QuoVadis Group. EUGridPMA Update September 2014



Similar documents
QUOVADIS ROOT CERTIFICATION AUTHORITY CERTIFICATE POLICY/ CERTIFICATION PRACTICE STATEMENT. OIDs:

ETSI SECURITY WEEK EIDAS Overview CEN/ETSI esignature Standardization including standards for TSP Compliance. ETSI All rights reserved

QUOVADIS ROOT CERTIFICATION AUTHORITY CERTIFICATE POLICY/ CERTIFICATION PRACTICE STATEMENT. OIDs:

QUOVADIS ROOT CERTIFICATION AUTHORITY CERTIFICATE POLICY/ CERTIFICATION PRACTICE STATEMENT. OIDs:

Comodo Certificate Manager. Comodo Enterprise

SSLPost Electronic Document Signing

GlobalSign Integration Guide

QUOVADIS ROOT CERTIFICATION AUTHORITY CERTIFICATE POLICY/ CERTIFICATION PRACTICE STATEMENT. OIDs:

ENTRUST CLOUD. SSL Digital Certificates, Discovery & Management entrust@entrust.com entrust.com

Operating a CSP in Switzerland or Playing in the champions league of IT Security

ETSI SR V1.1.2 ( )

Simplify SSL Certificate Management Across the Enterprise

WebTrust SM/TM for Certification Authorities WebTrust Principles and Criteria for Certification Authorities Extended Validation Code Signing

CA Self-Governance: CA / Browser Forum Guidelines and Other Industry Developments. Ben Wilson, Chair, CA / Browser Forum

Independent Accountants Report

NIST-Workshop 10 & 11 April 2013

TTP.NL Scheme. for management system certification. of Trust Service Providers issuing. Qualified Certificates for Electronic Signatures,

Does your Organization Need a Managed SSL Service?

CERTIFICATION PRACTICE STATEMENT UPDATE

Guidance for the verification of qualified digital signatures following Swiss signature law

Enterprise SSL FEATURES & BENEFITS

Future directions of the AusCERT Certificate Service

Class 3 Registration Authority Charter

Frequently Asked Questions. Frequently Asked Questions: Securing the Future of Trust on the Internet

White Paper. Simplify SSL Certificate Management Across the Enterprise

Independent Accountants Report

Trust/Link Enterprise

Overview. Comodo Certificate Manager

Best prac*ces in Cer*fying and Signing PDFs

Comodo Certificate Manager. Centrally Managing Enterprise Security, Trust & Compliance

UKAS Guidance for bodies operating certification of Trust Service Providers seeking approval under tscheme

CA-DAY Michael Kranawetter, Chief Security Advisor (Tom Albertson, Security Program Manager) Microsoft

How to check if I care for the safety of my Clients?

Security framework. Guidelines for trust services providers Part 1. Version 1.0 December 2013

ETSI TR V1.1.1 ( )

RECOMMENDATIONS for the PROCESSING of EXTENDED VALIDATION SSL CERTIFICATES January 2, 2014 Version 2.0

fulfils all requirements defined in the technical specification The appendix to the certificate is part of the certificate and consists of 6 pages.

WEBTRUST SM/TM FOR CERTIFICATION AUTHORITIES EXTENDED VALIDATION AUDIT CRITERIA Version 1.1 CA/BROWSER FORUM

Citizen CA Certification Practice statement

WEBTRUST FOR CERTIFICATION AUTHORITIES SSL BASELINE REQUIREMENTS AUDIT CRITERIA V.1.1 [Amended 1 ] CA/BROWSER FORUM

ETSI TC ESI PRESENTATION TO CAB FORUM. ETSI All rights reserved

Technical Certificates Overview

ID Certificates (SMIME)

OB10 - Digital Signing and Verification

Global eid Developments. Detlef Eckert Chief Security Advisor Microsoft Europe, Middle East, and Africa

Simplify SSL Certificate Management Across the Enterprise

Auditor view about ETSI and WebTrust criteria. Christoph SUTTER

Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions

Symantec Managed PKI Service Deployment Options

Understanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions

Making Digital Signatures Work across National Borders

Implementation of eidas through Member States Supervisory Bodies

Automation for Electronic Forms, Documents and Business Records (NA)

Securing Identities & Trust

MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory. Chapter 11: Active Directory Certificate Services

Verification of digitally signed PDFs

ELECTRONIC PRESENTATION AND E-SIGNATURE FOR ELECTRONIC FORMS, DOCUMENTS AND BUSINESS RECORDS ALPHATRUST PRONTO ENTERPRISE PLATFORM

ING Public Key Infrastructure Technical Certificate Policy

Wildcard and SAN: Understanding multi-use SSL Certificates

Frost & Sullivan. Publisher Sample

Technical Description. DigitalSign 3.1. State of the art legally valid electronic signature. The best, most secure and complete software for

GlobalSign Digital IDs for Adobe AIR Code Signing

Guide Configuration of Adobe Reader for document Signature Validation

Microsoft Identity Lifecycle Manager & Gemalto.NET Solutions. Jan 23 rd, 2007

Trustis FPS PKI Glossary of Terms

OASIS Standard Digital Signature Services (DSS) Assures Authenticity of Data for Web Services

Securing Adobe PDFs. Adobe - Certified Document Services Registration Authority (RA) Training. Enterprise Security. ID Verification Services

Trusted Certificate Service

How much do you pay for your PKI solution?

SAFE Digital Signatures in PDF

Bugzilla ID: Bugzilla Summary:

Microsoft Trusted Root Certificate: Program Requirements

The Secure WebEx Meeting Experience

PKI Adoption Case Study (for the OASIS PKIA TC) ClinPhone Complies with FDA Regulations Using PKIbased Digital Signatures

Adobe PDF for electronic records

ENTRUST CERTIFICATE SERVICES

Certum QCA PKI Disclosure Statement

PRIME IDENTITY MANAGEMENT CORE

Protection Profiles for TSP cryptographic modules Part 1: Overview

MODERNIZING YOUR SSL CERTIFICATE MANAGEMENT

EuroCloud Deutschland_eco e.v. Cloud Computing is the future! For sure! But secure!

Wildcard and SAN: Understanding Multi-Use SSL Certificates

Managing SSL Security in Multi-Server Environments

esignature building block Introduction to the Connecting Europe Facility DIGIT Directorate-General for Informatics

Trust Service Principles and Criteria for Certification Authorities

CODE SIGNING. Why Developers Need to Digitally Sign Code and Applications entrust.com

ARTL PKI. Certificate Policy PKI Disclosure Statement

Validating Digital Signatures in Adobe

Transcription:

QuoVadis Group EUGridPMA Update September 2014

Overview Founded in 1999 in Bermuda, with particular focus providing PKI managed services to multinational organisations More than 3,500 customers Operations in Bermuda, Switzerland, Holland, Belgium, and UK Provide CA services to several NRENs (Managed SSL, Grid) Leadership in major segments of CA business 11 th largest SSL CA and 6 th largest EV SSL CA according to Netcraft (out of 80+ trusted CAs) Leading Qualified CA in Europe; multiple jurisdictions Significant expertise in digital signature solutions Roots are trusted in all major software including mobile devices Including distribution of next-generation SHA256 roots More international audits and certifications than any other CA

QuoVadis Offering Managed PKI Digital Certificates Signing Solutions Extenders for Ease of Integration: TLEWS Web Service BYOD Extender (SCEP) Secure email Gateway Extender (CMP) Trust/Link for SSL Trust/Link for End Users Trust/Link Enterprise SSL: Business (wildcard, SAN) Extended Validation End User: Standard (ETSI TS Advanced Advanced+ GRID Qualified: Netherlands (EU) Switzerland Bermuda sealsign Software Signing and Validation Service Personal Signing Service Smartcard Enrolment Extender Custom CAs National eid: SuisseID PKIoverheid Time-Stamping Service 3

Managed PKI Managed PKI service to easily manage the full lifecycle of digital certificates, from issuance through renewal or revocation, across numerous departments and locations. Easy-to-use Web console for rapid rollout Dependable costs, no client investment in CA infrastructure or operations Lifecycle management of all certificate types (SSL or End User) Real time issuance of certificates Easily scalable to large numbers of users Highly customizable by groups within account Delegated administration, with granular roles and flexible workflows Tailored signup forms and notification emails Certificate templates Reports and audit Optional API for integration with enterprise systems

Signing Solutions sealsign software In-house deployment allowing addition of digital signatures and validation to existing systems, such as e-invoicing and e-archiving Signing and Validation Service Signing as a service allowing customers to rapidly deploy mass signing on existing systems, with signing platform and certificates securely hosted by QuoVadis Personal Signing Service Signing as a service allowing individual users of enterprise applications and online transaction websites to digitally sign PDF documents from any web-enabled device Trusted Time-Stamping Service Adds independent verification of when a transaction occurred Adobe and Microsoft Automatically trusted signatures in Adobe Acrobat and Microsoft Office

EUGridPMA QuoVadis has been involved with the EUGridPMA since 2009. QuoVadis are accredited by the EUGridPMA according to the Classic X.509 CAs with secured infrastructure Authentication profile. The QuoVadis Root Certification Authority Certificate is included in the IGTF Distribution of Authority Root Certificates. QuoVadis seeks to become an independent/direct EUGridPMA member (previously we were proxied under SWITCH). QuoVadis will perform a self-audit in accordance with "Guidelines for auditing Grid CAs version 1.0" (GFD-I.169) and the relevant Authentication Profiles. The results of this audit will be presented at a future EUGridPMA meeting. QuoVadis seeks to be accredited under the "Profile for Member Integrated X.509 Credential Services with Secured Infrastructure (MICS).

Summary of our Audits and Accreditations The accreditations maintained by QuoVadis include: WebTrust for Certification Authorities WebTrust for Extended Validation WebTrust for Baseline Requirements Swiss Qualified Certification Services Provider SuisseID and Qualified Time-stamping Authority Netherlands Qualified Certification Services Provider PKIoverheid and eherkenning ISO/IEC 27001 Belgium Qualified TSP Bermuda Authorised Certification Services Provider

WebTrust for Certification Authorities WebTrust for CAs is the dominant commercial standard to assess CAs Managed jointly by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA). The annual WebTrust audit of QuoVadis is performed by Ernst & Young. To obtain and retain the WebTrust seal, the CA must meet all the WebTrust for CAs Principles and Criteria. The following areas are included in the scope of every WebTrust engagement 1. CA Business Practices Disclosure 2. Service Integrity Key Life Cycle Management Controls Certificate Life Cycle Management Controls 3. CA Environmental Controls

WebTrust for EV/ Baseline Requirements WebTrust for Extended Validation (EV) is used to assess a CA s controls against the CA/B Forum Guidelines for the Issuance and Management of EV Certificates. Created to provide basis for differentiating certificates which have stronger authentication standards. Only suitably accredited CAs may issue EV SSL certificates. WebTrust for Baseline Requirements (BR) is used to assess a CA s controls against the CA/B Forum Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates. A successful WebTrust for BR audit is required by the Browsers, such as Mozilla. The annual WebTrust for EV/ BR audits of QuoVadis are performed by Ernst & Young. The EV Guidelines/ BR require quarterly Internal Audit testing of at least 3% of SSL certificates issued.

Swiss Qualified Certification Services Provider ZertES is the Swiss digital signature law. Lays out requirements for electronic signature to achieve same legal status as hand written signature. ZertES accreditation is granted by the Swiss Accreditation Service (SAS) and the Swiss Federal Office of Communications (BAKOM) based on an audit by KPMG The following areas are included in the scope of the QuoVadis audit: The Certification Service Provider (CSP) requirements of ZertES, the accompanying VZertES regulatory provisions and also the more detailed Technical and Administrative Regulations Requirements for Time Stamping Authorities (TSA) based on ETSI TS 102.023 and ETSI TS 101.861 Requirements for Qualified Electronic Signatures according to ETSI TS 101.456, ETSI TS 101.862 and SR943.032.1

Netherlands Qualified Certification Services Provider PKIoverheid: the PKI designed for trustworthy electronic communication within and with the Dutch government. QuoVadis have PKIoverheid Issuing CAs under Dutch Government Root. QuoVadis is certified by BSI against the following requirements: ETSI TS 101 456 (Qualified Certificates) and ETSI TS 102 042 (for PKIoverheid SSL/EV); Dutch Digital Signature Law (Dutch Besluit Elektronische handtekeningen); The following PKIoverheid Program of Requirements: Part 3a (Personal certificates, Organisational) Part 3b (Services/SSL) - based on Baseline Requirements Part 3c (Citizen) Part 3e (EV SSL) this is based on the EV Guidelines but has additional requirements QuoVadis are supervised by the Netherlands Authority for Consumers and Markets (ACM). QuoVadis are also audited by Logius and ACM. QuoVadis is supervised as a CSP in Belgium by FOD Economie on the basis of the Dutch accreditation.

Questions Barry Kilborn: b.kilborn@quovadisglobal.com Stephen Davidson: s.davidson@quovadisglobal.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information