signatures (i.e. signatures created using certificates from non-national CSPs)? No. Miscellaneous M1 M2 Are there any statistics on the actual use of electronic signatures for this application (if not: please provide an estimation)? Can you provide any budget/cost information related to the implementation of electronic signatures in this application? About 30% of tax reports for individuals and about 81% for companies are electronically signed. Unknown. Page 18 of 18
SSLPost Electronic Document Signing
SSLPost Electronic Document Signing Overview What is a Qualifying Advanced Electronic Signature (QAES)? A Qualifying Advanced Electronic Signature, is a specific type of digital electronic signature, that
More informationEricsson Group Certificate Value Statement - 2013
COMPANY INFO 1 (23) Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 2 (23) Contents 1 Ericsson Certificate Value Statement... 3 2 Introduction... 3 2.1 Overview... 3 3 Contact information...
More informationMaking Digital Signatures Work across National Borders
Making Digital Signatures Work across National Borders Jon Ølnes, Anette Andresen, Leif Buene, Olga Cerrato, Håvard Grindheim DNV (Det Norske Veritas), Norway DNV trusted third party for 140 years Det
More informationCERTIFICATION PRACTICE STATEMENT UPDATE
CERTIFICATION PRACTICE STATEMENT UPDATE Reference: IZENPE-CPS UPDATE Version no: v 5.03 Date: 10th March 2015 IZENPE 2015 This document is the property of Izenpe. It may only be reproduced in its entirety.
More informationStudy on Mutual Recognition of esignatures: update of Country Profiles Analysis & assessment report
Study on Mutual Recognition of esignatures: update of Country Profiles This report / paper was prepared for the IDABC programme by: Coordinated by: Hans Graux (time.lex), Guy Lambert (Siemens), Brigitte
More informationPKI NBP Certification Policy for ESCB Signature Certificates. OID: 1.3.6.1.4.1.31995.1.2.2.1 version 1.5
PKI NBP Certification Policy for ESCB Signature Certificates OID: 1.3.6.1.4.1.31995.1.2.2.1 version 1.5 Security Department NBP Warsaw, 2015 Table of Contents 1. Introduction 1 1.1 Overview 1 1.2 Document
More informationCOMMISSION OF THE EUROPEAN COMMUNITIES
EN EN EN COMMISSION OF THE EUROPEAN COMMUNITIES Brussels, 28.11.2008 COM(2008) 798 final COMMUNICATION FROM THE COMMISSION TO THE COUNCIL, THE EUROPEAN PARLIAMENT, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE
More informationPKI NBP Certification Policy for ESCB Encryption Certificates. OID: 1.3.6.1.4.1.31995.1.2.3.1 version 1.2
PKI NBP Certification Policy for ESCB Encryption Certificates OID: 1.3.6.1.4.1.31995.1.2.3.1 version 1.2 Security Department NBP Warsaw, 2015 Table of Contents 1. Introduction 1 1.1 Overview 1 1.2 Document
More informationINDEPENDENT AUDIT REPORT BASED ON THE REQUIREMENTS OF ETSI TS 101 456. Aristotle University of Thessaloniki PKI (www.pki.auth.gr) WHOM IT MAY CONCERN
Title INDEPENDENT AUDIT REPORT BASED ON THE REQUIREMENTS OF ETSI TS 101 456 Customer Aristotle University of Thessaloniki PKI (www.pki.auth.gr) To WHOM IT MAY CONCERN Date 18 March 2011 Independent Audit
More informationGuidelines for the use of electronic signature
Republic of Albania National Authority for Electronic Certification Guidelines for the use of electronic signature Guide Nr. 001 September 2011 Version 1.3 Guidelines for the use of electronic signature
More informationHKUST CA. Certification Practice Statement
HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 2.1 Date : 12 November 2003 Prepared by : Information Technology Services Center Hong Kong University of
More informationETSI TS 102 778 V1.1.1 (2009-04) Technical Specification
TS 102 778 V1.1.1 (2009-04) Technical Specification Electronic Signatures and Infrastructures (ESI); PDF Advanced Electronic Signature Profiles; CMS Profile based on ISO 32000-1 2 TS 102 778 V1.1.1 (2009-04)
More informationGandi CA Certification Practice Statement
Gandi CA Certification Practice Statement Gandi SAS 15 Place de la Nation Paris 75011 France Version 1.0 TABLE OF CONTENTS 1.INTRODUCTION...10 1.1.Overview...10 1.2.Document Name and Identification...10
More informationDanske Bank Group Certificate Policy
Document history Version Date Remarks 1.0 19-05-2011 finalized 1.01 15-11-2012 URL updated after web page restructuring. 2 Table of Contents 1. Introduction... 4 2. Policy administration... 4 2.1 Overview...
More informationNIST Test Personal Identity Verification (PIV) Cards
NISTIR 7870 NIST Test Personal Identity Verification (PIV) Cards David A. Cooper http://dx.doi.org/10.6028/nist.ir.7870 NISTIR 7870 NIST Text Personal Identity Verification (PIV) Cards David A. Cooper
More informationREGISTRATION AUTHORITY (RA) POLICY. Registration Authority (RA) Fulfillment Characteristics SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A.
REGISTRATION AUTHORITY (RA) POLICY Registration Authority (RA) Fulfillment Characteristics SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A. INDEX Contenido 1. LEGAL FRAMEWORK... 4 1.1. Legal Base...
More informationApple Corporate Email Certificates Certificate Policy and Certification Practice Statement. Apple Inc.
Apple Inc. Certificate Policy and Certification Practice Statement Version 2.0 Effective Date: April 10, 2015 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2. Table of acronyms... 4 1.3.
More informationStatoil Policy Disclosure Statement
Title: Statoil Policy Disclosure Statement Document no. : Contract no.: Project: Classification: Distribution: Open Anyone Expiry date: Status 2019-06-11 Final Distribution date: : Copy no.: Author(s)/Source(s):
More informationDEPARTMENT OF DEFENSE PUBLIC KEY INFRASTRUCTURE EXTERNAL CERTIFICATION AUTHORITY MASTER TEST PLAN VERSION 1.0
DEFENSE INFORMATION SYSTEMS AGENCY JOINT INTEROPERABILITY TEST COMMAND FORT HUACHUCA, ARIZONA DEPARTMENT OF DEFENSE PUBLIC KEY INFRASTRUCTURE EXTERNAL CERTIFICATION AUTHORITY MASTER TEST PLAN VERSION 1.0
More informationETSI TS 102 280 V1.1.1 (2004-03)
TS 102 280 V1.1.1 (2004-03) Technical Specification X.509 V.3 Certificate Profile for Certificates Issued to Natural Persons 2 TS 102 280 V1.1.1 (2004-03) Reference DTS/ESI-000018 Keywords electronic signature,
More informationCertificate Policy for. SSL Client & S/MIME Certificates
Certificate Policy for SSL Client & S/MIME Certificates OID: 1.3.159.1.11.1 Copyright Actalis S.p.A. All rights reserved. Via dell Aprica 18 20158 Milano Tel +39-02-68825.1 Fax +39-02-68825.223 www.actalis.it
More informationApple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015
Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015 Table of Contents 1. Introduction... 5 1.1. Trademarks...
More informationBrocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, 2002. Page 1
PKI Tutorial Jim Kleinsteiber February 6, 2002 Page 1 Outline Public Key Cryptography Refresher Course Public / Private Key Pair Public-Key Is it really yours? Digital Certificate Certificate Authority
More informationUNCITRAL United Nations Commission on International Trade Law Introduction to the law of electronic signatures
Introduction to the law of electronic signatures Luca Castellani Head, Regional Centre for Asia and the Pacific UNCITRAL Secretariat Incheon, Republic of Korea Outline 1. Methods and technologies for electronic
More informationTR-GRID CERTIFICATION AUTHORITY
TR-GRID CERTIFICATION AUTHORITY CERTIFICATE POLICY AND CERTIFICATION PRACTICE STATEMENT Version 2.3 May 15, 2014 Table of Contents TABLE OF CONTENTS:... 2 1. INTRODUCTION... 7 1.1 OVERVIEW... 7 1.2 DOCUMENT
More informationCitizen CA Certification Practice statement
Citizen CA Certification Practice statement OID: 2.16.56.1.1.1.2.2 OID: 2.16.56.1.1.1.2.1 VERSION: 1.1 1/56 Table of Contents 1 INTRODUCTION 5 1.1 PRELIMINARY WARNING 5 1.1.1 Trusted Entities ruled by
More informationPart III-a. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT
Part III-a Contents Part III-a Public-Key Infrastructure (PKI) Definition of a PKI and PKI components PKI Trust Models Digital Certificate, X.509 Certificate Management and Life Cycle Public Key Infrastructure
More informationTHE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY. July 2011 Version 2.0. Copyright 2006-2011, The Walt Disney Company
THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY July 2011 Version 2.0 Copyright 2006-2011, The Walt Disney Company Version Control Version Revision Date Revision Description Revised
More informationMerchants and Trade - Act No 28/2001 on electronic signatures
This is an official translation. The original Icelandic text published in the Law Gazette is the authoritative text. Merchants and Trade - Act No 28/2001 on electronic signatures Chapter I Objectives and
More informationTR-GRID CERTIFICATION AUTHORITY
TR-GRID CERTIFICATION AUTHORITY CERTIFICATE POLICY AND CERTIFICATION PRACTICE STATEMENT Version 2.1 January, 2009 Table of Contents: TABLE OF CONTENTS:...2 1. INTRODUCTION...7 1.1 OVERVIEW...7 1.2 DOCUMENT
More informationCertificate Path Validation
Version 1.4 NATIONAL SECURITY AUTHORITY Version 1.4 Certificate Path Validation 19 th November 2006 No.: 1891/2006/IBEP-011 NSA Page 1/27 NATIONAL SECURITY AUTHORITY Department of Information Security
More informationSYMANTEC NON-FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION
SYMANTEC NON-FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION I. DEFINITIONS For the purpose of this Service Description, capitalized terms have the meaning defined herein. All other capitalized
More informationBugzilla ID: Bugzilla Summary:
Bugzilla ID: Bugzilla Summary: CAs wishing to have their certificates included in Mozilla products must 1) Comply with the requirements of the Mozilla CA certificate policy (http://www.mozilla.org/projects/security/certs/policy/)
More informationDigital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University
Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate
More informationDigital Signature Verification using Historic Data
Digital Signature Verification using Historic Data Digital signatures are now relatively common; however historic verification of digitally signed data is not so widely understood. As more data is held
More informationTeliaSonera Server Certificate Policy and Certification Practice Statement
TeliaSonera Server Certificate Policy and Certification Practice Statement v.1.4 TeliaSonera Server Certificate Policy and Certification Practice Statement CA name Validation OID TeliaSonera Server CA
More informationISSUANCE AND MANAGEMENT POLICY FOR. Spektar Org Universal Certificate
ISSUANCE AND MANAGEMENT POLICY FOR Revision 2.1 Spektar AD 11A Carnegie street 1000 Sofia, Bulgaria phone: + 359 2 9699 200 fax: + 359 2 9699 255 http://www.spektar.org 1/15 CONTENT 1. Description of the
More informationAGENDA ITEM 15-16 : ELECTRONIC SIGNATURE
SCREENING CHAPTER 10 Country Session: 13- Content Legislation Main Points of Turkish Electronic Signature Legislation Electronic Certificate Service Providers and Market Standardization Aspect of Electronic
More informationCertification Practice Statement
Certification Practice Statement Revision R1 2013-01-09 1 Copyright Printed: January 9, 2013 This work is the intellectual property of Salzburger Banken Software. Reproduction and distribution require
More informationQUOVADIS ROOT CERTIFICATION AUTHORITY CERTIFICATE POLICY/ CERTIFICATION PRACTICE STATEMENT. OIDs: 1.3.6.1.4.1.8024.0.1 1.3.6.1.4.1.8024.0.
QUOVADIS ROOT CERTIFICATION AUTHORITY CERTIFICATE POLICY/ CERTIFICATION PRACTICE STATEMENT OIDs: 1.3.6.1.4.1.8024.0.1 1.3.6.1.4.1.8024.0.3 Effective Date: 20 April 2009 Version: 4.6 Copyright QuoVadis
More informationDr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C
Cunsheng Ding, HKUST Lecture 06: Public-Key Infrastructure Main Topics of this Lecture 1. Digital certificate 2. Certificate authority (CA) 3. Public key infrastructure (PKI) Page 1 Part I: Digital Certificates
More informationDigital Signatures in a PDF
This document describes how digital signatures are represented in a PDF document and what signature-related features the PDF language supports. Adobe Reader and Acrobat have implemented all of PDF s features
More informationCERTIFICATION PRACTICE STATEMENT (CPS) SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A. Version 2.0
CERTIFICATION PRACTICE STATEMENT (CPS) OF SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A. Version.0 (CPS) INDEX 1. LEGAL FRAMEWORK... 10 1.1. Legal Base... 10 1.. Validation... 10 1.. Legal Support...
More informationCertipost Trust Services. Certificate Policy. for Lightweight Certificates for EUROCONTROL. Version 1.2. Effective date 03 May 2012
Certipost Trust Services Version 1.2 Effective date 03 May 2012 Certipost NV ALL RIGHTS RESERVED. 2 13 Definitions : Activation Data Certificate Certificate Holder Certificate Public Registry Certificate
More informationSPECIFIC CERTIFICATION POLICIES AND PRACTICES APPLICABLE TO
SPECIFIC CERTIFICATION POLICIES AND PRACTICES APPLICABLE TO ELECTRONIC CERTIFICATION AND SIGNATURE SERVICES FOR PUBLIC ORGANIZATIONS AND ADMINISTRATIONS, THEIR BODIES AND ATTACHED OR DEPENDENT ENTITIES
More informationSecurity framework. Guidelines for trust services providers Part 1. Version 1.0 December 2013
Security framework Guidelines for trust services providers Part 1 Version 1.0 December 2013 European Union Agency for Network and Information Security www.enisa.europa.eu Security framework Guidelines
More informationELECTRONIC SIGNATURES AND ASSOCIATED LEGISLATION
ELECTRONIC SIGNATURES AND ASSOCIATED LEGISLATION This can be a complex subject and the following text offers a brief introduction to Electronic Signatures, followed by more background on the Register of
More informationEuropean Electronic Identity Practices
European Electronic Identity Practices Country Update of Austria Speaker: Herbert Leitold Date: 9 Nov 2004 PART I: Overview Table of contents Overview of Citizen Card initiatives and its status (Summary
More informationVeriSign Trust Network Certificate Policies
VeriSign Trust Network Certificate Policies Version 2.8.1 Effective Date: February 1, 2009 VeriSign, Inc. 487 E. Middlefield Road Mountain View, CA 94043 USA +1 650.961.7500 http//:www.verisign.com - 1-
More informationEgypt s E-Signature & PKInfrastructure
EGYPT-MCIT ITIDA Egypt s E-Signature & PKInfrastructure Seminar on Electronic Signature Algeria 8-9 Dec. 2009 By: Hisham Mohamed Abdel Wahab Head of the E-Signature CA Licensing ITIDA- MCIT EGYPT Email:
More informationEgyptian Best Practices Securing E-Services
Egyptian Best Practices Securing E-Services Dr. Sherif Hazem Nour El-Din Information Security Systems Consultant Root CA Manager, ITIDA Agenda Security Measures for E-Services Examples of E- Services Threats
More informationThe Estonian ID Card and Digital Signature Concept
The Estonian ID Card and Digital Signature Concept Principles and Solutions Ver 20030307 Contents Contents...2 Status of the document...3 Introduction...3 Intended audience...3 Current project status...3
More informationCERTIFICATE POLICY (CP) (For SSL, EV SSL, OSC and similar electronic certificates)
(CP) (For SSL, EV SSL, OSC and similar electronic certificates) VERSION : 09 DATE : 01.12.2014 1. INTRODUCTION... 10 1.1. Overview... 10 1.2. Document Name and Identification... 11 1.3. Participants...
More informationCERTIMETIERSARTISANAT and C@RTEUROPE ELECTRONIC SIGNATURE SERVICE SUBSCRIPTION CONTRACT SPECIFIC TERMS AND CONDITIONS
CERTIMETIERSARTISANAT and C@RTEUROPE ELECTRONIC SIGNATURE SERVICE SUBSCRIPTION CONTRACT SPECIFIC TERMS AND CONDITIONS Please fill in the form using BLOCK CAPITALS. All fields are mandatory. 1 1. SUBSCRIBER
More informationTHE RSA ROOT SIGNING SERVICE Certification Practice Statement For RSA Certificate Authorities (CAs) Published By: RSA Security Inc.
THE RSA ROOT SIGNING SERVICE Certification Practice Statement For RSA Certificate Authorities (CAs) Last Revision Date: June 28, 2007 Version: 3.0 Published By: RSA Security Inc. Copyright 2002-2007 by
More informationSymantec Trust Network (STN) Certificate Policy
Symantec Trust Network (STN) Certificate Policy Version 2.8.5 Effective Date: September 8, 2011 Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA +1 650.527.8000 http//:www.symantec.com
More informationESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0
ESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0 June 30, 2004 Table of Contents Table of Contents...2 1 Introduction...3 1.1 Overview...3 1.1.1 General Definitions...4
More informationOB10 - Digital Signing and Verification
Global Headquarters 90 Fetter Lane London EC4A 1EN Tel: +44 (0) 870 165 7410 Fax: +44 (0) 207 240 2696 OB10 - Digital Signing and Verification www.ob10.com Version 2.4 March 2013 Summary In order to comply
More informationPEXA Public Key Infrastructure (PKI) Certification Authority Certificate Policy
PEXA Public Key Infrastructure (PKI) Certification Authority Certificate Policy Version: 1.0 Issued: August 2014 Status: Final PEXA Certification Authority Certificate Profile 1. Introduction Property
More informationLand Registry. Version 4.0 10/09/2009. Certificate Policy
Land Registry Version 4.0 10/09/2009 Certificate Policy Contents 1 Background 5 2 Scope 6 3 References 6 4 Definitions 7 5 General approach policy and contract responsibilities 9 5.1 Background 9 5.2
More informationFord Motor Company CA Certification Practice Statement
Certification Practice Statement Date: February 21, 2008 Version: 1.0.1 Table of Contents Document History... 1 Acknowledgments... 1 1. Introduction... 2 1.1 Overview... 3 1.2 Ford Motor Company Certificate
More informationFuture directions of the AusCERT Certificate Service
Future directions of the AusCERT Certificate Service QV Advanced Plus certificates Purpose Digital signatures non-repudiation, authenticity and integrity Encryption - confidentiality Client authentication
More informationTELSTRA RSS CA Subscriber Agreement (SA)
TELSTRA RSS CA Subscriber Agreement (SA) Last Revision Date: December 16, 2009 Version: Published By: Telstra Corporation Ltd Copyright 2009 by Telstra Corporation All rights reserved. No part of this
More informationGetronics Certification Certificate of Authentic Trustworthy
Getronics Version 3.0 Effective Date: 15 october, 2008 Getronics Nederland B.V. Fauststraat 1 P.O. Box 9105 7300 HN Apeldoorn The Netherlands Phone: +31 (0)20 570 4511 http://www.pki.getronicspinkroccade.nl
More informationX.509 Certificate Policy for the Australian Department of Defence Root Certificate Authority and Subordinate Certificate Authorities
X.509 Certificate Policy for the Australian Department of Defence Root Certificate Authority and Subordinate Certificate Authorities Version 5.1 May 2014 Notice to all parties seeking to rely Reliance
More informationPostSignum CA Certification Policy applicable to qualified personal certificates
PostSignum CA Certification Policy applicable to qualified personal certificates Version 3.0 7565 Page 1/60 TABLE OF CONTENTS 1 Introduction... 5 1.1 Review... 5 1.2 Name and clear specification of a document...
More informationVodafone Group CA Web Server Certificate Policy
Vodafone Group CA Web Server Certificate Policy Publication Date: 06/09/10 Copyright 2010 Vodafone Group Table of Contents Acknowledgments... 1 1. INTRODUCTION... 2 1.1 Overview... 3 1.2 Document Name
More informationEquens Certificate Policy
Equens Certificate Policy WebServices and Connectivity Final H.C. van der Wijck 11 March 2015 Classification: Open Version 3.0 Version history Version no. Version date Status Edited by Most important edit(s)
More informationGlobalSign CA Certificate Policy
GlobalSign CA Certificate Policy Date: December 17 th 2007 Version: v.3.0 Table of Contents Document History...1 Acknowledgments...2 1. Introduction...3 1.1 Overview...4 1.1.1 GlobalSign Rootsign...5 1.1.2
More informationACT. of 15 March 2002
215 ACT of 15 March 2002 on electronic signature and on the amendment and supplementing of certain acts as amended by Act No. 679/2004 Coll., Act No. 25/2006 Coll., Act No. 275/2006 Coll., Act No. 214/2008
More informationETSI TS 101 456 V1.4.3 (2007-05)
TS 101 456 V1.4.3 (2007-05) Technical Specification Electronic Signatures and Infrastructures (ESI); Policy requirements for certification authorities issuing qualified certificates 2 TS 101 456 V1.4.3
More informationSAUDI NATIONAL ROOT-CA CERTIFICATE POLICY
SAUDI NATIONAL ROOT-CA CERTIFICATE POLICY Document Classification: Public Version Number: 2.5 Issue Date: June 25, 2015 National Center for Digital Certification Policies and Regulations Department Digitally
More informationStartCom Certification Authority
StartCom Certification Authority Intermediate Certification Authority Policy Appendix Version: 1.5 Status: Final Updated: 05/04/11 Copyright: Start Commercial (StartCom) Ltd. Author: Eddy Nigg Introduction
More informationapple WWDR Certification Practice Statement Version 1.8 June 11, 2012 Apple Inc.
Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.8 Effective Date: June 11, 2012 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2.
More informationassociate professor BME Híradástechnikai Tanszék Lab of Cryptography and System Security (CrySyS) buttyan@hit.bme.hu, buttyan@crysys.
Foundations for secure e-commerce (bmevihim219) Dr. Levente Buttyán associate professor BME Híradástechnikai Tanszék Lab of Cryptography and System Security (CrySyS) buttyan@hit.bme.hu, buttyan@crysys.hu
More informationAdobe PDF for electronic records
White Paper Adobe PDF for electronic records Digital signatures and PDF combine for definitive electronic records and transactions Contents 1 PDF and electronic records 2 Digital certification 3 Validating
More informationAn introduction to EJBCA and SignServer
An introduction to EJBCA and SignServer PrimeKey Solutions AB Tomas Gustavsson http://www.primekey.se tomas@primekey.se EJBCA and SignServer Euro PKI projects and use cases 1 EJBCA - Open Source Enterprise
More informationGlobe Hosting Certification Authority Globe Hosting, Inc. 501 Silverside Road, Suite 105, Wilmington, DE 19809, County of New Castle, United States
Globe Hosting Certification Authority Globe Hosting, Inc. 501 Silverside Road, Suite 105, Wilmington, DE 19809, County of New Castle, United States www.globessl.com TABLE OF CONTENTS 1. INTRODUCTION...
More informationPKI - current and future
PKI - current and future Workshop for Japan Germany Information security Yuichi Suzuki yuich-suzuki@secom.co.jp SECOM IS Laboratory Yuichi Suzuki (SECOM IS Lab) 1 Current Status of PKI in Japan Yuichi
More informationKIBS Certification Practice Statement for non-qualified Certificates
KIBS Certification Practice Statement for non-qualified Certificates Version 1.0 Effective Date: September, 2012 KIBS AD Skopje Kuzman Josifovski Pitu 1 1000, Skopje, Republic of Macedonia Phone number:
More informationDigiCert. Certificate Policy. DigiCert, Inc. Version 4.03 May 3, 2011
DigiCert Certificate Policy DigiCert, Inc. Version 4.03 May 3, 2011 Suite 200 Canopy Building II 355 South 520 West Lindon, UT 84042 USA Tel: 1 801 877 2100 Fax: 1 801 705 0481 www.digicert.com TABLE OF
More informatione-tuğra CERTIFICATE POLICY E-Tuğra EBG Bilişim Teknolojileri ve Hizmetleri A.Ş. Version: 3.1 Validity Date: September, 2013 Update Date: 30/08/2013
e-tuğra CERTIFICATE POLICY E-Tuğra EBG Bilişim Teknolojileri ve Hizmetleri A.Ş. Version: 3.1 Validity Date: September, 2013 Update Date: 30/08/2013 Ceyhun Atıf Kansu Cad. 130/58 Balgat / ANKARA TURKEY
More informationOFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES
OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES Table of contents 1.0 SOFTWARE 1 2.0 HARDWARE 2 3.0 TECHNICAL COMPONENTS 2 3.1 KEY MANAGEMENT
More informationVersion 2.4 of April 25, 2008
TC TrustCenter GmbH Certificate Policy for SAFE NOTE: The information contained in this document is the property of TC TrustCenter GmbH. This Certificate Policy is published in conformance with international
More informationCERTIFICATE POLICIES (CP) Legal Person Certificate ICE SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A. CP
CERTIFICATE POLICIES (CP) Certificate ICE SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A. CP Certificate INDEX 1. LEGAL FRAMEWORK... 5 1.1. Legal Base... 5 1.2. Validation... 5 1.3. Legal Support...
More informationNumber of relevant issues
Electronic signature Lecture 8 Number of relevant issues cryptography itself algorithms for signing documents key management generating keys, distribution, key revocation security policy certificates may
More informationHungarian Electronic Public Administration Interoperability Framework (MEKIK) Technical Standards Catalogue
Hungarian Electronic Public Administration Interoperability Framework (MEKIK) Technical Standards Catalogue Zsolt Sikolya Ministry of Informatics and Communications (IHM) Tel: +3614613366, Fax: +3614613548
More informationHow to Time Stamp PDF and Microsoft Office 2010/2013 Documents with the Time Stamp Server
How to Time Stamp PDF and Microsoft Office 2010/2013 Documents with the Time Stamp Server Introduction Time stamping is an important mechanism for the long-term preservation of digital signatures, time
More informationGovernment CA Government AA. Certification Practice Statement
PKI Belgium Government CA Government AA Certification Practice Statement 2.16.56.1.1.1.3 2.16.56.1.1.1.3.2 2.16.56.1.1.1.3.3 2.16.56.1.1.1.3.4 2.16.56.1.1.1.6 2.16.56.1.1.1.6.2 2.16.56.9.1.1.3 2.16.56.9.1.1.3.2
More informationEMA esignature capabilities: frequently asked questions relating to practical and technical aspects of the implementation
August 2013 EMA/264709/2013 EMA esignature capabilities: frequently asked questions relating to practical and technical aspects of the implementation This question and answer document aims to address the
More informationREVENUE ON-LINE SERVICE CERTIFICATE POLICY. Document Version 1.2 Date: 15 September 2007. OID for this CP: 1.2.372.980003.1.1.1.1.
REVENUE ON-LINE SERVICE CERTIFICATE POLICY Document Version 1.2 Date: 15 September 2007 OID for this CP: 1.2.372.980003.1.1.1.1.1 No part of this document may be copied, reproduced, translated, or reduced
More informationSwissSign Certificate Policy and Certification Practice Statement for Gold Certificates
SwissSign Certificate Policy and Certification Practice Statement for Gold Certificates Version March 2004 Version 2004-03 SwissSign Gold CP/CPS Page 1 of 66 Table of Contents 1. INTRODUCTION...9 1.1 Overview...
More informationLong-term archiving of electronically signed documents in Hungary
Long-term archiving of electronically signed documents in Hungary Dr. István Zsolt BERTA, PhD, MBA, CISA Microsec Ltd. HUNGARY istvan.berta@microsec.hu www.e-szigno.hu http://www.e-szigno.hu Microsec Ltd.
More informationEuropean Federated Validation Service Study. Solution Profile Trustweaver on Demand
European Federated Validation Service Study Solution Profile Trustweaver on Demand This report / paper was prepared for the IDABC programme by: Author s name: Indicated in the solution profile below, under
More informationEuropeanSSL Secure Certification Practice Statement
EuropeanSSL Secure Certification Practice Statement Eunetic GmbH Version 1.0 14 July 2008 Wagnerstrasse 25 76448 Durmersheim Tel: +49 (0) 180 / 386 384 2 Fax: +49 (0) 180 / 329 329 329 www.eunetic.eu TABLE
More informationSubmitted to the EC on 03/06/2012. COMPETITIVENESS AND INNOVATION FRAMEWORK PROGRAMME ICT Policy Support Programme (ICT PSP) e-codex
Submitted to the EC on 03/06/2012 COMPETITIVENESS AND INNOVATION FRAMEWORK PROGRAMME ICT Policy Support Programme (ICT PSP) e-codex e-justice Communication via Online Data Exchange ICT PSP call identifier:
More informationController of Certification Authorities of Mauritius
Contents Pg. Introduction 2 Public key Infrastructure Basics 2 What is Public Key Infrastructure (PKI)? 2 What are Digital Signatures? 3 Salient features of the Electronic Transactions Act 2000 (as amended)
More informationCertification Practice Statement
FernUniversität in Hagen: Certification Authority (CA) Certification Practice Statement VERSION 1.1 Ralph Knoche 18.12.2009 Contents 1. Introduction... 4 1.1. Overview... 4 1.2. Scope of the Certification
More informationCertificates. Noah Zani, Tim Strasser, Andrés Baumeler
Certificates Noah Zani, Tim Strasser, Andrés Baumeler Overview Motivation Introduction Public Key Infrastructure (PKI) Economic Aspects Motivation Need for secure, trusted communication Growing certificate
More informationeidas as blueprint for future eid projects cryptovision mindshare 2015 HJP Consulting Holger Funke
eidas as blueprint for future eid projects cryptovision mindshare 2015 HJP Consulting Holger Funke Agenda eidas Regulation TR-03110 V2.20 German ID card POSeIDAS Summary cryptovision mindshare 2015: eidas
More information