"certification service provider" Electronic Signatures

Slides:

Advertisements

Similar presentations

The Managing Authority –Keystone of the Control System

Advertisements

Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May , 2000, Paris, Folie 1/18Klaus J. Keus, BSI Electronic Signatures in Germany,

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Chapter 3 Health Care Information Systems: A Practical Approach for Health Care Management 2nd Edition Wager ~ Lee ~ Glaser.

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.

Naklo, A.Komšo 1 eInvoices and Tax Regulation Andja Komšo Tax Administration.

“Reform of the Child Care System: Taking Stock and Accelerating Action” South East Europe 3 – 6 July 2007, Sofia.

Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.

PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.

Regulation (EC) No. 765/2008 on accreditation and market surveillance

1 Review of the Electronic Transactions Ordinance Information Infrastructure Advisory Committee 9 April 2002.

Legal Issues on PKI & qualified electronic certificates. THIBAULT VERBIEST Attorney-at-law at the Brussels and Paris Bar Professor at the Universities.

Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.

Spring Conference of the European Privacy Commissioners 2002 in Bonn 1 Privacy Protection Audit/Seal of Quality - Practical Experience Dr. Helmut Bäumler.

DIGITAL SIGNATURE AND ELECTRONIC DOCUMENTS IN ITALY Prof. Pierluigi Ridolfi AIPA Authority for Information Technology in the Public Administration V. Solferino,

COEN 351: E-Commerce Security Public Key Infrastructure Assessment and Accreditation.

Some initiatives of the Belgian government in order to stimulate E-government Frank Robben General manager Crossroads Bank for Social Security Sint-Pieterssteenweg.

1 Reform of the EU regulatory framework for electronic communications What it means for Access to Emergency Services Reform of the EU regulatory framework.

An ASEAN Mutual Recognition Arrangement for Tourism Services Professor Chris Cooper Bangkok December 2006 Professor Chris Cooper Bangkok December 2006.

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

EXCiPACT TM Certification 3rd Party Certification for Pharmaceutical Excipient Suppliers EFCG Update at CPhI, 9 th October 2012 Frithjof Holtz, Merck KGaA.

| | Seite 1 Basic Principles of Insurance Supervision Duties and Operation of a Supervisory Authority under Coordinated European Legislation.

Ministry of Transport, Information Technology and Communications Technological base: Interoperability Tsvetanka Kirilova Ministry of TITC Bulgaria.

Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy.

Use of Electronic Digital Signature in the Russian Federation.

Digital Signature Technologies & Applications Ed Jensen Fall 2013.

ECO-MANAGEMENT AND AUDIT SCHEME Performance, credibility, transparency Accreditation & Registration Systems in EMAS.

Evgeny A. Gorbunov, General Director, Union of Aviation Industrialists

PROPOSALS THE REVIEW OF THE 1958 AGREEMENT AND THE INTRODUCTION OF INTERNATIONAL WHOLE VEHICLE TYPE APPROVAL (IWVTA) IWVTA Informal Group WP th Session.

S3: Module D Physikalisch-Technische Bundesanstalt Session 3: Conformity Assessment Module D Peter Ulbig, Harry Stolz Belgrade, 31 October.

Circulation of authentic instruments under Regulation 650/2012 speaker – Ivaylo Ivanov – Bulgarian Notary Chamber.

Niall Curran E-Commerce Division Department of Public Enterprise

1 INTERREG IIIB “ATLANTIC AREA” Main points of community regulation 438/2001 financial management and control systems EUROPEAN COMMISSION SPAIN.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Regional Policy Major projects approval process in Brendan Smyth DG REGIO.

1 Security-related internal market measures on explosives FEEM AGM, Brussels, 5 June 2013 Julian Foley Desk Officer – Civil explosives and pyrotechnic.

A project implemented by the HTSPE consortium This project is funded by the European Union SECURITY AND CITIZENSHIP JUSTICE

New Implementing Regulation DG Enterprise on the Administrative Requirements for the approval and market surveillance of 2- or 3-wheel vehicles and quadricycles.

WORKSHOP, Nicosia 2-3rd July 2008 “Extension of SAFETY & QUALITY Common Requirements to the EMAC States” Item 3 : Regulatory Context Peter Stastny EUROCONTROL.

Risks of data manipulation and theft Gateway Average route travelled by an sent via the Internet from A to B Washington DC A's provider Paris A.

FOURTH EUROPEAN QUALITY ASSURANCE FORUM "CREATIVITY AND DIVERSITY: CHALLENGES FOR QUALITY ASSURANCE BEYOND 2010", COPENHAGEN, NOVEMBER IV FORUM-

Infrastructure for qualified electronic Signatures in Germany Jürgen Schwemmer Moscow, 17th April 2014.

UNECE – SIDA “ SOUTH EAST EUROPE REGULATORY PROJECT” FIRST MEETING OF REGULATORS FROM SOUTH EAST EUROPEAN COUNTRIES PRESENTATIONFROM THE REPUBLIC OF MACEDONIA.

Electronic Signatures Implementation 1 DIAGRAM of interrelationships CERTIFICATION INFRASTRUCTURE EXAMPLE LAYOUT of a trust centre.

EESSI June 2000Slide 1 European Electronic Signature Standardization Hans Nilsson, iD2 Technologies, Sweden.

Deregulation to the Economy and removal of Administrative Barriers, Russian Federation EuropAid/114008/C/SV/RU Setting up of national accreditation system.

Common Values of the Liberal Professions in the European Union Dr. Theodoros Koutroubas, Director General of CEPLIS.

Component II: Linking quality of Veterinary Services to progressive control of PPR Nadège Leboucq (OIE) On behalf of the GF-TADs PPR Working Group First.

E-SIGNED DocFlow SYSTEM in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE – E-Business Development Consultant.

Electronic Signatures RegTP's Tasks Technical operation of the national root certification authority - Issuance of certificates for accredited certification.

Privacy Audit and Privacy Seal Barbara Körffer & Dr. Thomas Probst Independent Centre for Privacy Protection Independent Centre for Privacy ProtectionSchleswig-Holstein.

EU Regulation on type-approval of hydrogen vehicles HFCV GTR – 4th SGS meeting Tokyo, Japan, September 2008 Ferenc PEKÁR Automotive Industry Unit.

Agreement concerning the adoption of uniform conditions for periodical technical inspections of wheeled vehicles and the reciprocal recognition of such.

1 M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 9 – Financial Services Bilateral.

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 32 – Financial Control Bilateral screening:

Confidence with competence The Development of European Accreditation Daniel PIERRE EA Vice-Chairman.

Mutual Recognition Signatories – An Obligation Promote the acceptance of accredited test and inspection reports in their economies (regulators, industry.

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 6 – Company Law Bilateral screening:

European Commission The New Legislative Framework Jacques McMillan Head of Unit Directorate General for Enterprise and Industry Regulatory approach for.

Harmonised use of accreditation for assessing the competence of various Conformity Assessment Bodies Dr Andreas Steinhorst, EA ERA workshop 13 April 2016,

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.

Higher Education and Training Awards Council

General Data Protection Regulation

EU Reference Centres for Animal Welfare

Dashboard eHealth services: actual mockup

Website authentication E-registered delivery

ACCREDITATION PROCESS

ELECTRONIC SIGNATURES

ELECTRONIC SIGNATURES

Presentation transcript:

"certification service provider" Electronic Signatures Legal Status of Qualified Electronic Signatures 1 Definition according to section 2, paragraph 8 of the Electronic Signatures Act: "certification service provider" means a natural or legal person who issues qualified certificates or qualified time stamps. Electronic Signatures

Electronic Signatures 2 Legal Status What is different about qualified signatures? - Validity model (sections 16 and 19 of the Electronic Signatures Act) - Algorithms (specified annually) - Hardware compulsory (non-repudiation) - Long-term verifiability (at least 5/35 years) National root certificate for accredited certification service providers only - Quality mark for accredited certification service providers only Electronic Signatures

Recognised evaluation and certification bodies Recognises BSI debis Section IS 15 Electronic Signatures Recognised evaluation and certification bodies Recognises BSI debis TÜVIT Publishes Operates Federal Gazette/ RegTP Official Gazette/Internet Accredits Accredits Evaluation and certification bodies Proposes Certify compliance with the Electronic Signatures Act and Ordinance National root certification authority Products Algorithms Algorithms Certifies Competent Authority's keys Certification service providers Security concept - Products - Management - Staff, etc Certification service providers Certification service providers Technical components - Signature creation device Directory service Time stamp service - Key generator, etc Signature key holders

Electronic Signatures 4 Legal Status Enhanced quality through voluntary accreditation Enhance the level of the certification services to be provided towards the levels of trust, security and quality demanded by the evolving market. Electronic Signatures Directive, Recital 11 = Secure procedures, archivability, availability, etc Voluntary accreditation Article 2, paragraph 13 of the Electronic Signatures Directive Section 15 of the Electronic Signatures Act = Permission, setting out rights and obligations for the provision of certification services and granted at the request of the certification service provider concerned by the competent body. The certification service provider is not entitled to exercise the rights and obligations stemming from the permission until it has received the permission. Competent body Right to operate as accredited provider Permission Application Electronic Signatures

Electronic Signatures 5 Legal Status EU Directive for Electronic Signatures Continental European Approach Anglo-Saxon Approach Prevention through comprehensive pre-implementation checks for - products, technical, administrative and organisational aspects of certification activities, and reliability and specialised knowledge of staff. Ensuring adequate minimum level of - competition in the market, and - liability. Liability depends on - ability and willingness to assume liability in cases of damage, and - recognised cases of damage. Development costs (evaluation of products and security concepts) More time-intensive in initial stages "Teething problem" Long-term problem Electronic Signatures

Legal Status Implementation in the Electronic Signatures Act 6 Legal Status Implementation in the Electronic Signatures Act Unregulated area – section 1(2) Qualified electronic signatures (section 2 paragraph 3) - Certification service providers: Certification service providers granted accreditation (can be made mandatory in the public sector) Certification service providers subject to supervision Legal status: equivalence with handwritten signatures (section 126a of the Civil Code) Unregulated area – section 1(2) Electronic Signatures

electronic signatures Electronic Signatures 7 Legal Status "Equivalence" of electronic signatures Time horizon Electronic Signatures Ordinance 16 November 2001 Amendment of Formal Requirements Act 1 August 2001 Electronic Signatures Act 22 May 2001 2001 Amendment of legislation requiring writing as the legal form 2000 Evaluation of products, procedures and acceptance bodies 1998 Developmental stage (Act and Ordinance) 1996 Electronic Signatures