2002 10 21 Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.

Slides:



Advertisements
Similar presentations
© fedict All rights reserved Legal aspects Belgian electronic identity card Samoera Jacobs – November 2008.
Advertisements

The Implementation Structure DG AGRI, October 2005
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May , 2000, Paris, Folie 1/18Klaus J. Keus, BSI Electronic Signatures in Germany,
MODULE B - PROCESS B1.ASME Organizational Structure B2.Standards Development: Staff and Volunteer Roles and Responsibilities B3.Conformity Assessment:
Telia Research AB György Endersz European Electronic Signature Standardisation Initiative EESSI Workshop Barcelona, György Endersz,
Telia Research AB György Endersz European Electronic Signature Standardisation Initiative EESSI Budapest Seminar at the Hungarian Communication.
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
Voluntary instruments Daniel Hajek 1.Environmental labelling 2.EMAS 3.Cleaner productions 4.Green public procurement 5.Voluntary agreements Voluntary.
1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.
Conformity Assessment Practical Implications InterAgency Committee on Standards Policy June 2007 Gordon Gillerman Conformity Assessment Advisor Homeland.
PUBLIC SECTOR INTERNAL AUDIT IN THE REPUBLIC OF LITHUANIA Mr. Jonas Vaitkevičius Head of Internal Audit and Financial Control Methodology and Monitoring.
Jaroslav Pinkava May 2001 Certification Authority in Praxis. Security Aspects. Conference Security and Protection of Information Ing. Jaroslav Pinkava,
PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.
EESSI European Electronic Signature Standardisation Initiative
1 Review of the Electronic Transactions Ordinance Information Infrastructure Advisory Committee 9 April 2002.
Legal Issues on PKI & qualified electronic certificates. THIBAULT VERBIEST Attorney-at-law at the Brussels and Paris Bar Professor at the Universities.
Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.
EESSI Overview - 1August 2002 EESSI European Electronic Signature Standardisation Initiative Implementing Electronic Signature.
DIGITAL SIGNATURE AND ELECTRONIC DOCUMENTS IN ITALY Prof. Pierluigi Ridolfi AIPA Authority for Information Technology in the Public Administration V. Solferino,
EMS Auditing Definitions
The Estonian Electronic Signature Legislation and case studies EESSI Seminar Budapest, Taavi Valdlo Estonian Informatics Centre
European Electronic Signature Standardization
Workshop on registered electronic mail policies and implementation Ankara, March 2015 Davide Mula REM country practice in legal infrastructure,
The European Railway Agency in development
Objective ITY-ADQ ESSIP Plan 2014 Ana Paula FRANGOLHO DSS/EIPR
ECO-MANAGEMENT AND AUDIT SCHEME Performance, credibility, transparency Accreditation & Registration Systems in EMAS.
The New EMC Directive 2004/108/EC and the DTI transposition Brian Jones and Peter Howick.
National Smartcard Project Work Package 8 – Security Issues Report.
10th Baltic Electronic Communications & Postal Services Regulators’ Meeting Latvia, 29 August 2013 Postal market supervision Kristina Masiulytė Acting.
IT Security Policy in Japan 23 September 2002 Office of IT Security Policy Ministry of Economy, Trade and Industry JAPAN.
8 Nob 06 / CEN/ISSS ETSI STF 305: Procedures for Handling Advanced Electronic Signatures on Digital Accounting CEN/ISSS Workshop.
1 PKI SYSTEMS Concepts, Processes, Components TÜRKTRUST Information Security Services Inc. Mert ÖZARAR Project Senior Engineer
"certification service provider" Electronic Signatures
E-Signatures The Community framework on e-signatures (Directive 1999/93/EC) Dr Ioannis Iglezakis Visiting Lecturer University of Thessaloniki, Greece.
IBT- Electronic Commerce The Legal Infrastructure Victor H. Bouganim WCL, American University.
REPUBLIC OF CROATIA STATE OFFICE FOR METROLOGY Conformity Assessment Procedures of the „New Approach“ of EU illustrated by the Measuring Instruments Directive.
Railway Transport Equipment (RTE) Certification Railway Transport Equipment Certification Procedure Application for railway transport equipment certification.
N° 1 The European railway Agency: an engine for the integrated railway area EFRTC, Vilamoura on June 24 TH 2005 Olivier PIRON 24 June 2005.
PUBLIC SECTOR FINANCIAL CONTROL OF THE REPUBLIC OF LITHUANIA By Ms Daina Vaivadienė Chief Specialist of the Internal Audit and Financial Control Methodology.
BASIC LEGAL ACTS OF LITHUANIA IN THE SPHERE OF SCIENCE AND STUDIES 1. Law on Higher Education (Seimas of the Republic of Lithuania | Law | VIII-1586.
1 ACCREDITATION – BG situation April 2014, Prague STATE AGENCY STATE AGENCY FOR METROLOGICAL AND TECHNICAL SURVEILLANCE TECHNICAL SURVEILLANCE 1.
© Siemens AG 2014 Alle Rechte vorbehalten.siemens.com/lowvoltage New Legislative Framework (NLF) Sektor Infrastructure & Cities | Division Low and Medium.
Meeting of the TEMPUS DoQuP Project –Workshop on “Documentation for Quality Assurance of Study Programs" 1-6 May 2012, Bishkek, Kyrgyzstan Accreditation.
STATE COMMITTEE for STANDARDIZATION of the REPUBLIC of BELARUS.
ENTERPRISE AND INDUSTRY DIRECTORATE GENERAL European Commission 1 PECAs David Eardley DG Enterprise and Industry European Commission Tel: 032 (2)
Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March Electronic Signature infrastructure for Europe Riccardo Genghini Cen/Isss.
UNITED NATION ECONOMIC COMMISSION FOR EUROPE First meeting of regulators from South East European countries Technical regulation in the Republic of Moldova.
EESSI June 2000Slide 1 European Electronic Signature Standardization Hans Nilsson, iD2 Technologies, Sweden.
The New Approach and GPSD. Council Resolution of 7 May 1985 on a new approach to technical harmonization and standards [OJ C136 of June 1985] New Approach.
European Aviation Safety Agency Head of Aircraft Product Certification
Authorization Part III. Content of a license Structure of a license General elements General and specific conditions Annexes Documents attached (e.g.
E-SIGNED DocFlow SYSTEM in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE – E-Business Development Consultant.
Deputy Head of Federal Accreditation Service Sergey V. Migin Approximation of accreditation systems of European Union and Russia.
CLAUDIA PANAIT TAIEX Expert – European Commission Legal Adviser Ministry of Health, ROMANIA.
Lithuanian Water Suppliers Association LEGAL REGULATION OF WASTEWATER DISPOSAL AND TREATMENT IN LITHUANIA.
Ministry of Finance Compliance assessment of the management and control systems of the managing authorities under the Operational programmes. Conclusions.
Harmonised use of accreditation for assessing the competence of various Conformity Assessment Bodies Dr Andreas Steinhorst, EA ERA workshop 13 April 2016,
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.
INSPIRE and the role of Spatial Data Interest Communities (SDIC)
TRANSPORT SCIENCE: INNOVATIVE BUSINESS SOLUTIONS
66 items – 70% of circulated products
Dr. Stephan Finke Deutsche Akkreditierungsstelle GmbH
Reform of State Surveillance Service in Russia
PRESENTATION OF MONTENEGRO
Objective ITY-ADQ ESSIP Plan 2015 Ana Paula FRANGOLHO DPS/PEPR
PRESENTATION OF MONTENEGRO
ELECTRONIC DOCUMENT: LITHUANIAN EXAMPLE
PRESENTATION OF MONTENEGRO
OIML Certification System (OIML-CS)
Overview of the recommendations on software updates
Presentation transcript:

Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic of Lithuania

Electronic Signature Law (1) Came into force on 11 July, 2000 and is based on the Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures Changes of Electronic signature law were made on 6 June, 2002

The law regulates the creation, verification, and validity of electronic signature, signature users’ rights and obligations, establish the certification services and requirements of their providers and the rights and functions of the institution of electronic signature supervision Technological neutrality principle is held and several general principles of PKI are defined Electronic Signature Law (2)

Secure-electronic signature created by a secure-signature creation-device and based on a qualified-certificate which is valid, shall have the same legal force that a hand- written signature in written documents has and shall be admissible as evidence in court If parties agree - electronic signature will have the same force that a hand-written signature in written documents has and shall be admissible as evidence in court (amendment of Electronic signature law on July 6, 2002) Electronic Signature Law (3)

Electronic signature supervision institution By the Resolution Nr. 568 the Government of the Republic of Lithuania on April 27, 2002 has transferred function of Electronic signature supervision institution to the Informational Society Development CommitteeBy the Resolution Nr. 568 the Government of the Republic of Lithuania on April 27, 2002 has transferred function of Electronic signature supervision institution to the Informational Society Development Committee The Informational Society Development Committee organises and coordinates processes related to the development of information societyThe Informational Society Development Committee organises and coordinates processes related to the development of information society

Directive 1999/93/EC The law on electronic signatures June 11, 2000 (amended on June 6, 2002) Legislative functions Registration of service providers Voluntary accreditation Supervision body (Information Society Development Committee) April 23, 2002 ETSI, (EESSI ) standards

Legal Acts Regulating Electronic Signature Acts within competence of Government : Requirements for certification service providers issuing qualified certificates Requirements for electronic signature creation devices The procedure for registration of certification service providers issuing qualified certificates The order of supervision of electronic signature

Acts within competence of supervision institution: Requirements for electronic signature verification procedure Requirements and the order for voluntary accreditation of certification service providers The order of supply of supplementary certification services (time-stamping, directory services, consultancy services) Legal Acts Regulating Electronic Signature in Lithuania (Follow-up)

Levels of standardization and regulation E.g. Germany, Italy: EU DirectiveNational implementation Level 1 Level 1 Level 2 Level 2 Level 3 Level 3 Level 4 Level 4 Source: European Electronic Signature Standardization Initiative (EESSI) Final report of the EESSI expert team 20 July, 1999 Signature Law Ordinance Technical Rules Standards Directive Annexes Supervision Conformity assessment National legislation National decree (high-lev reqs) International functional and quality standards International interoperability standards

Lithuanian standards regulating electronic signature infrastructure LST ETSI TS – Policy requirements for certification authorities issuing qualified certificates LST ETSI TS – Electronic signature formats LST ETSI TS – Time stamping profile LST ETSI TS – Qualified certificate profile LST ETSI TS – Policy requirements for time-stamping authorities LST ISO – IEC – Information technology – Code of practice for information security management LST CWA – Secure signature-creation devices “EAL4” LST CWA – Security requirements for signature creation applications LST CWA – Procedures for electronic signature verification

LST CWA – Security requirements for trustworthy systems managing certificates for electronic signatures – Part 1: System security requirements LST CWA Security requirements for trustworthy systems managing certificates for electronic signatures – Part 2: Cryptographic module for CSP signing operations – Protection profile (MCSO-PP) LST CWA Security requirements for trustworthy systems managing certificates for electronic signatures – Part 3: Cryptographic module for CSP key generation services LST ISO 9001:2001 – Quality managements systems. Requirements LST ISO/IEC – Information technology – Security techniques – Evaluation criteria for IT security Part 1: Introduction and general model Part 2: Security functional requirements Part 3: Security assurance requirements Lithuanian standards regulating electronic signature infrastructure (follow-up)

Requirements for Certification Service Providers Issuing Qualified Certificates Based on the Annex II of the Directive 1999/93/EC Functions of service providers: – –Registration – –Creation of qualified certificates – –Managing of certificate's data and it’s revocation Requirements for internal administration : – –Approved and publicly promulgated certification regulations – –High education and qualified specialists – –Civil liability assurance – –Recommended quality management systems LST ISO 9001:2001

Requirements on service providing: – –Purvey information about certificates any time – –Record date and time of certificate's creation, suspension and revocation – –Reserve information set by certificate's rules Liability of service providers: – –Registration can be suspended or revoked – –Damage shall be compensated according to the procedure established by laws Reference to LST ETSI TS standard Requirements for Certification Service Providers Issuing Qualified Certificates (Follow-up)

Requirements for Electronic Signature Devices Sets requirements for devices used by service providers: – –Measures and components for certification service only – –Sheltered from unauthorized changes – –Secure technical and crypto graphical safety of executable functions – –Control every action that can influence work of certificate’s operating system – –Trustworthy system which is assured to EAL4 or higher – –Manufacturer’s declaration or conformity certificate of accredited authority – –Reference to Lithuania standards LST CWA and LST CWA

Sets requirements for signature creation devices: – –Secure signature creation device, ensured by password and/or biometrical data – –Trustworthy crypto graphical and data formative algorithms – –Manufacturer’s declaration or conformity certificate of accredited authority – –Trustworthy system which is assured to EAL4 or higher – –Reference to Lithuania standards LST CWA and LST CWA Based on Directive 1999/93/EC Annex 3 Sets requirements for signature verification devices: – –Trustworthy verify electronic signature – –Any security-relevant changes can be detected – –Reference to Lithuania standards LST CWA Based on Directive 1999/93/EC Annex 4 Requirements for Electronic Signature Creation Devices (Follow-up)

The Procedure for Registration of Certification Service Providers Issuing Qualified Certificates Objective of service providers registration – collect information about service providers to ensure supervision of electronic signature – –Sets procedure of application submission – –Terms Data and documents of service provider – –Order of application examination – –Ability to correct or renew data and documents – –Notice in writing about possible suspension of registration – –Suspension of registration, in case, notified defects are not removed – –Revocation of registration, in case, notified defects are not removed in additional terms

The Order of Supervision of Electronic Signature Defines relations between the Committee and certification service providers Object of supervision – certification service providers issuing qualified certificates or which purvey facilities related to qualified certificates Objectives of supervision: – –Take part in implementation of national policy in electronic signature – –Coordinate activities of qualified service providers – –Supervise how service providers observe determined requirements – –Pursue compatibility of electronic devices in national and international scale Measures of supervision: – –Preparation of legal acts – –Registration and accreditation of service providers – –Succession of certificate’s data when service provider stops activities – –Reports to parliament and government Sets objectives andSets objectives and

Thank You Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic of Lithuania Gedimino pr. 11 LT-2039 Vilnius Lithuania Ph.: (370 2) Fax.: (370 2) WEB: