In accordance with article 11 of the Law on Electronic Signature (Official Gazette of the Republic of Serbia No. 135/04), REGULATION



Similar documents
ETSI TS V1.4.3 ( )

AGENDA ITEM : ELECTRONIC SIGNATURE

CERTIFICATE REVIEW RECORD

Danske Bank Group Certificate Policy

Secure Signature Creation Device Protect & Sign Personal Signature, version 4.1

CERTIFICATE. certifies that the. Info&AA v1.0 Attribute Service Provider Software. developed by InfoScope Ltd.

Land Registry. Version /09/2009. Certificate Policy

How To Understand And Understand The Certificate Authority (Ca)

ETSI TS V1.1.1 ( ) Technical Specification

Digital Signatures. Meka N.L.Sneha. Indiana State University. October 2015

ETSI TR V1.1.1 ( )

ETSI TS V2.1.1 ( ) Technical Specification

Certificate Path Validation

I N F O R M A T I O N S E C U R I T Y

National Security Agency Perspective on Key Management

I N F O R M A T I O N S E C U R I T Y

NIST Test Personal Identity Verification (PIV) Cards

PAdES signatures in itext and the road ahead. Paulo Soares

TTP.NL Guidance ETSI TS

Certificate Policy for OCES Employee Certificates (Public Certificates for Electronic Services) Version 5

ETSI TS V2.0.0 ( ) Technical Specification

Specifying the content and formal specifications of document formats for QES

TC TrustCenter GmbH Time-Stamp Policy

Certipost Trust Services. Certificate Policy. for Lightweight Certificates for EUROCONTROL. Version 1.2. Effective date 03 May 2012

CERTIFICATION PRACTICE STATEMENT UPDATE

Protection Profiles for TSP cryptographic modules Part 1: Overview

DECREE 132 of the National Security Authority. dated from 26 March 2009

PkBox Technical Overview. Ver

ETSI TS V1.1.1 ( )

ETSI SECURITY WEEK EIDAS Overview CEN/ETSI esignature Standardization including standards for TSP Compliance. ETSI All rights reserved

Digital Signature Standard (DSS)

ETSI TS V1.1.1 ( ) Technical Specification

ETSI TS V2.1.2 ( )

Security framework. Guidelines for trust services providers Part 1. Version 1.0 December 2013

Certification Report

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

Long term electronic signatures or documents retention

COURTESY TRANSLATION

The Mobile Phone Signature in edemocracy and egovernment Applications.

e-szigno Digital Signature Application

ARCHIVED PUBLICATION

Electronic Signature. István Zsolt BERTA Public Key Cryptographic Primi4ves

BDOC FORMAT FOR DIGITAL SIGNATURES

Validity Models of Electronic Signatures and their Enforcement in Practice

Pulse Secure, LLC. January 9, 2015

ETSI TS V2.4.1 ( )

How To Encrypt Data With Encryption

INDEPENDENT AUDIT REPORT BASED ON THE REQUIREMENTS OF ETSI TS Aristotle University of Thessaloniki PKI ( WHOM IT MAY CONCERN

Draft SR V0.0.4 ( )

An Introduction to Cryptography as Applied to the Smart Grid

Certificate Policy for OCES personal certificates (Public Certificates for Electronic Services)

Forum of European Supervisory Authorities for Electronic Signatures (FESA) Working Paper on Qualified Certificates for Automatically Signing Systems

Al-Wakaye Al-Mesreya / Government Bulletin - Issue No. 115 (Supplement) Dated 25 May 2005

SSL CERTIFICATE POLICY AND CERTIFICATION PRACTICE STATEMENT

Ciphire Mail. Abstract

Submitted to the EC on 03/06/2012. COMPETITIVENESS AND INNOVATION FRAMEWORK PROGRAMME ICT Policy Support Programme (ICT PSP) e-codex

Normas ETSI e IETF para Assinatura Digital. Ernandes Lopes Bezerra. Ernandes. 26 de dezembro de 2012

E-TUGRA INFORMATIC TECHNOLOGIES AND SERVICES CORP (E-TUGRA)

Public-Key Infrastructure

TECHNICAL INTEROPERABILITY STANDARD

LAW. ON ELECTRONIC SIGNATURE (Official Gazette of the Republic of Montenegro 55/03 and 31/05)

Signature policy for TUPAS Witnessed Signed Document

Apple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

BUYPASS CLASS 3 SSL CERTIFICATES Effective date:

Digital Signature Service. version : 4.7-SNAPSHOT

Guidelines on Accreditation of Designated Certification Business based on the Act on Electronic Signatures and Certification Business

Certification Practice Statement

Aloaha Sign! (English Version)

White Paper. Digital signatures from the cloud Basics and Applications

NISTIR 7676 Maintaining and Using Key History on Personal Identity Verification (PIV) Cards

Secure Network Communications FIPS Non Proprietary Security Policy

National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy. Version 1.1. February 2, 2016

Digital Signatures in a PDF

DIRECTOR GENERAL OF THE LITHUANIAN ARCHIVES DEPARTMENT UNDER THE GOVERNMENT OF THE REPUBLIC OF LITHUANIA

NEMA Standards Publication PS 3 Supplement 41. Digital Imaging and Communications in Medicine (DICOM) Digital Signatures

Rubrica legale - ICT Security Maggio 2004 Autore: Daniela Rocca (SG&A) Gianluca Ramunno (Politecnico di Torino)

ETSI TR V0.0.3 ( )

Hungarian Electronic Public Administration Interoperability Framework (MEKIK) Technical Standards Catalogue

Electronic Signature: Conform to the CC Anytime, Anywhere, with any Device September 20, 2012

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Digital Signature Service. version :

Best prac*ces in Cer*fying and Signing PDFs

Algorithms and Parameters for Secure Electronic Signatures V.1.44 DRAFT May 4 th., 2001

SMPTE Standards Transition Issues for NIST/FIPS Requirements v1.1

Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0. Accellion, Inc.

Internet Engineering Task Force (IETF) Request for Comments: EMC D. Brown Certicom Corp. T. Polk NIST. January 2010

ETSI TR V1.1.1 ( )

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Release Notes. NCP Secure Client Juniper Edition. 1. New Features and Enhancements. 2. Problems Resolved

CERTIFICATION PRACTICE STATEMENT (CPS) SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A. Version 2.0

CERTIFICATE POLICIES (CP) Natural Person Certificate ICE SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A. CP

SSLPost Electronic Document Signing

Neutralus Certification Practices Statement

Digital Signature Service. e-contract.be BVBA 2 september 2015

ELECTRONIC SIGNATURE LAW

Digital Signing without the Headaches

CA Certificate Policy. SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT

SECURITY IN ELECTRONIC COMMERCE - SOLUTION MULTIPLE-CHOICE QUESTIONS

Global Telehealth Conference 2012

TrustKey Tool User Manual

Transcription:

In accordance with article 11 of the Law on Electronic Signature (Official Gazette of the Republic of Serbia No. 135/04), the Minister of Telecommunications and Information Society hereby promulgates REGULATION ON TECHNICAL AND TECHNOLOGICAL PROCEDURES FOR CREATING A QUALIFIED ELECTRONIC SIGNATURE AND CRITERIA TO BE MET BY DEVICES FOR CREATING A QUALIFIED ELECTRONIC SIGNATURE Article 1 This Regulation specifies the technical and technological procedures for creating qualified electronic signatures and criteria for devices for creating qualified electronic signatures. Article 2 The technical and technological procedures for creating qualified electronic signatures, as well as criteria which should be met by devices for creation and verification of the qualified electronic signature shall be in line with appropriate international standards and recommendations, or other standards, documents and recommendations which are relevant to creation and verification of the qualified electronic signature, prescribed by this Regulation. Article 3 The qualified electronic signature, apart from terms and conditions under Article 7 of the Law on Electronic Signature (hereinafter: the Law), shall also fulfill the following detailed conditions: 1) that it is formed by application of devices for creation of the qualified electronic signature (SSCD);

2) that it is verified based on the qualified electronic certificate of the signatory which is valid at the moment of creation of the qualified electronic signature. Article 4 The qualified electronic signature is formed by applying one of the standardized asymmetric cryptographic algorithms, as follows: 1) RSA (Rivest Shamir Adleman) by applying PKCS#1 standard, with minimal length of RSA modulus n of 1024 bits; 2) DSA (Digital Signature Algorithm) with minimal length of parameters p and q of 1024 and 160 bits, respectively; 3) ECDSA (Elliptic Curve Digital Signature Algorithm) with minimal length of parameters p and q of 192 and 160 bits, respectively.

Article 5 Also applied in creation of the qualified electronic signature are hash functions for acquiring message prints of a fixed size (at least 160 bits). Hash functions from paragraph 1 of this Article are implemented by application of standardized hash algorithms, as follows: 1) SHA-1 (Secure Hash Algorithm) hash value with size of 160 bits; 2) RIPEMD-160 hash value with size of 160 bits; 3) SHA-224, SHA-256, SHA-384 and SHA-512. Article 6 Set of standardized algorithms from Articles 4 and 5 of this Regulation are combined with requirements related to selection of parameters, as well as the list of standard combinations of applied algorithms in the form of algorithm links ( signature suites ), shall be in line with the ETSI ESI SR 002 176 Algorithms and Parameters for Secure Electronic Signatures document. Article 7 Devices for creation of the qualified electronic signature must have features which allow for subsequent implementation of new algorithms, in accordance with further development of cryptographic techniques and standards. Article 8

Electronic documents signed with the qualified electronic signatures shall be exchanged in document format which includes basic data on procedure, algorithm and qualified electronic certificate of the signatory, so as to allow the recipient of electronic document to verify the qualified electronic signature based on agreed technology and procedures. Article 9 Format of electronic document which is signed with qualified electronic signature shall be in line with some of the following documents: recommendation PKCS#7, RFC 3852 Cryptographic Message Syntax (CMS), ETSI ESI TS 101 733 CMS Advanced Electronic Signatures (CAdES), RFC 3275 XMLDSIG or ETSI ESI TS 101 903 XML Advanced Electronic Signatures (XAdES). Article 10 The qualified electronic signature shall be in line with the recommendation ITU-T X.509 and documents ETSI ESI TS 101 862 Qualified Certificate Profile, RFC 3739 Internet X.509 Public Key Infrastructure: Qualified Certificates Profile, RFC 3280 Internet X.509 Public Key Infrastructure Certificate Revocation List (CRL) Profile and ETSI TS 102 280 X.509 V.3 Certificate Profile for Certificates Issued to Natural Persons. Procedures for formulation of qualified electronic signature shall be in line with the document ETSI ESI TR 102 272 ASN.1 format for signature policies or with the document ETSI ESI TR 102 038 XML format for signature policies. Article 11 Field subject of the qualified electronic certificate shall have the commonname attribute. Attribute commonname should include first and last name of the signatory, unique identifier of the signatory with the certification authority and, optionally, Personal Identification Number (PIN). Data is entered in the following order: first name, space, last

name, space, unique identifier with the certification authority and, at the end, optionally, dash and PIN. UTF8string coding should be used for the attribute commonname so as to allow for true presentation of all letters contained in first and last name by appropriate characters. Certification authority is obliged to clearly inform the user whether the certificate will include PIN. Certificates used in communication between authorities, between authorities and parties, in delivery and creation of decisions of authorities in electronic form in administrative, judicial and other procedure involving a government authority should include PIN. Certificates which include PIN or personal number may not be made publicly available by the certification authority. Article 12 The procedure of verification of the qualified electronic signature includes the procedure of verification of the qualified electronic certificate of the signatory, which consists of the following elements: 1) verification of the validity period of the certificate; 2) verification of data on certification authority which issued the qualified electronic certificate of the signatory; 3) verification whether the given certificate is on the list of revoked certificates. There is a possibility to perform additional verification checks other than that given in paragraph 1 of this Article, if there is such a definition in Regulations of the competent certification authority which issued the qualified electronic certificate. Article 13

Creation and verification of the qualified electronic signature is performed by applying the following: 1) devices for creation of the qualified electronic signature (SSCD); 2) secure application for creation and verification of the qualified electronic signature (SSCA and SSVA, respectively); 3) technical components of certification authorities; 4) qualified electronic certificate. Article 14 Devices for creation of qualified electronic signature, apart from conditions under Article 8 of the Law, shall meet the following criteria: 1) the data for creation of the qualified electronic signature shall be generated within the devices for creation of the qualified electronic signature and should never leave them; 2) qualified electronic signature shall be formed in the very devices for creation of the qualified electronic signature; 3) ensuring that devices for creating the qualified electronic signature are used solely by the signatory, including previously conducted reliable procedure of authentication; 4) the devices shall be such that the signatory is allowed to use them in different applications and environments of information technology. Article 15

Secure application for creation of qualified electronic signature (SSCA Secure Signature Creation Application) shall be used together with and inseparable from SSCD. SSCA may include a secure application for verification of the qualified electronic signature (SSVA Secure Signature Verification Application) and validation of qualified electronic certificate of the signatory, as well as results overview. Article 16 Technical components from the domain of certification authorities are software and hardware products which: 1) create data needed for creation of qualified electronic signature and transfer it to an appropriate hardware device of characteristics which are in line with this Regulation, or generate data directly in the given hardware device; 2) make available qualified certificates of users (with consent of the user and without PIN and personal number) and status of certificates, or list of revoked certificates which call for additional verification and consideration of the revoked status and, if necessary, for retrieval by interested parties.

Article 17 Devices for creation of the qualified electronic signature (SSCD) from Article 14 of this Regulation shall be in line with one of the following standards: 1) preferably CEN Workshop Agreement (CWA) 14169: Secure Signature-Creation Device (EAL 4+) ; 2) FIPS 140-2 (Federal Information Processing Standard) of level 2 or higher. Article 18 Application for creation of the qualified electronic signature (SSCA) from Article 15 paragraph 1 of this Regulation shall be in line with the standard CEN Workshop Agreement 14170 Security requirements for signature creation applications. Article 19 Application for verification of the qualified electronic signature (SSVA) from Article 15 paragraph 2 of this Regulation shall be in line with the standard CEN Workshop Agreement 14171 General guidelines for electronic signature verification. Article 20 Technical components of the certification authorities from Article 16 of this Regulation shall be in line with the following standards: 1) for generation of asymmetrical cryptographic keys with the certification authority, in line with some of the following standards:

(1) CEN Workshop Agreement 14167-3: Security Requirements for Trustworthy Systems Managing Certificates for Electronic Signatures - Part 3: Cryptographic Modules for CSP Key Generation Services - Protection Profile (CMCKG-PP), (2) CEN Workshop Agreement (CWA) 14169: Secure Signature-Creation Device (EAL 4+), (3) FIPS 140-2 (Federal Information Processing Standard) of level 3 or higher; 2) for generation of qualified certificates, in line with some of the following standards: (1) CEN Workshop Agreement 14167-2: Security Requirements for Trustworthy Systems Managing Certificates for Electronic Signatures - Part 2: Cryptographic Module for CSP Signing Operations - Protection profile (MCSO-PP), (2) CEN Workshop Agreement 14167-4: Security Requirements for Trustworthy Systems Managing Certificates for Electronic Signatures - Part 4: Cryptographic Module for CSP Signing Operations - Protection profile (CMCSO-PP), (3) CEN Workshop Agreement (CWA) 14169: Secure Signature-Creation Device (EAL 4+), (4) FIPS 140-2 (Federal Information Processing Standard) of level 3 or higher. Article 21 Software equipment and procedures which are implemented to verify the qualified electronic signature must be fully disabled to provide data for creation of the qualified electronic signature by using data for its verification. Article 22

Signatory is obliged to protect data for creation of the qualified electronic signature from unauthorized access, disposal and improper utilization. Protection from paragraph 1 of this Article additionally includes utilization of passwords or PIN codes, biometric procedures or other protective techniques. Article 23 By enactment of this Regulation, the Regulation on Technical and Technological Procedures for Creating a Qualified Electronic Signature and Criteria Which Should be Met by Devices for Creating a Qualified Electronic Signature (The Official Gazette of the Republic of Serbia, No. 48/05, 82/05, 116/05) shall no longer be effective. Article 24 This Regulation shall enter into force on the eighth day after publication in the Official Gazette of the Republic of Serbia. Number: 110-00-00015/2008-01 In Belgrade, 10 March 2008 MINISTER Ph.D. Aleksandra Smiljanic

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information