Download presentation
Presentation is loading. Please wait.
Published byAmia Doggett Modified over 10 years ago
1
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May 11.-12., 2000, Paris, Folie 1/18Klaus J. Keus, BSI Electronic Signatures in Germany, Article 9 Committee and EESSI: a short snap shoot or The Need for Harmonisation EESSI-WS: Electronic Signature Standardisation: The National Dimension May 11 th. - 12 th., 2000 Paris, Afnor, Tour Europe Klaus J. Keus BSI/GISA Electronic Signatures in Germany
2
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May 11.-12., 2000, Paris, Folie 2/18Klaus J. Keus, BSI Signature Act: SigG §3 des IUKDG (Informations- und Kommunikationsdienstegesetz (Information and Communication Services Act)) - ratified by the German Parliament August 1 st., 1997 - Ordinance approved November 1 st., 1997 (SigV) - 2-year Evaluation time schedule / experience Foundations Electronic Signatures in Germany
3
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May 11.-12., 2000, Paris, Folie 3/18Klaus J. Keus, BSI existing exhaustive IT-Security Infrastructure incl.: - Electronic Signature Scheme: working (evaluation and confirmation bodies for components and concepts installed) - Root: operating since September 1998 - CSP: licenced in 1999:1 licenced in 2000: 1 in 2000 will be licenced: additional 3-5 Lessons learned: I Electronic Signatures in Germany
4
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May 11.-12., 2000, Paris, Folie 4/18Klaus J. Keus, BSI existing technical and organisational requirements: - Technical components available and confirmed (all required components (smart cards (E4), PKI-Systems (E2), etc.)) - Interoperability Guidance available (ISIS: Industrial Signature Interoperability Specification, Sept. 99: www.dud.de) - Technical working Group of leading CSPs - National Coordination Board: Mirror working group to EESSI (AG INDI) Lessons learned: II Electronic Signatures in Germany
5
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May 11.-12., 2000, Paris, Folie 5/18Klaus J. Keus, BSI Trial pilots / applications: - Government: e.g. public procurement (call for tender), digital identity card for government employees etc. - Trade & Industry: several in preparation (insurance area, banking area, notary area, tax consulting area etc.) Lessons learned: III Electronic Signatures in Germany
6
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May 11.-12., 2000, Paris, Folie 6/18Klaus J. Keus, BSI - Update of the current Signature Act respecting the EU-Directive - Respecting the experiences of the evaluation phase - overall concept and coordination of actions to implement electronic signatures in trade & industry and in government (i.e. private and public areas) - Enhance the specific legislation for the adoption of electronic signatures as an equivalent to handwritten signatures (e.g. civil law, administration law etc.) Call for Action Electronic Signatures in Germany
7
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May 11.-12., 2000, Paris, Folie 7/18Klaus J. Keus, BSI Scalability of electronic signatures High value electr. signatures Qualified electronic signatures (Article 5 (1)) electronic signatures High Medium Basic
8
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May 11.-12., 2000, Paris, Folie 8/18Klaus J. Keus, BSI - definition of a harmonised legal framework for qualified signatures (exclusively) - harmonisation of the requirements in respect to Annex I, II, III and IV - Implementation of supervision scheme - replacement of CSP licencing by optional voluntary accreditation of CSPs Update of the Signature Act: general requirements I Electronic Signatures in Germany
9
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May 11.-12., 2000, Paris, Folie 9/18Klaus J. Keus, BSI - Maintaining the current security level by voluntary accreditation of CSPs and (enhanced) requirements for technical components (based upon offer) - ensuring „former“ investigations - Liability of CSPs - enhancement of privacy requirements in accordance to EU-directive for all CSPs Update of the Signature Act: general requirements II Electronic Signatures in Germany
10
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May 11.-12., 2000, Paris, Folie 10/18Klaus J. Keus, BSI - adoption of terminology (§ 2) - permission for CSP subcontracting (§ 4 (5)) - qualified attribute certificates linked to the qualified certificate (§ 5, § 8) - regulation for the accreditation of confirmation bodies (§14 ©) - adoption of regulations for fine (§ 14 (f)) Update of the Signature Act: specific requirements I Electronic Signatures in Germany
11
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May 11.-12., 2000, Paris, Folie 11/18Klaus J. Keus, BSI - technical neutral requirements for time stamping (§ 2 (14)) - adoption of updated regulations for the recognition of foreign electronic signatures and products (§ 15) Update of the Signature Act: specific requirements II Electronic Signatures in Germany
12
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May 11.-12., 2000, Paris, Folie 12/18Klaus J. Keus, BSI - June 2000: ratification by the German cabinet - Fall 2000: ratification by the German Parliament - January 2001: Implacement (goal) - source / reference: www.iukdg.de Time schedule Electronic Signatures in Germany
13
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May 11.-12., 2000, Paris, Folie 13/18Klaus J. Keus, BSI Electronic-Signature Committee (Article 9 Committee): - the definition of legal and procedural Issues - approval of EESSI output - assistance for the EC EESSI: - „technical“ support for article 9 committee (article 3(5)) - exclusively technical issues (creation / definition and the analysis of available and generally recognised standards) - deliverables as input for the article 9 committee Tasks: Main view Electronic-Signature Committee
14
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May 11.-12., 2000, Paris, Folie 14/18Klaus J. Keus, BSI Tasks laid down in Annex 10 as: clarification of the requirements laid down in the Annexes I-IV Clarification of the requirements referred to Article 3(4) Clarification of the existing and published, generally recognised standards for signature products in accordance with Article 3(5) other matters (e.g.): exchange of information on the envisaged national supervision and accreditation schemes / systems ensure interoperability of services and products discuss additional requirements set up in the public sector Tasks Electronic-Signature Committee
15
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May 11.-12., 2000, Paris, Folie 15/18Klaus J. Keus, BSI Certificate validation model: Chain model vs. shell model vs. hybrid model Attribute Certificates Criteria for the Accreditation of CSPs: * BS7799: and further criteria: * GIMITS * IT-Baseline Security Handbook Open issues (e.g.) Contributions of EESSI vs. National activities / needs
16
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May 11.-12., 2000, Paris, Folie 16/18Klaus J. Keus, BSI - Time frame: 18 months for implementation of directive vs. Schedule of EESSI workplan - Priorities of packages: what‘s needed - what‘s desired? - Interoperability vs. Security? - Trial applications: Link to EC - ISIS Projects Problems Contributions of EESSI vs. National activities
17
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May 11.-12., 2000, Paris, Folie 17/18Klaus J. Keus, BSI - to EESSI for arranging this platform for discussion - to CEN/ISSS, ETSI and EA for their contributions - to the experts doing the work - to EC DG Entreprise to enable the EESSI Project - to you for listening Thanks Contributions of EESSI vs. National activities
18
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May 11.-12., 2000, Paris, Folie 18/18Klaus J. Keus, BSI Questions? Contributions of EESSI vs. National activities
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.