Electronic Signatures in Norway Supervision and Legal Aspects



Similar documents
Prof. Udo Helmbrecht

Norway - In-Country Mobile Calling

NIST-Workshop 10 & 11 April 2013

Security framework. Guidelines for trust services providers Part 1. Version 1.0 December 2013

ENISA and Cloud Security

Commission s proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market

ETSI SECURITY WEEK EIDAS Overview CEN/ETSI esignature Standardization including standards for TSP Compliance. ETSI All rights reserved

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114 thereof,

DS : Trust eservices. The policy context: eidas Regulation

Guidelines for the use of electronic signature

National Certification Authority Framework in Sri Lanka

European Electronic Identity Practices

Cyber Security in Europe

ELECTRONIC SIGNATURES AND ASSOCIATED LEGISLATION

Qualified mobile electronic signatures: Possible, but worth a try?


e-sign An Online Electronic Signature Service

ETSI SR V1.1.2 ( )

Statoil Policy Disclosure Statement

Implementation of eidas through Member States Supervisory Bodies

Forum of European Supervisory Authorities for Electronic Signatures (FESA) Working Paper on Qualified Certificates for Automatically Signing Systems

Electronic signature and compliance assurance: what s new?

CERTIFICATION PRACTICE STATEMENT UPDATE

SSLPost Electronic Document Signing

A7-0365/133

Cryptomathic s Response to Eurosmart Paper on Server Signing

ENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe. CENTR General Assembly, Brussels October 4, 2012

esign Online Digital Signature Service

RECOMMENDATIONS for the PROCESSING of EXTENDED VALIDATION SSL CERTIFICATES January 2, 2014 Version 2.0

Digital signature and e-government: legal framework and opportunities. Raúl Rubio Baker & McKenzie

ETSI TS V2.1.1 ( )

ETSI EN V2.2.2 ( )

Cyber security initiatives in European Union and Greece The role of the Regulators

COMMISSION OF THE EUROPEAN COMMUNITIES

CA Self-Governance: CA / Browser Forum Guidelines and Other Industry Developments. Ben Wilson, Chair, CA / Browser Forum

EU Priorities in Cybersecurity. Steve Purser Head of Core Operations Department June 2013

TTP.NL Scheme. for management system certification. of Trust Service Providers issuing. Qualified Certificates for Electronic Signatures,

STANDARDISIERUNG FÜR EIDAS IM MANDATE/460

Briefly summarised, SURFmarket has submitted the following questions to the Dutch DPA:

Merchants and Trade - Act No 28/2001 on electronic signatures

Network and Information Security Legislation in the EU

INFORMATION TECHNOLOGY SECURITY: PORTFOLIO OVERVIEW

Achieving Global Cyber Security Through Collaboration

UKAS Guidance for bodies operating certification of Trust Service Providers seeking approval under tscheme

ETSI EN V1.1.1 ( )

from PKI to Identity Assurance

BEREC work to develop European net neutrality guidelines

COMPLYING WITH THE E-COMMERCE REGULATIONS 2002

eid/authentication/digital signatures in Denmark

Cooperation in Securing National Critical Infrastructure

URBACT III Programme Manual

Information and Communication Technology (ICT) Development in the Philippines

Product Release Bulletin

Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL

Application form. Interreg Europe Application form 1 / 23. Sharing solutions for better regional policies

E-Signatures and E-Procurement

Tentative Action Plan

Secure Signature Creation Devices (SSCDs)

National Authority for Electronic Certification. Electronic Signature in Albania by Eris Asllani- Head of Department

How To Assess Risk On A Trust Service Provider

Public Key Infrastructure for a Higher Education Environment

Norwegian Financial Mechanism Memorandum of Understanding Hungary MEMORANDUM OF UNDERSTANDING

Study on Mutual Recognition of esignatures: update of Country Profiles Analysis & assessment report

Good Practices on Reporting Security Incidents

Qualified Electronic Signatures Act (SFS 2000:832)

The Estonian ID Card and Digital Signature Concept

CYSPA - EC projects supporting NIS

Electronic signature, authentication, identity management & UNCITRAL

LEGAL FRAMEWORK FOR E-SIGNATURE IN LITHUANIA AND ENVISAGED CHANGES OF THE NEW EU REGULATION

Operating a CSP in Switzerland or Playing in the champions league of IT Security

ISCC 103 Quality Management. Quality Management ISCC V 2.3-EU

eidas as blueprint for future eid projects cryptovision mindshare 2015 HJP Consulting Holger Funke

GL ON THE MINIMUM LIST OF SERVICES AND FACILITIES EBA/GL/2015/ Guidelines

Draft ETSI EN V1.1.1 ( )

ENISA and Cloud Security

Act on the Management of Alternative Investment Funds

PKI Architecture for VISIONng Proposal by A-TrustA

Education and Training Committee, 10 March Professional indemnity insurance. Executive summary and recommendations.

Option Table - Directive on Statutory Audits of Annual and Consolidated Accounts

MAXIMISING BROADBAND CONNECTIVITY ACROSS THE EU USING EUROPEAN FUNDING FOR SATELLITE BROADBAND ACCESS

How To Write An Article On The European Cyberspace Policy And Security Strategy

Dr. Vangelis OUZOUNIS Senior Expert Security Policies ENISA.

Transcription:

Electronic Signatures in Norway Supervision and Legal Aspects By Kristina Rognmo Adviser Section for ecommunication and Internet Networks Department Norwegian Post and Telecommunications Authority 1

Agenda Supervision in Norway Electronic signatures market The use of electronic signatures in Norway Neutrality in choice of technological solution How we conduct supervision of CSPs in Norway Proposal for a Regulation 2

Supervision in Norway The NPT supervise the issuance of electronic signatures under two different schemes: -Issuing qualified certificates according to the Electronic Signatures Act, which is based on the Directive 1999/93 EC on a Community framework for electronic signatures -Issuing certificates under the self-declaration scheme in accordance with the Electronic Signatures Act 16a - with more specific requirements in the «Requirements specification for PKI for public sector in Norway». 3

Supervision in Norway The issuance of certificates under the selfdeclaration scheme meet requirements of three security levels: - «Person-High» which is based on a qualified certificate and has the highest security level 4 - «Person-Standard» which meet the requirements of security level 3 - «Enterprise» which meet the requirements of security level 3+ 4

Electronic signatures market Number of registered CSPs: - 12 CSPs issuing qualified certificates - 11 CSPs issuing certificates under the selfdeclaration scheme There is about 4 million certificates in use in total - About 1,2 million certificates stored on smartcards - About 2,8 million server based certificates 5

The use of electronic signatures in Norway Advanced electronic signature is the signature in use. We don t have an SSCD or a designated body for approval of an SSCD The electronic signature can be used to: - Access to public services and egovernment Applications - Tax return forms - Online Banking - ecommerce 6

Neutrality in choice of technology The Norwegian CSPs have chosen different technical solutions for their electronic signature. Solutions in use are: - Storage of private key on a smartcard - Storage of private key on a server stored within the Certification Service Provider - Storage of private key on a SIM-card 7

Neutrality in choice of technology The NPT has accepted both server-based solution and Mobile BankID to be according to the Electronic Signatures Act Mobile BankID is developed in a cooperation between BankID and Telenor - The signatory sign by using a chosen PINcode 8

How we conduct supervision of CSPs in Norway? Main focus on review of the documents sent in by the registered CSPs The NPT focuses on a close dialogue with CSPs and other stakeholders in the field of electronic signature Supervisory activities financed by fees payed by CSPs to the Supervisory Body 9

Proposal for a Regulation The scope for supervisory activity expands because of a wider definition of trust services. The supervisory body is responsible to submit relevant information to the commission once a year The supervisory body is responsible to perform a more active supervision towards the TSPs 10

More about the proposal from the EU Commission The proposed regulations impacts on TSPs: Along with registration documents, an attached security report to the supervisory body A yearly audit by a recognized independent body Reporting any security breaches or loss of integrity (this information has to be forwarded to other MS and ENISA by the supervisory body) 11

More about the proposal from the EU Commission Increased activity and contact with TSPs, the Commission and Member States The trust service marked is ready for a more active supervision Positive effects 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information