e-sign consultation results
TRANSCRIPT
-
7/24/2019 E-Sign Consultation Results
1/37
,
.
-
7/24/2019 E-Sign Consultation Results
2/37
1. .......................................................................................................... 3
2.
..................................................................................................... 4 ................................................................ 4.......................................... 7
3. ..................................................................................................... 10
............................................... 10..................................................................... 13 ............................................................................... 15................................................................... 20 ....................... 21
4. .......................................... 25
............................................................................................................. 25................................................................................................................................. 26
.............................................................................................................. 29
5. ...................................................... 32
.................... 32
6. ......... 35
7. ................................................................................................... 37
............................................................................... 37
- -2
-
7/24/2019 E-Sign Consultation Results
3/37
1.
,
, .
12
30 2001 .
,
.
, ,
(17) ,
. ,
,
.
- -3
-
7/24/2019 E-Sign Consultation Results
4/37
2.
, ,
. ,
/
, :
.
,
.
150/2001,
.
1: ., ;
16/17 - .
1/17 .
2/17 , / :
(CPS) , (Certification Policy) (2/17).
, , (1/17).
(2/17). , (1/17)
.
- -4
-
7/24/2019 E-Sign Consultation Results
5/37
/ (1/17).
:
- (4/17) (1/17),
- , (4/17),
- (1/17).
(1/17).
( ) (attribute) , (3/17).
,, , PIN /(1/17).
() / (5/17).
(CertificationAuthority CA) (RA).
/ (4/17). .
(.. , smart card) .(1/17) (.. smart card) (1/17).
- -5
-
7/24/2019 E-Sign Consultation Results
6/37
() CA (1/17).
,
(1/17).
(1/17).
CA , PKI (1/17).
, (1/17).
() (1/17).
, CPS , , , (1/17).
(1/17).
CA RA ( )(1/17)
RA CA (1/17).
() (1/17).
/ (Cessation of Operation) : , (,) (1/17).
, , (Superceded) (1/17)
150/2001 (), , .. ,, / (1/17).
- -6
-
7/24/2019 E-Sign Consultation Results
7/37
, , (, , key distribution,...), ( security flaws), (1/17).
:
(Certificate Hold), ,
(1/17). (1/17) (certificate suspension) (.. (compromise) ).
,
. :
, , ,
,
:
() ,
()
,
, ,
, .
,
.
,
.
- -7
-
7/24/2019 E-Sign Consultation Results
8/37
() ,
, ,
().
() ,
,
, , , .
2: ;;, , ;
(10/17).
1 10 ,.
(3/17).
(3/17).
1 17 .
:
- (5/17)
- (4/17)
- (1/17)
- (1/17)
- 1(2/17)
-
(1/17)- (1/17)
1 . () , . CPSs CAs, Globalsign Verisign.:
- 90 -
- (CRLs) online .
- -8
-
7/24/2019 E-Sign Consultation Results
9/37
- (1/17)
:
- , ,(1/17)
- (1/17)
- (2/17)
- CPS /(1/17)
- (cross certification) (4/17)
- (1/17)
- (1/17)
- (1/17)
- (1/17)
- (1/17)
- , (1/17)
-
, (1/17)
- (1/17)
- -9
-
7/24/2019 E-Sign Consultation Results
10/37
3.
150/2001 :
()
() ,
) )
, .
.
3: ; ;
2/17 .
4/17 . () . 150/2001, CPS .
: RFC3039 Qualified Certificates Profile [3] TS 101 862 QualifiedCertificate Profile [5] TSI.
1/17 .
1/17 . , 99/93 ,
. , &
- -10
-
7/24/2019 E-Sign Consultation Results
11/37
- - . , ( 3 . 2) , () (2231/94, 8 2542/98), , , . , ISOGuides, 45000, WELAC,WECC, EAC .
2/17 , .
, ,.
6/17 (), . ( ) (...).
, ,
: 1) ( ), 2) ( ) ..... (. 2 . 12) software & hardware (.. , , ...., ...) ... ,
() .
... ( ) (....), ,() .. (). ,
( )
- -11
-
7/24/2019 E-Sign Consultation Results
12/37
.... ( ), , ,) , ) - - - ( - - ) . 31 .. .
, ()
.
, ..., .
, , , (Certificate Practice Statement).
1/17 : , card
personalization hotline, ()
.
:
8/17 .
4/17 . , 2/17
- -12
-
7/24/2019 E-Sign Consultation Results
13/37
TSI RFC 3039 Qualified Certificates Profile, 3/17TSI TS 101 862 Qualified Certificate Profile, 2/17 ETSI 101 4562.
.509 , 150/20013.
2/17 , . , (.. e-commerce transactions ).
1/17 , (, -) 1/17. (1/17) , , .
.
,
(certification path)
,
. ,
.
,
, ,
2 , ETSI 101 456 , .3 , CPS
( (, , ), 10.
- -13
-
7/24/2019 E-Sign Consultation Results
14/37
(Root Certification Authority).
,
. , ,
,
. ,
, .
, .
4: , ; ,
;
:H EETT (10/17).
(3/17).
(3/17).
1 17 .
:
- ,, , (3/17)
- Root (2/17)
- ,, Root CA, (1/17)
- (1/17), Root CA ( Microsoft Outlook Explorer, Netscape Navigator, .) , (1/17)
- (3/17)
- Root CA (2/17)
- ,
(single point of failure) (3/17)
- -14
-
7/24/2019 E-Sign Consultation Results
15/37
- CPS (1/17)
- (1/17)
- (1/17)
:
- , (2/17)
- (cross-certification) (2/17)
- -(cross-certification centers) (1/17)
- -.. 9 99/93 (1/17)
- (off-line)(1/17)
- Bridge CA (1/17)
- (1/17)
:2 17 . , . (Root CA) , .
,
. 150/2001,
/ .
,
.
- -15
-
7/24/2019 E-Sign Consultation Results
16/37
.
,
.
,
.
,
.
5: ;
;,, ;; ; , ;
1/17 , 3/17 .
8/17 4.
2/17 ' , . , ( )
. , , ' .
1/17 . , ,
4 , ,
( ) .
- -16
-
7/24/2019 E-Sign Consultation Results
17/37
, (.. ) . , , , o..., . ( ( ) ( ) ).
1/17 ,
(1/17), , .
,
4/17 , (1/17 ), 2/17 , 2000/709/
. , ( , ,, ...).
1/17 , , (1/17) , (1/17) , (expertise) (1/17) (1/17) , ,).
, , (), ( ), .
1/17
,
- -17
-
7/24/2019 E-Sign Consultation Results
18/37
, , , ( ), .
1/17 / ,CWA 14172: EESSI Conformity AssessmentGuidance parts 1-3, .
(1/17) :
-, (),
- , , (
),, (CertifiedInformation Systems Auditor CISA) InformationSystems Audit and Control Association (ISACA, http://www.isaca.org),
, ,,, , , , , (
(PKI), , ), , (liability), (insurance) (PKI), , CPS .
1/17 , , , . :
- -18
http://www.isaca.org/http://www.isaca.org/ -
7/24/2019 E-Sign Consultation Results
19/37
, , , .
1/17 :
-EN 45001/ISO 17025, EN 45011/12 ,
- IT-security ITSEC, CC, IT BS 7799, .
4/17 .
6/17 .
7/17 .
12/17 ( ) (). , , , () .
, . .... , . . .
, . (5/17)
- -19
-
7/24/2019 E-Sign Consultation Results
20/37
.
1/17 , .
4/17 .
.
6: .
; ; ;
(8/17) 5 6 .
(6/17) 7.
2 17, 1 17 .
:
5 , . .6 1 8
7 1 6 .
- -20
-
7/24/2019 E-Sign Consultation Results
21/37
- 4 . 1 150/2001 (1/17)
- (2/17)
- (2/17)
- (1/17)
:
- 3 . 1 150/2001 (1/17)
- (1/17)
- ,, TS 101 456 Policy requirements for certification authorities issuing qualified
certificates ETSI (1/17)
CPS . (1/17)
150/2001 (, .)
. ,
-
.
.
7: 150/2001;, , ;
3/17 .
1/17 / .
1/17 . (1/17)
- -21
-
7/24/2019 E-Sign Consultation Results
22/37
(security concept) .8
1/17 ETSI 101 456 CEN-CWA 14167-1, :
. (Certificate Practice Statement - CPS) () ,
(Hardware-Software), (),
. - ,
. -, (, ,
, -, ...),.
(.., , ...). 150/2001, .
1/17 ' , . , ,, , , ' , , .
8 ,.
- -22
-
7/24/2019 E-Sign Consultation Results
23/37
1/17 ,
, , ,.
1/17 , , Web Trust for Certification Authorities9, (root key generation ceremony)., (6 12 ).
1/17 , CENCWA 14172 :EESSI Conformity Assessment Guidance parts 1, 2 and 3, ETSI TS 101456: Policy Requirements for Certification Service Providers Issuing Qualified
Certificates CEN CWA 14167: Security Requirements for TrustworthySystems Managing Certificates for Electronic Signatures, ETSI TS 101 862: Qualified Certificate Profile.
1/17 .... , , .
1/17 : (),(),(),(),(),(),(),(),(),()
(CPS) (). () , . () , . , CPS .
9 Web Trust for CertificationAuthorities,.
- -23
-
7/24/2019 E-Sign Consultation Results
24/37
-
7/24/2019 E-Sign Consultation Results
25/37
4.
150/2001,
,
,
( ),
.
.
150/2001,
, .
150/2001 (
).
8: , , , ;150/2001;
:(7/17) . (1/8), (1/8), Deloitte & Touche (1/8) (1/8),, CEN CWA 14172 EESSI Conformity Assessment Guidance part 5(1/8), (1/8), CC ITSEC (1/8) (3/8).
(2/17) .
, (8/17) 10.
:8 17 .III:
10 1 8 ITSEC FIPS PUB 140-1 .
- -25
-
7/24/2019 E-Sign Consultation Results
26/37
- (1/8)
- (1/8)
- (1/8)
- Web Trust for Certification Authorities (1/8)
- III CEN CWA 14172: EESSI Conformity Assessment Guidance part 5 CWA 14168:Secure Signature-Creation Devices version EAL 4. , - CWA 14168: Secure Signature-CreationDevices version EAL 4 (2/8)
- T standards .. 11
- , (. FIPS 140-1 level 3 EAL 4 , ISO 15408 Common Criteria for IT security evaluation CWA 14170 Security Requirements for Signature CreationSystems) (1/8)
CC ITSEC (1/8).
,
3 5 9 99/93/ (L
013 19/01/2000, . 12-20),
()
150/2001.
,
,
150/2001.
) CEN/ISSS WS/E-Sign Security Requirements for Signature Creation
Systems .
11
- -26
-
7/24/2019 E-Sign Consultation Results
27/37
) Common Criteria for Information Technology security evaluation ISO/IEC
15408: Information Technology Security Techniques- Evaluation Criteria
for IT security EAL 4.
) Information Technology Security Evaluation Criteria- ITSEC Evaluation
E 3
L3
E2.
) FIPS PUB 140-1 level 2 Security Requirements For Cryptographic
Modules.
9: ;;
5/17 .
1/17 , ISO, IEC,CEN, CENELEC, ETSI ,
.
11/17 ( ). (...) , ... , 150/2001,
. , PC key pair PC. , , , () , .... (4/11) .
:
- -27
-
7/24/2019 E-Sign Consultation Results
28/37
1/17 .500 ITU, (1/17), CWA 14168 : Secure Signature-Creation Devices version EAL 4 III,ETSI TS 101 456: Policy Requirements for Certification Service Providers Issuing
Qualified Certificates II, ETSI TS 101 862 :Qualified Certificate Profile - I, CEN CWA 14167:SecurityRequirements for Trustworthy Systems Managing Certificates for Electronic
Signatures - II (), CWA 14172: EESSI Conformity AssessmentGuidance parts 1-3, ,CWA 14172: EESSI Conformity Assessment Guidance part 5- , O .,FIPS 140-1 level 3 or Higher, CWA 14170: Security Requirements for Signature
Creation Systems, Version 3,0 EAL 4 ISO 15408 , (Certification Authority), , backup and recovery
, (1/17) FIPS 140-2, (1/17) : TS 101 456 Policy requirementsfor certification authorities issuing qualified certificates ETSI, ( , ) FIPS 140-1 level 3 EAL4 ISO 15408 (Common Criteriafor IT security evaluation) [8], , , : FIPS 140-1 level 3 (rootCA) FIPS 140-1 level 2 , (RA) FIPS 140-1 level 1. To CPS Globalsign , ANSI X9.66. To CEN /ISSSWS/E-sign Security Requirements for signature creation systems (CWA14170) Evaluation Assurance Level (EAL) 4ISO 15408. TDTI (Department of Trade and Industry) CESG (British Governments Communications and Electronics Security Group) ITSEC (UK Information Technology Security and Evaluation Criteria) . , , TS 101 456 Policy
requirements for certification authorities issuing qualified certificates[4] ETSIRFC 2527 Internet X.509 PKI Certificate Policy and CertificationPractices Framework [1], ISO 17799 Code of practice for information security management[9]. EAL3/E2 , EAL 4 ETSI CEN/ISSS, Verisign (root CA).
- -28
-
7/24/2019 E-Sign Consultation Results
29/37
,
.150/2001
) Common Criteria for Information Technology security evaluation ISO/IEC
15408: Information Technology Security Techniques- Evaluation Criteria
for IT security EAL 4 ,
) Information Technology Security Evaluation Criteria- ITSEC Evaluation
E 3
L3
E2.
) FIPS PUB 140-1 level 2 Security Requirements For CryptographicModules ,
) CEN/ISSS WS/E-Sign Security Requirements for Trustworthy Systems
Managing Certificates for Electronic Signatures
(Hash algorithms)
) SHA-1 FIPS PUB 180-1: Secure Hash Standard ,
) RIPEMD ISO/IEC10118-3 : IT Security techniques Hash-Functions Part 3:
Dedicated Hash -Functions
(Signature Algorithms)
) PKCS#1 RSA Encryption Standard ,
) DSA FIPS PUB 186-1: Digital Signature Standard,
) DSA variants, based on elliptic curves:
ISO/IEC 148883-3 :IT Security Techniques- Digital signatures with appendix
Part3.
IEEE Standard P1363 Section 5.3.3.
IEEE Standard P1363 Section 5.3.4.
2006 .
.
10: ;;
- -29
-
7/24/2019 E-Sign Consultation Results
30/37
(8/17) .12
6 17 .
4 17 . :
CWA 14168: Secure Signature-Creation Devices version EAL 4- III
ETSI TS 101 456: Policy Requirements for Certification Service Providers Issuing
Qualified Certificates II.
ETSI TS 101 862: Qualified Certificate Profile I
CEN CWA 14167: Security Requirements for Trustworthy Systems Managing
Certificates for Electronic Signatures II ()
CWA 14172: EESSI Conformity Assessment Guidance parts 1-3 K
CWA 14172: EESSI Conformity Assessment Guidance part 5 III
FIPS 140-1 level 3 or Higher, CWA 14170: Security Requirements for Signature
Creation Systems, Version 3,0 EAL 4 ISO 15408 , , back up .
RIPEMD-160, browsers .
(hash algorithm)
MD5
SHA-256
Tiger (192-bit)
RFC 2527 Internet X.509 PKI Certificate Policy and Certification Practices
Framework IETFRFC 2459 Internet X.509 PKI Certificate and CRL profile F
RFC 3039 Qualified Certificates Profile IETF
S 101 456 Policy Requirements for certification authorities issuing qualified
certificates TSI
ANSI X9.79 PKI practices and policy framework
121 8 .
- -30
-
7/24/2019 E-Sign Consultation Results
31/37
ISO 17799 Code of practice for information security management, TS 101 456 Policy requirementsfor certification authorities issuing qualified certificates ETSI .
1 4 .
- -31
-
7/24/2019 E-Sign Consultation Results
32/37
5.
. 150/2001,
. ,
. , ,
.
11:
; ;
3/17 .
8/17 . , (nulla poena sine lege), leximperfecta. , , ( ) 13. ().
(2/17) , ( ,
), 150/2001, , . .
13 .
- -32
-
7/24/2019 E-Sign Consultation Results
33/37
(., ..).
, , ( ) , . , .
1/17
, (1/17) .... , , .
( ), on line,
.
2/17 . , , 3.1 , , , ( ) 14. , , , 15.
14, 4.8 150/2001.15, :,9,
- 99/93, (.. ) .
- -33
-
7/24/2019 E-Sign Consultation Results
34/37
,
150/2001.
12:
;
(11/17) .
(4/17) .
1 17 : (FIPS140-1 level 3 EAL4 ISO 15408 Common Criteria for IT security evaluation).(. ISO )
( (. CCTOOL EAL ISO 17799, standard security policies/CPSs, sufficient auditmechanisms).
1 17 .
, :
- (1/11)
- (1/11)
- (2/11)
- - (1/11)
- (4/11)
- (1/11)
- 45001/11/12 ISO17025
- -34
-
7/24/2019 E-Sign Consultation Results
35/37
6.
150/2001 IV .
13: ; ;
7/17 .
5/17 . , .
.
, VI
. , . , , . . , , , - (time related non-repudiation) TS 101733 Electronic Signature Formats [6].
1/17 .
(1/17) , , , CWA 14171 Procedures forElectronic Signature Verification V 1.0.5.
- -35
-
7/24/2019 E-Sign Consultation Results
36/37
1/17 , CC/ITSEC.
1/17 , , - ., , IV custom-made ... .
( ) ( ) IV ( ), ( ) ( .. OID extended Certificate Policies )16.
1/17 V, . , V ..
16 IV ( ), ,
, .
- -36
-
7/24/2019 E-Sign Consultation Results
37/37
7.
1. ..2. EBEA
3. 4.
5. IOY . & 6. -..7. OTENET
8. 9. ADACOM .10. DELOITTE & TOUCHE
11. ENCODE A.E.
12. EUROBANK
13. EXPERTNET A.E.
14. GLOBAL SIGN
15. SPACE HELLAS
16. STET HELLAS ...17. TUVIT