Presentation is loading. Please wait.

Presentation is loading. Please wait.

2002 10 21 Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.

Similar presentations


Presentation on theme: "2002 10 21 Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic."— Presentation transcript:

1 2002 10 21 Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic of Lithuania

2 2002 10 21 Electronic Signature Law (1) Came into force on 11 July, 2000 and is based on the Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures Changes of Electronic signature law were made on 6 June, 2002

3 2002 10 21 The law regulates the creation, verification, and validity of electronic signature, signature users’ rights and obligations, establish the certification services and requirements of their providers and the rights and functions of the institution of electronic signature supervision Technological neutrality principle is held and several general principles of PKI are defined Electronic Signature Law (2)

4 2002 10 21 Secure-electronic signature created by a secure-signature creation-device and based on a qualified-certificate which is valid, shall have the same legal force that a hand- written signature in written documents has and shall be admissible as evidence in court If parties agree - electronic signature will have the same force that a hand-written signature in written documents has and shall be admissible as evidence in court (amendment of Electronic signature law on July 6, 2002) Electronic Signature Law (3)

5 2002 10 21 Electronic signature supervision institution By the Resolution Nr. 568 the Government of the Republic of Lithuania on April 27, 2002 has transferred function of Electronic signature supervision institution to the Informational Society Development CommitteeBy the Resolution Nr. 568 the Government of the Republic of Lithuania on April 27, 2002 has transferred function of Electronic signature supervision institution to the Informational Society Development Committee The Informational Society Development Committee organises and coordinates processes related to the development of information societyThe Informational Society Development Committee organises and coordinates processes related to the development of information society

6 2002 10 21 Directive 1999/93/EC The law on electronic signatures June 11, 2000 (amended on June 6, 2002) Legislative functions Registration of service providers Voluntary accreditation Supervision body (Information Society Development Committee) April 23, 2002 ETSI, (EESSI ) standards

7 2002 10 21 Legal Acts Regulating Electronic Signature Acts within competence of Government : Requirements for certification service providers issuing qualified certificates Requirements for electronic signature creation devices The procedure for registration of certification service providers issuing qualified certificates The order of supervision of electronic signature

8 2002 10 21 Acts within competence of supervision institution: Requirements for electronic signature verification procedure Requirements and the order for voluntary accreditation of certification service providers The order of supply of supplementary certification services (time-stamping, directory services, consultancy services) Legal Acts Regulating Electronic Signature in Lithuania (Follow-up)

9 2002 10 21 Levels of standardization and regulation E.g. Germany, Italy: EU DirectiveNational implementation Level 1 Level 1 Level 2 Level 2 Level 3 Level 3 Level 4 Level 4 Source: European Electronic Signature Standardization Initiative (EESSI) Final report of the EESSI expert team 20 July, 1999 Signature Law Ordinance Technical Rules Standards Directive Annexes Supervision Conformity assessment National legislation National decree (high-lev reqs) International functional and quality standards International interoperability standards

10 2002 10 21 Lithuanian standards regulating electronic signature infrastructure LST ETSI TS 101 456 – Policy requirements for certification authorities issuing qualified certificates LST ETSI TS 101 733 – Electronic signature formats LST ETSI TS 101 861 – Time stamping profile LST ETSI TS 101 862 – Qualified certificate profile LST ETSI TS 102 023 – Policy requirements for time-stamping authorities LST ISO – IEC 17799 – Information technology – Code of practice for information security management LST CWA 14168 – Secure signature-creation devices “EAL4” LST CWA 14170 – Security requirements for signature creation applications LST CWA 14171 – Procedures for electronic signature verification

11 2002 10 21 LST CWA 14167-1 – Security requirements for trustworthy systems managing certificates for electronic signatures – Part 1: System security requirements LST CWA 14167- 2 - Security requirements for trustworthy systems managing certificates for electronic signatures – Part 2: Cryptographic module for CSP signing operations – Protection profile (MCSO-PP) LST CWA 14167-3 - Security requirements for trustworthy systems managing certificates for electronic signatures – Part 3: Cryptographic module for CSP key generation services LST ISO 9001:2001 – Quality managements systems. Requirements LST ISO/IEC 15408 – Information technology – Security techniques – Evaluation criteria for IT security Part 1: Introduction and general model Part 2: Security functional requirements Part 3: Security assurance requirements Lithuanian standards regulating electronic signature infrastructure (follow-up)

12 2002 10 21 Requirements for Certification Service Providers Issuing Qualified Certificates Based on the Annex II of the Directive 1999/93/EC Functions of service providers: – –Registration – –Creation of qualified certificates – –Managing of certificate's data and it’s revocation Requirements for internal administration : – –Approved and publicly promulgated certification regulations – –High education and qualified specialists – –Civil liability assurance – –Recommended quality management systems LST ISO 9001:2001

13 2002 10 21 Requirements on service providing: – –Purvey information about certificates any time – –Record date and time of certificate's creation, suspension and revocation – –Reserve information set by certificate's rules Liability of service providers: – –Registration can be suspended or revoked – –Damage shall be compensated according to the procedure established by laws Reference to LST ETSI TS 101 456 standard Requirements for Certification Service Providers Issuing Qualified Certificates (Follow-up)

14 2002 10 21 Requirements for Electronic Signature Devices Sets requirements for devices used by service providers: – –Measures and components for certification service only – –Sheltered from unauthorized changes – –Secure technical and crypto graphical safety of executable functions – –Control every action that can influence work of certificate’s operating system – –Trustworthy system which is assured to EAL4 or higher – –Manufacturer’s declaration or conformity certificate of accredited authority – –Reference to Lithuania standards LST CWA 14167-1 and LST CWA 14167-2

15 2002 10 21 Sets requirements for signature creation devices: – –Secure signature creation device, ensured by password and/or biometrical data – –Trustworthy crypto graphical and data formative algorithms – –Manufacturer’s declaration or conformity certificate of accredited authority – –Trustworthy system which is assured to EAL4 or higher – –Reference to Lithuania standards LST CWA 14168 and LST CWA 14170 Based on Directive 1999/93/EC Annex 3 Sets requirements for signature verification devices: – –Trustworthy verify electronic signature – –Any security-relevant changes can be detected – –Reference to Lithuania standards LST CWA 14171 Based on Directive 1999/93/EC Annex 4 Requirements for Electronic Signature Creation Devices (Follow-up)

16 2002 10 21 The Procedure for Registration of Certification Service Providers Issuing Qualified Certificates Objective of service providers registration – collect information about service providers to ensure supervision of electronic signature – –Sets procedure of application submission – –Terms Data and documents of service provider – –Order of application examination – –Ability to correct or renew data and documents – –Notice in writing about possible suspension of registration – –Suspension of registration, in case, notified defects are not removed – –Revocation of registration, in case, notified defects are not removed in additional terms

17 2002 10 21 The Order of Supervision of Electronic Signature Defines relations between the Committee and certification service providers Object of supervision – certification service providers issuing qualified certificates or which purvey facilities related to qualified certificates Objectives of supervision: – –Take part in implementation of national policy in electronic signature – –Coordinate activities of qualified service providers – –Supervise how service providers observe determined requirements – –Pursue compatibility of electronic devices in national and international scale Measures of supervision: – –Preparation of legal acts – –Registration and accreditation of service providers – –Succession of certificate’s data when service provider stops activities – –Reports to parliament and government Sets objectives andSets objectives and

18 2002 10 21 Thank You Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic of Lithuania Gedimino pr. 11 LT-2039 Vilnius Lithuania Ph.: (370 2) 663972 Fax.: (370 2) 663980 e-mail: info@ivpk.lt WEB: www.ivpk.lt


Download ppt "2002 10 21 Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic."

Similar presentations


Ads by Google