SSLPost Electronic Document Signing

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "SSLPost Electronic Document Signing"

Transcription

1 SSLPost Electronic Document Signing

2 Overview What is a Qualifying Advanced Electronic Signature (QAES)? A Qualifying Advanced Electronic Signature, is a specific type of digital electronic signature, that when applied to a document is accepted in the EU as a legally binding document as if it had been physically signed in a traditional manner. A QAES is obtained from a Qualified Certificate and only an accredited Certificate Authority (CA) can issue Qualifying Certificates. What is the unique selling point in providing e-signing? The relationship between your organisation and an end user becomes very sticky when you are using a digital signature issued by SSLPost, which has been configured to sign documents and reports that are traditional outputs from well know industry software. An overview of the QAES distribution hierarchy CA RA RS Certificate Authority QuoVadis Registration Authority SSLPost Registered Senders CA RA RS European Union North America Southern Hemisphere 1

3 An overview of how a document is digitally signed server side Document is sent to SSLPost and the sender authenticates themselves on the SSLPost platform. 2 Factor Authentication sender Sign document with an ETSI approved certificate held in escrow by SSLPost. Encrypt / Decrypt document using the proprietary SSLPost platform. 256 BIT Recipient simply opens digitally signed document OR alternatively they counter sign the document using ETSI certificate held on the SSLPost platform which requires a 2 factor authentication process to be completed. 2 Factor Authentication The document is delivered by MTA. Document recorded by SSLPost (non repudiation) The document is received by SSLPost. Recipient s server accepts encrypted signed document. Signed Document The document is sent to SSLPost. Recipient downloads document from their server. recipient 2

4 Proprietary SSLPost Platform Message data & recipient details are combined The session key is used to decrypt the message data and the result is returned to the user s web browser over an SSL link. A hash value of the message is calculated and signed with the sender's private key. 5 #VALUE SSL Message data is encrypted with a unique random 256 bit AES session key. 256 BIT 3 The session key is encrypted with the recipient s public 2048 bit key. 256 BIT The result is encrypted with a 256 bit seal key (used to track access to the data if recipient s private key is held client side) BIT SSL Decrypt Secure Message Please enter your password: *********** decrypt message The message is checked against the hash value using the sender s public key and if it matches the recipient is prompted to enter their password BIT BIT PASSWORD 9 The server validates the password entered, retrieves the seal key to decrypt step 4 and then uses the recipient's private 2048 bit key to decrypt step 3 and obtain the session key. #VALUE Internet Browser SSL 6 A standard internet is created with an HTML form containing the recipients details, the encrypted message data, encrypted session key, an SHA 1 hash value of the message and the signature. form form Internet The recipient receives the and opens the HTML form attachment. They click the open button and the information in the message is sent to the sender s server for decryption. 7 Decode Secure Message Please click decode button to view message open message 3

5 What is accepted as a legally binding e-document? SSLPost uses QuoVadis as its Certificate Authority The key accreditation that allows QuoVadis to issue qualified certificates comes from its accreditation as a Netherlands and EU Qualified Certification Services Provider, which requires QuoVadis to be annually audited against the European standards for EC Qualified Certification Service. Online reference: There is nothing contained within UK/EU legislation that precludes a foreign CSP from issuing Qualified Certificates to UK/EU customers. Extracts for reference The following page from the European Commission website (European Commission website - esignature standardisation in the UK) discusses the esignature standardisation aspects for the United Kingdom: It states that there are no additional UK requirements pursuant to Article 3(7) of the EC Directive. Article 3(7) of the EC Directive relates to additional requirements imposed by member states. See below for the extract from Article 3(7) of the EC Directive. EC Directive (DIRECTIVE 1999/93/EC OF THE EUROPEAN PARLIAMENT) Article 3(3): Article 3(3) of the Directive requires Member States to ensure the establishment of an appropriate system that allows for supervision of certification-service-providers (CSPs) which are established on its territory and which issue qualified certificates (QCs) to the public. Article 3(7) of the Directive states: 7. Member States may make the use of electronic signatures in the public sector subject to possible additional requirements. Such requirements shall be objective, transparent, proportionate and non-discriminatory and shall relate only to the specific characteristics of the application concerned. Such requirements may not constitute an obstacle to cross-border services for citizens. 4

6 The Electronic Signatures Regulations 2002 Definitions: Certification-service-provider means a person who issues certificates or provides other services related to electronic signatures. Qualified certificate means a certificate which meets the requirements in Schedule 1 and is provided by a certification-service-provider who fulfills the requirements in Schedule 2; Regulation 3 Regulation 3 of the Electronic Signatures Regulations 2002, which implements Article 3.3 of the Directive, imposes a duty on the Secretary of State to: Keep under review the carrying on of activities of Certification Service Providers (CSPs) established in the United Kingdom which provide Qualified Certificates (QCs) to the Public, and of the persons by whom they are carried on, with a view to the Secretary of State becoming aware of the identity of those persons and circumstances relating to the carrying on of those activities, Establish and maintain a register of those CSPs, record in the register the name and address of those CSPs of whom the Secretary of State is aware, Publish the register in an appropriate manner, Have regard to any evidence of the conduct of those CSPs, which is detrimental to users of QCs, with a view to publication of any evidence. UK Electronic Communications Act 2000 ( the Act ) Note: Section 7 of the Act talks about the signature being admissible in terms of legal proceedings and does not mention CSPs, Qualified or Advanced certificates. An extract of Section 7 of the act is provided in below: Electronic signatures and related certificates: 7 (1) In any legal proceedings: (a) An electronic signature incorporated into or logically associated with a particular electronic communication or particular electronic data, and 5

7 (b) The certification by any person of such a signature shall each be admissible in evidence in relation to any question as to the authenticity of the communication or data or as to the integrity of the communication or data. (2) For the purposes of this section an electronic signature is so much of anything in electronic form as: (a) Is incorporated into or otherwise logically associated with any electronic communication or electronic data; and (b) Purports to be so incorporated or associated for the purpose of being used in establishing the authenticity of the communication or data, the integrity of the communication or data, or both. (3) For the purposes of this section an electronic signature incorporated into or associated with a particular electronic communication or particular electronic data is certified by any person if that person (whether before or after the making of the communication) has made a statement confirming that: (a) The signature, (b) A means of producing, communicating or verifying the signature, or (c) A procedure applied to the signature, Is (either alone or in combination with other factors) a valid means of establishing the authenticity of the communication or data, the integrity of the communication or data, or both. Annex II Annex II of the EU Directive is transposed into UK law through Schedule II of the Electronic Signature Regulations 2002 as follows: CSPs that wish to issue Qualified Certificates must therefore: Show the necessary reliability for providing certification services, Run a prompt and secure directory and a secure and immediate revocation service, Ensure that the date and time of issuance and revocation can be determined precisely, Verify the identity and any applicable attributes of the person to whom a qualified certificate is issued, Employ personnel that are qualified and technically competent to run the services securely and apply administrative and management procedures, which are adequate and correspond with recognized standards (e.g. ISO/IEC 27001), 6

8 Use trustworthy systems and products, which are protected against modification and ensure the technical and cryptographic security of the process supported by them, Protect against forgery of certificates, and guarantee confidentiality during in-house signature-creation data processes, Maintain sufficient financial resources to operate in conformity with the Directive, in particular to cover liabilities, for example by obtaining appropriate insurance, Keep all relevant records (manually or electronically) concerning a qualified certificate for an appropriate period of time, in particular to provide evidence in legal proceedings, Not store or copy signature-creation data (e.g. a private key) of any person to whom the CSP has provided key management services, Before entering into any contractual relationship for a certificate, inform anyone seeking certification services of the precise terms and conditions regarding the use of the certificate, including any limitations on its use, the existence of a voluntary approval scheme, complaints and dispute settlement procedures. Such information may be transmitted electronically, but must be in writing, and in readily understood language. Upon request, relying third parties must also have access to relevant parts of the information, Use trustworthy systems to store certificates in a verifiable form so that only authorised persons can make entries or changes, information authenticity can be checked, certificates are publicly available for retrieval only where the certificate holder s consent has been obtained, and any technical changes compromising these security requirements are apparent to the operator. 7

ELECTRONIC SIGNATURES AND ASSOCIATED LEGISLATION

ELECTRONIC SIGNATURES AND ASSOCIATED LEGISLATION ELECTRONIC SIGNATURES AND ASSOCIATED LEGISLATION This can be a complex subject and the following text offers a brief introduction to Electronic Signatures, followed by more background on the Register of

More information

2002 No. 318 ELECTRONIC COMMUNICATIONS. The Electronic Signatures Regulations 2002

2002 No. 318 ELECTRONIC COMMUNICATIONS. The Electronic Signatures Regulations 2002 STATUTORY INSTRUMENTS 2002 No. 318 ELECTRONIC COMMUNICATIONS The Electronic Signatures Regulations 2002 Made - - - - - 13th February 2002 Laid before Parliament 14th February 2002 Coming into force - -

More information

Qualified Electronic Signatures Act (SFS 2000:832)

Qualified Electronic Signatures Act (SFS 2000:832) Qualified Electronic Signatures Act (SFS 2000:832) The following is hereby enacted 1 Introductory provision 1 The purpose of this Act is to facilitate the use of electronic signatures, through provisions

More information

Merchants and Trade - Act No 28/2001 on electronic signatures

Merchants and Trade - Act No 28/2001 on electronic signatures This is an official translation. The original Icelandic text published in the Law Gazette is the authoritative text. Merchants and Trade - Act No 28/2001 on electronic signatures Chapter I Objectives and

More information

INDEPENDENT AUDIT REPORT BASED ON THE REQUIREMENTS OF ETSI TS 101 456. Aristotle University of Thessaloniki PKI (www.pki.auth.gr) WHOM IT MAY CONCERN

INDEPENDENT AUDIT REPORT BASED ON THE REQUIREMENTS OF ETSI TS 101 456. Aristotle University of Thessaloniki PKI (www.pki.auth.gr) WHOM IT MAY CONCERN Title INDEPENDENT AUDIT REPORT BASED ON THE REQUIREMENTS OF ETSI TS 101 456 Customer Aristotle University of Thessaloniki PKI (www.pki.auth.gr) To WHOM IT MAY CONCERN Date 18 March 2011 Independent Audit

More information

Guidelines for the use of electronic signature

Guidelines for the use of electronic signature Republic of Albania National Authority for Electronic Certification Guidelines for the use of electronic signature Guide Nr. 001 September 2011 Version 1.3 Guidelines for the use of electronic signature

More information

Security framework. Guidelines for trust services providers Part 1. Version 1.0 December 2013

Security framework. Guidelines for trust services providers Part 1. Version 1.0 December 2013 Security framework Guidelines for trust services providers Part 1 Version 1.0 December 2013 European Union Agency for Network and Information Security www.enisa.europa.eu Security framework Guidelines

More information

Website Authentication, Electronic Signatures and Electronic Seals

Website Authentication, Electronic Signatures and Electronic Seals Website Authentication, Electronic Signatures and Electronic Seals Fulfilling the eidas requirements for providers of qualified certificates with BSI Technical Guidelines 6. May 2016 Federal Office for

More information

Ericsson Group Certificate Value Statement - 2013

Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 1 (23) Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 2 (23) Contents 1 Ericsson Certificate Value Statement... 3 2 Introduction... 3 2.1 Overview... 3 3 Contact information...

More information

CERTIFICATION PRACTICE STATEMENT UPDATE

CERTIFICATION PRACTICE STATEMENT UPDATE CERTIFICATION PRACTICE STATEMENT UPDATE Reference: IZENPE-CPS UPDATE Version no: v 5.03 Date: 10th March 2015 IZENPE 2015 This document is the property of Izenpe. It may only be reproduced in its entirety.

More information

Neutralus Certification Practices Statement

Neutralus Certification Practices Statement Neutralus Certification Practices Statement Version 2.8 April, 2013 INDEX INDEX...1 1.0 INTRODUCTION...3 1.1 Overview...3 1.2 Policy Identification...3 1.3 Community & Applicability...3 1.4 Contact Details...3

More information

Danske Bank Group Certificate Policy

Danske Bank Group Certificate Policy Document history Version Date Remarks 1.0 19-05-2011 finalized 1.01 15-11-2012 URL updated after web page restructuring. 2 Table of Contents 1. Introduction... 4 2. Policy administration... 4 2.1 Overview...

More information

AGENDA ITEM 15-16 : ELECTRONIC SIGNATURE

AGENDA ITEM 15-16 : ELECTRONIC SIGNATURE SCREENING CHAPTER 10 Country Session: 13- Content Legislation Main Points of Turkish Electronic Signature Legislation Electronic Certificate Service Providers and Market Standardization Aspect of Electronic

More information

Electronic Documents Law

Electronic Documents Law Disclaimer: The English language text below is provided by the Translation and Terminology Centre for information only; it confers no rights and imposes no obligations separate from those conferred or

More information

Land Registry. Version 4.0 10/09/2009. Certificate Policy

Land Registry. Version 4.0 10/09/2009. Certificate Policy Land Registry Version 4.0 10/09/2009 Certificate Policy Contents 1 Background 5 2 Scope 6 3 References 6 4 Definitions 7 5 General approach policy and contract responsibilities 9 5.1 Background 9 5.2

More information

Secure Signature Creation Device Protect & Sign Personal Signature, version 4.1

Secure Signature Creation Device Protect & Sign Personal Signature, version 4.1 Zentrum für sichere Informationstechnologie Austria Secure Information Technology Center Austria A-1030 Wien, Seidlgasse 22 / 9 Tel.: (+43 1) 503 19 63 0 Fax: (+43 1) 503 19 63 66 A-8010 Graz, Inffeldgasse

More information

National Authority for Electronic Certification. Electronic Signature in Albania by Eris Asllani- Head of Department

National Authority for Electronic Certification. Electronic Signature in Albania by Eris Asllani- Head of Department National Authority for Electronic Certification Electronic Signature in Albania by Eris Asllani- Head of Department Roma - - - 2011 *General Statistics Population - 3,200,000 (est.) Area - 28.748 sq/km

More information

UKAS Guidance for bodies operating certification of Trust Service Providers seeking approval under tscheme

UKAS Guidance for bodies operating certification of Trust Service Providers seeking approval under tscheme CIS 3 EDITION 2 February 2014 UKAS Guidance for bodies operating certification of Trust Service Providers seeking approval under tscheme CONTENTS SECTION PAGE 1 Introduction 2 2 Requirements for Certification

More information

OB10 - Digital Signing and Verification

OB10 - Digital Signing and Verification Global Headquarters 90 Fetter Lane London EC4A 1EN Tel: +44 (0) 870 165 7410 Fax: +44 (0) 207 240 2696 OB10 - Digital Signing and Verification www.ob10.com Version 2.4 March 2013 Summary In order to comply

More information

Legal Status of Qualified Electronic Signatures in Europe

Legal Status of Qualified Electronic Signatures in Europe Legal Status of Qualified Electronic Signatures in Europe Jos Dumortier Professor of Law - K.U.Leuven Lawfort Of Counsel - Bar of Brussels jos.dumortier@lawfort.be Abstract It is a common misunderstanding

More information

Using etoken for Securing E-mails Using Outlook and Outlook Express

Using etoken for Securing E-mails Using Outlook and Outlook Express Using etoken for Securing E-mails Using Outlook and Outlook Express Lesson 15 April 2004 etoken Certification Course Securing Email Using Certificates Unprotected emails can be easily read and/or altered

More information

LAW OF GEORGIA ON ELECTRONIC SIGNATURES AND ELECTRONIC DOCUMENTS

LAW OF GEORGIA ON ELECTRONIC SIGNATURES AND ELECTRONIC DOCUMENTS LAW OF GEORGIA ON ELECTRONIC SIGNATURES AND ELECTRONIC DOCUMENTS Article 1 - Purpose and scope of the law 1. This Law establishes a legal framework for electronic document flow systems and the use of electronic

More information

Electronic Commerce ELECTRONIC COMMERCE ACT 2001. Act. No. 2001-07 Commencement LN. 2001/013 22.3.2001 Assent 14.3.2001

Electronic Commerce ELECTRONIC COMMERCE ACT 2001. Act. No. 2001-07 Commencement LN. 2001/013 22.3.2001 Assent 14.3.2001 ELECTRONIC COMMERCE ACT 2001 Principal Act Act. No. Commencement LN. 2001/013 22.3.2001 Assent 14.3.2001 Amending enactments Relevant current provisions Commencement date 2001/018 Corrigendum 22.3.2001

More information

An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Mar.2010

An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Mar.2010 An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Mar.2010 Understanding the information security Technology of Encryption and Electronic signature

More information

Certipost Trust Services. Certificate Policy. for Lightweight Certificates for EUROCONTROL. Version 1.2. Effective date 03 May 2012

Certipost Trust Services. Certificate Policy. for Lightweight Certificates for EUROCONTROL. Version 1.2. Effective date 03 May 2012 Certipost Trust Services Version 1.2 Effective date 03 May 2012 Certipost NV ALL RIGHTS RESERVED. 2 13 Definitions : Activation Data Certificate Certificate Holder Certificate Public Registry Certificate

More information

The Electronic Signatures Act of 15 June 2001 no. 81 (last revision 17 June 2005)

The Electronic Signatures Act of 15 June 2001 no. 81 (last revision 17 June 2005) Unrevised translation The Electronic Signatures Act of 15 June 2001 no. 81 (last revision 17 June 2005) (Unofficial translation. Norwegian Post and Telecommunications Authority (NPT) is without any responsibilities

More information

TTP.NL Scheme. for management system certification. of Trust Service Providers issuing. Qualified Certificates for Electronic Signatures,

TTP.NL Scheme. for management system certification. of Trust Service Providers issuing. Qualified Certificates for Electronic Signatures, TTP.NL Scheme for management system certification of Trust Service Providers issuing Qualified Certificates for Electronic Signatures, Public Key Certificates, Website Certificates and / or Time-stamp

More information

Act. on Strong Electronic Identification and Electronic Signatures (617/2009)

Act. on Strong Electronic Identification and Electronic Signatures (617/2009) NB: Unofficial translation; legally binding texts are those in Finnish and Swedish Act on Strong Electronic Identification and Electronic Signatures (617/2009) Chapter 1 General provisions Section 1 Scope

More information

Controller of Certification Authorities of Mauritius

Controller of Certification Authorities of Mauritius Contents Pg. Introduction 2 Public key Infrastructure Basics 2 What is Public Key Infrastructure (PKI)? 2 What are Digital Signatures? 3 Salient features of the Electronic Transactions Act 2000 (as amended)

More information

Frequently Asked Questions. Frequently Asked Questions. 2013 SSLPost Page 1 of 31 support@sslpost.com

Frequently Asked Questions. Frequently Asked Questions. 2013 SSLPost Page 1 of 31 support@sslpost.com Frequently Asked Questions 2013 SSLPost Page 1 of 31 support@sslpost.com Table of Contents 1 What is SSLPost Cloud? 3 2 Why do I need SSLPost Cloud? 4 3 What do I need to use SSLPost Cloud? 5 4 Which Internet

More information

EUROPEAN PARLIAMENT AND COUNCIL DIRECTIVE. on a common framework for electronic signatures

EUROPEAN PARLIAMENT AND COUNCIL DIRECTIVE. on a common framework for electronic signatures COMMISSION OF THE EUROPEAN COMMUNITIES Brussels, 29.04.1999 COM(1999) 195 fmal 98/0191(COD) Amended proposal for a EUROPEAN PARLIAMENT AND COUNCIL DIRECTIVE on a common framework for electronic signatures

More information

EMA esignature capabilities: frequently asked questions relating to practical and technical aspects of the implementation

EMA esignature capabilities: frequently asked questions relating to practical and technical aspects of the implementation August 2013 EMA/264709/2013 EMA esignature capabilities: frequently asked questions relating to practical and technical aspects of the implementation This question and answer document aims to address the

More information

Implementation of eidas through Member States Supervisory Bodies

Implementation of eidas through Member States Supervisory Bodies Implementation of eidas through Member States Supervisory Bodies Riccardo Genghini - ETSI TC ESI & CEN-ETSI e-sign Coord. Group Chairman CA Day Berlin June 09 th, 2015 ETSI 2013. All rights reserved 2

More information

Legal aspects of electronic signatures in Bulgaria

Legal aspects of electronic signatures in Bulgaria Article Legal aspects of electronic signatures in Bulgaria GEORGE G DIMITROV Legal Framework The contemporary Bulgarian law provides a thorough regulation of electronic signatures by a set of primary and

More information

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0 Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust

More information

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Using etoken for SSL Web Authentication. SSL V3.0 Overview Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents

More information

E-Signatures. Chris Reed. Professor of Electronic Commerce Law

E-Signatures. Chris Reed. Professor of Electronic Commerce Law E-Signatures Chris Reed Professor of Electronic Commerce Law Centre for Commercial Law Studies, Queen Mary University of London Of counsel, Lawrence Graham Agenda Rethinking the concept of signature e-signature

More information

The Mobile Phone Signature in edemocracy and egovernment Applications. Gregor.eibl@bka.gv.at

The Mobile Phone Signature in edemocracy and egovernment Applications. Gregor.eibl@bka.gv.at The Mobile Phone Signature in edemocracy and egovernment Applications Gregor.eibl@bka.gv.at Characteristics of the Citizen Card ( 4 Abs. 1 E-GovG) unique identity authenticity Citizen Card = before authenfication:

More information

Protection Profiles for TSP cryptographic modules Part 1: Overview

Protection Profiles for TSP cryptographic modules Part 1: Overview Date: 2015-08 prts 419221-1:2015 Protection Profiles for TSP cryptographic modules Part 1: Overview Document type: Technical Specification Document language: E Contents Introduction...3 1 Scope...4 2 References...4

More information

LAW FOR THE ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE

LAW FOR THE ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE LAW FOR THE ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE Prom. SG. 34/6 Apr 2001, amend. SG. 112/29 Dec 2001, amend. SG. 30/11 Apr 2006, amend. SG. 34/25 Apr 2006, amend. SG. 38/11 May 2007, amend. SG.

More information

TC TrustCenter GmbH Certification Practice Statement and Certificate Policy for Qualified Certificates

TC TrustCenter GmbH Certification Practice Statement and Certificate Policy for Qualified Certificates GmbH Certification Practice Statement and Certificate Policy Version 1.0 of June 11 th, 2007 NOTE: The information contained in this document is the property of TC TrustCenter GmbH. This Certification

More information

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Executive Summary...3 Background...4 Internet Growth in the Pharmaceutical Industries...4 The Need for Security...4

More information

Code of Practice on Electronic Invoicing in the EU

Code of Practice on Electronic Invoicing in the EU CEN/WS einvoicing Phase 3 Date: 2011-11 CEN Workshop AgreementTC WI Secretariat: NEN Code of Practice on Electronic Invoicing in the EU Status: for public review (23 November 2011-23 January 2012) ICS:

More information

Secure Email Frequently Asked Questions

Secure Email Frequently Asked Questions Secure Email Frequently Asked Questions Frequently Asked Questions Contents General Secure Email Questions and Answers Forced TLS Questions and Answers SecureMail Questions and Answers Glossary Support

More information

ELECTRONIC SIGNATURE LAW. (Published in the Official Journal No 25355, 2004-01-23) CHAPTER ONE Purpose, Scope and Definitions

ELECTRONIC SIGNATURE LAW. (Published in the Official Journal No 25355, 2004-01-23) CHAPTER ONE Purpose, Scope and Definitions ELECTRONIC SIGNATURE LAW Purpose (Published in the Official Journal No 25355, 2004-01-23) CHAPTER ONE Purpose, Scope and Definitions Article 1 The purpose of this Law is to regulate the legal and technical

More information

ETSI TS 102 042 V1.1.1 (2002-04)

ETSI TS 102 042 V1.1.1 (2002-04) TS 102 042 V1.1.1 (2002-04) Technical Specification Policy requirements for certification authorities issuing public key certificates 2 TS 102 042 V1.1.1 (2002-04) Reference DTS/SEC-004006 Keywords e-commerce,

More information

Guidelines Related To Electronic Communication And Use Of Secure E-mail Central Information Management Unit Office of the Prime Minister

Guidelines Related To Electronic Communication And Use Of Secure E-mail Central Information Management Unit Office of the Prime Minister Guidelines Related To Electronic Communication And Use Of Secure E-mail Central Information Management Unit Office of the Prime Minister Central Information Management Unit Office of the Prime Minister

More information

3D SECURE. System Overview. We have seen merchants reduce fraud by up to 95% when integrating to 3D Secure...

3D SECURE. System Overview. We have seen merchants reduce fraud by up to 95% when integrating to 3D Secure... 3D SECURE We have seen merchants reduce fraud by up to 95% when integrating to 3D Secure... System Overview This document is intended for merchant and developers that want to gain a high level overview

More information

Future directions of the AusCERT Certificate Service

Future directions of the AusCERT Certificate Service Future directions of the AusCERT Certificate Service QV Advanced Plus certificates Purpose Digital signatures non-repudiation, authenticity and integrity Encryption - confidentiality Client authentication

More information

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate

More information

Federal law on certification services in the area of the electronic signature

Federal law on certification services in the area of the electronic signature Law on the electronic signature 94.0 Notice This English translation has no official character. The only authentic texts are the German, French and Italian versions published in the Official Compendium

More information

State of Arkansas Policy Statement on the Use of Electronic Signatures by State Agencies June 2008

State of Arkansas Policy Statement on the Use of Electronic Signatures by State Agencies June 2008 State of Arkansas Policy Statement on the Use of Electronic Signatures by State Agencies June 2008 Background In the last ten years Arkansas has enacted several laws to facilitate electronic transactions

More information

You re FREE Guide SSL. (Secure Sockets Layer) webvisions www.webvisions.com +65 6868 1168 sales@webvisions.com

You re FREE Guide SSL. (Secure Sockets Layer) webvisions www.webvisions.com +65 6868 1168 sales@webvisions.com SSL You re FREE Guide to (Secure Sockets Layer) What is a Digital Certificate? SSL Certificates, also known as public key certificates or Digital Certificates, are essential to secure Internet browsing.

More information

COMMISSION OF THE EUROPEAN COMMUNITIES

COMMISSION OF THE EUROPEAN COMMUNITIES EN EN EN COMMISSION OF THE EUROPEAN COMMUNITIES Brussels, 28.11.2008 COM(2008) 798 final COMMUNICATION FROM THE COMMISSION TO THE COUNCIL, THE EUROPEAN PARLIAMENT, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE

More information

LAW No. 107/2015 ON ELECTRONIC IDENTIFICATION AND TRUST SERVICES

LAW No. 107/2015 ON ELECTRONIC IDENTIFICATION AND TRUST SERVICES LAW No. 107/2015 ON ELECTRONIC IDENTIFICATION AND TRUST SERVICES Pursuant to article 78 and 83, paragraph 1 of the Constitution, upon the proposal of the Council of Ministers, THE ASSEMBLY OF THE REPUBLIC

More information

ELECTRONIC COMMERCE AND ELECTRONIC SIGNATURE ACT (ZEPEP-UPB1) (Official consolidated text)

ELECTRONIC COMMERCE AND ELECTRONIC SIGNATURE ACT (ZEPEP-UPB1) (Official consolidated text) ELECTRONIC COMMERCE AND ELECTRONIC SIGNATURE ACT (ZEPEP-UPB1) (Official consolidated text) On basis of article 153 of the National Assembly of Slovenia Rules of Procedure the National Assembly of the Republic

More information

TELSTRA RSS CA Subscriber Agreement (SA)

TELSTRA RSS CA Subscriber Agreement (SA) TELSTRA RSS CA Subscriber Agreement (SA) Last Revision Date: December 16, 2009 Version: Published By: Telstra Corporation Ltd Copyright 2009 by Telstra Corporation All rights reserved. No part of this

More information

ETSI TS 102 640-3 V1.1.1 (2008-10) Technical Specification

ETSI TS 102 640-3 V1.1.1 (2008-10) Technical Specification TS 102 640-3 V1.1.1 (2008-10) Technical Specification Electronic Signatures and Infrastructures (ESI); Registered Electronic Mail (REM); Architecture, Formats and Policies; Part 3: Information Security

More information

Certum QCA PKI Disclosure Statement

Certum QCA PKI Disclosure Statement CERTUM QCA PKI Disclosure Statement v1.1 1 Certum QCA PKI Disclosure Statement Version 1.1 Effective date: 1 st of April, 2016 Status: valid Asseco Data Systems S.A. ul. Żwirki i Wigury 15 81-387 Gdynia

More information

Study on Mutual Recognition of esignatures: update of Country Profiles Icelandic country profile

Study on Mutual Recognition of esignatures: update of Country Profiles Icelandic country profile Study on Mutual Recognition of esignatures: update of Country Profiles Icelandic country profile This report / paper was prepared for the IDABC programme by: Coordinated by: Hans Graux (time.lex), Brigitte

More information

Certification Practice Statement

Certification Practice Statement Certification Practice Statement Revision R1 2013-01-09 1 Copyright Printed: January 9, 2013 This work is the intellectual property of Salzburger Banken Software. Reproduction and distribution require

More information

Law Governing Framework Conditions for Electronic Signatures and Amending Other Regulations

Law Governing Framework Conditions for Electronic Signatures and Amending Other Regulations Law Governing Framework Conditions for Electronic Signatures and Amending Other Regulations inofficial version for industry consultation for official German text please refer to the Official Journal (Bundesgesetzblatt

More information

CERITIFICATE POLICY CONCERNING PERSONAL DIGITAL CERTIFICATES OF BANK OF FINLAND AND FINANCIAL SUPERVISORY AUTHORITY EMPLOYEES

CERITIFICATE POLICY CONCERNING PERSONAL DIGITAL CERTIFICATES OF BANK OF FINLAND AND FINANCIAL SUPERVISORY AUTHORITY EMPLOYEES Certificate Policy 1 (18) CERITIFICATE POLICY CONCERNING PERSONAL DIGITAL CERTIFICATES OF BANK OF FINLAND AND FINANCIAL SUPERVISORY AUTHORITY EMPLOYEES 1 INTRODUCTION... 4 1.1 Overview... 4 1.2 Document

More information

ETSI EN 319 401 V1.1.1 (2013-01)

ETSI EN 319 401 V1.1.1 (2013-01) EN 319 401 V1.1.1 (2013-01) European Standard Electronic Signatures and Infrastructures (ESI); General Policy Requirements for Trust Service Providers supporting Electronic Signatures 2 EN 319 401 V1.1.1

More information

GlobalSign Subscriber Agreement for DocumentSign Digital ID for Adobe Certified Document Services (CDS)

GlobalSign Subscriber Agreement for DocumentSign Digital ID for Adobe Certified Document Services (CDS) GlobalSign Subscriber Agreement for DocumentSign Digital ID for Adobe Certified Document Services (CDS) Version 1.1 PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE DIGITAL CERTIFICATE ISSUED TO YOU

More information

ETSI TS 101 456 V1.4.3 (2007-05)

ETSI TS 101 456 V1.4.3 (2007-05) TS 101 456 V1.4.3 (2007-05) Technical Specification Electronic Signatures and Infrastructures (ESI); Policy requirements for certification authorities issuing qualified certificates 2 TS 101 456 V1.4.3

More information

ETSI TS 102 640-3 V2.1.1 (2010-01) Technical Specification

ETSI TS 102 640-3 V2.1.1 (2010-01) Technical Specification TS 102 640-3 V2.1.1 (2010-01) Technical Specification Electronic Signatures and Infrastructures (ESI); Registered Electronic Mail (REM); Part 3: Information Security Policy Requirements for REM Management

More information

ELECTRONIC TRANSACTIONS ACT

ELECTRONIC TRANSACTIONS ACT ELECTRONIC TRANSACTIONS ACT CHAPTER 22:05 Act 6 of 2011 Amended by *4 of 2014 *See Note on page 2 Current Authorised Pages Pages Authorised (inclusive) by L.R.O. 1 10.. 11 24.. 25 32.. L.R.O. 2 Chap. 22:05

More information

Digital Signature A Digital Signature is a data item that vouches the origin and the integrity of a Message The originator of a message uses a signing

Digital Signature A Digital Signature is a data item that vouches the origin and the integrity of a Message The originator of a message uses a signing Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian Digital Signature A Digital Signature is a data item that vouches the origin and the integrity of a Message The originator of a message uses

More information

Bill. Electronic Signatures 1)

Bill. Electronic Signatures 1) Translation Note: The text has been amended in section 5(2) and is therefore identical to the final text of Act No. 417 of 31 May 2000. Only the Danish version of the text has legal validity. Bill No.

More information

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114 thereof,

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114 thereof, 28.8.2014 Official Journal of the European Union L 257/73 REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 23 July 2014 on electronic identification and trust services for electronic

More information

Using Voltage SecureMail

Using Voltage SecureMail Using Voltage SecureMail Using Voltage SecureMail Desktop Based on the breakthrough Identity-Based Encryption technology, Voltage SecureMail makes sending a secure email as easy as sending it without encryption.

More information

ODETTE CA Subscriber Agreement for Certificates

ODETTE CA Subscriber Agreement for Certificates ODETTE CA Subscriber Agreement for Certificates ODETTE Subscriber Agreement for Certificates 3 Table of Contents 1 ODETTE CA Subscriber Agreement for Certificates... 5 2 Definitions... 5 2.1 Digital Certificate...

More information

ELECTRONIC SIGNATURE LAW

ELECTRONIC SIGNATURE LAW ELECTRONIC SIGNATURE LAW (Published in the Official Gazette ref 25355, 2004-01-23) SECTION ONE Purpose, Scope and Definitions Purpose Article 1 The purpose of this Law is to define the principles for the

More information

The name of the Contract Signer (as hereinafter defined) duly authorized by the Applicant to bind the Applicant to this Agreement is.

The name of the Contract Signer (as hereinafter defined) duly authorized by the Applicant to bind the Applicant to this Agreement is. Trustwave Subscriber Agreement for Digital Certificates Ver. 11JUL14 PLEASE READ THIS AGREEMENT AND THE TRUSTWAVE CERTIFICATION PRACTICES STATEMENTS ( CPS ) CAREFULLY BEFORE USING THE CERTIFICATE ISSUED

More information

Trustis FPS PKI Glossary of Terms

Trustis FPS PKI Glossary of Terms Trustis FPS PKI Glossary of Terms The following terminology shall have the definitions as given below: Activation Data Asymmetric Cryptosystem Authentication Certificate Certificate Authority (CA) Certificate

More information

ETSI SECURITY WEEK EIDAS Overview CEN/ETSI esignature Standardization including standards for TSP Compliance. ETSI 2015. All rights reserved

ETSI SECURITY WEEK EIDAS Overview CEN/ETSI esignature Standardization including standards for TSP Compliance. ETSI 2015. All rights reserved ETSI SECURITY WEEK EIDAS Overview CEN/ETSI esignature Standardization including standards for TSP Compliance esignature Standards Framework Certificate Authority Time-stamping Signing Servers Validation

More information

Receiving Secure Email from Citi For External Customers and Business Partners

Receiving Secure Email from Citi For External Customers and Business Partners Citi Secure Email Program Receiving Secure Email from Citi For External Customers and Business Partners Protecting the privacy and security of client information is a top priority at Citi. Citi s Secure

More information

Draft ETSI EN 319 401 V1.1.1 (2012-03)

Draft ETSI EN 319 401 V1.1.1 (2012-03) Draft EN 319 401 V1.1.1 (2012-03) European Standard Electronic Signatures and Infrastructures (ESI); General Policy Requirements for Trust Service Providers supporting Electronic Signatures 2 Draft EN

More information

LAW FOR THE ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE. Chapter two. ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE

LAW FOR THE ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE. Chapter two. ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE LAW FOR THE ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE Prom. SG. 34/6 Apr 2001, amend. SG. 112/29 Dec 2001, amend. SG. 30/11 Apr 2006, amend. SG. 34/25 Apr 2006, amend. SG. 38/11 May 2007 Chapter one.

More information

GOVERNMENT OF THE REPUBLIC OF SLOVENIA CENTRE FOR INFORMATICS ELECTRONIC COMMERCE AND ELECTRONIC SIGNATURE ACT

GOVERNMENT OF THE REPUBLIC OF SLOVENIA CENTRE FOR INFORMATICS ELECTRONIC COMMERCE AND ELECTRONIC SIGNATURE ACT GOVERNMENT OF THE REPUBLIC OF SLOVENIA CENTRE FOR INFORMATICS ELECTRONIC COMMERCE AND ELECTRONIC SIGNATURE ACT LJUBLJANA, JUNE 2000 INTRODUCTION Marin Siliÿ The Act of the electronic commerce and electronic

More information

LAW. ON ELECTRONIC SIGNATURE (Official Gazette of the Republic of Montenegro 55/03 and 31/05)

LAW. ON ELECTRONIC SIGNATURE (Official Gazette of the Republic of Montenegro 55/03 and 31/05) LAW ON ELECTRONIC SIGNATURE (Official Gazette of the Republic of Montenegro 55/03 and 31/05) I GENERAL PROVISIONS Article 1 This Law shall regulate the use of electronic signature in legal transactions,

More information

24-7 Electronic Signature White Paper

24-7 Electronic Signature White Paper 24-7 Electronic Signature White Paper 24-7 Electronic Signature White Paper The following document describes 24-7 Box s interpretation of the current UK legislation relating to validity of electronic signatures

More information

HOW IT WORKS E-SIGNLIVE 1 INTRODUCTION 2 OVERVIEW

HOW IT WORKS E-SIGNLIVE 1 INTRODUCTION 2 OVERVIEW HOW IT WORKS E-SIGNLIVE 1 INTRODUCTION With e-signlive, Silanis hosted service, you can invite other people to conveniently and securely sign documents over the web. Your documents can be easily signed

More information

Guidelines on use of encryption to protect person identifiable and sensitive information

Guidelines on use of encryption to protect person identifiable and sensitive information Guidelines on use of encryption to protect person identifiable and sensitive information 1. Introduction David Nicholson, NHS Chief Executive, has directed that there should be no transfers of unencrypted

More information

Secure Mail Registration and Viewing Procedures

Secure Mail Registration and Viewing Procedures Secure Mail Registration and Viewing Procedures May 2011 For External Secure Mail Recipients Contents This document provides a brief, end user oriented overview of the Associated Banc Corp s Secure Email

More information

26.3.2014 A7-0365/133

26.3.2014 A7-0365/133 26.3.2014 A7-0365/133 Amendment 133 Amalia Sartori on behalf of the Committee on Industry, Research and Energy Report A7-0365/2013 Marita Ulvskog Electronic identification and trust services for electronic

More information

GlobalSign Subscriber Agreement for DomainSSL Certificates

GlobalSign Subscriber Agreement for DomainSSL Certificates GlobalSign Subscriber Agreement for DomainSSL Certificates Version 1.3 PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE DIGITAL CERTIFICATE ISSUED TO YOU OR YOUR ORGANISATION. BY USING THE DIGITAL

More information

Operating a CSP in Switzerland or Playing in the champions league of IT Security

Operating a CSP in Switzerland or Playing in the champions league of IT Security Operating a CSP in Switzerland or Playing in the champions league of IT Security Agenda SwissSign Technology Products and Processes Legal Aspects and Standards Business Model Future Developments 2 SwissSign

More information

REPUBLIC OF LITHUANIA. LAW ON ELECTRONIC SIGNATURE

REPUBLIC OF LITHUANIA. LAW ON ELECTRONIC SIGNATURE REPUBLIC OF LITHUANIA. LAW ON ELECTRONIC SIGNATURE CHAPTER I. GENERAL PROVISIONS... 1 ARTICLE 1. Purpose of the Law... 1 ARTICLE 2. Basic Definitions of this Law... 2 CHAPTER II. SIGNATURE CREATION, VERIFICATION,

More information

THE LAW OF THE REPUBLIC OF ARMENIA ON ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE CHAPTER 1. GENERAL PROVISIONS. Article 1. The subject of the Law

THE LAW OF THE REPUBLIC OF ARMENIA ON ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE CHAPTER 1. GENERAL PROVISIONS. Article 1. The subject of the Law THE LAW OF THE REPUBLIC OF ARMENIA ON ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE CHAPTER 1. GENERAL PROVISIONS Article 1. The subject of the Law 1. This Law regulates relations linked to application

More information

Information Security

Information Security Information Security Dr. Vedat Coşkun Malardalen September 15th, 2009 08:00 10:00 vedatcoskun@isikun.edu.tr www.isikun.edu.tr/~vedatcoskun What needs to be secured? With the rapid advances in networked

More information

Arkansas Department of Information Systems Arkansas Department of Finance and Administration

Arkansas Department of Information Systems Arkansas Department of Finance and Administration Arkansas Department of Information Systems Arkansas Department of Finance and Administration Title: Electronic Signature Standard Document Number: SS 70 011 Effective Date: Act 722 of 2007 requires state

More information

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Overview of CSS SSL. SSL Cryptography Overview CHAPTER CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers

More information

ELECTRONIC SIGNATURES FACTSHEET

ELECTRONIC SIGNATURES FACTSHEET ELECTRONIC SIGNATURES FACTSHEET Electronic signatures mean that you can exchange information with others electronically and securely safe in the knowledge that everyone is who they claim to be and that

More information

USER AGREEMENT FOR: ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY

USER AGREEMENT FOR: ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY USER AGREEMENT FOR: ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY CONDITIONS OF USE FOR ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY Between: the Commonwealth of Australia, acting

More information

Secure E-Mail Part II Due Date: Sept 27 Points: 25 Points

Secure E-Mail Part II Due Date: Sept 27 Points: 25 Points Secure E-Mail Part II Due Date: Sept 27 Points: 25 Points Objective 1. To explore a practical application of cryptography secure e-mail 2. To use public key encryption 3. To gain experience with the various

More information

User Guide Using Certificate in Microsoft Outlook Express

User Guide Using Certificate in Microsoft Outlook Express CERTIFYING AUTHORITY User Guide Using Certificate in Microsoft Outlook Express CONTACT TATA CONSULTANCY SERVICES - [E-SECURITY: PKI SERVICES] 6TH FLOOR, 5-9-62, KHAN LATEEF KHAN ESTATE FATEH MAIDAN ROAD,

More information

HKUST CA. Certification Practice Statement

HKUST CA. Certification Practice Statement HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 2.1 Date : 12 November 2003 Prepared by : Information Technology Services Center Hong Kong University of

More information

End-User Reference Guide

End-User Reference Guide Guide Websense Advanced Email Encryption v7.6 Websense Advanced Email Encryption Copyright 1996-2011 Websense, Inc. All rights reserved. This document contains proprietary and confidential information

More information