Presentation is loading. Please wait.

Presentation is loading. Please wait.

8 Nob 06 / CEN/ISSS www.thalesgroup.com/esecurity ETSI STF 305: Procedures for Handling Advanced Electronic Signatures on Digital Accounting CEN/ISSS Workshop.

Published byHenry George Modified over 9 years ago

Similar presentations

Presentation on theme: "8 Nob 06 / CEN/ISSS www.thalesgroup.com/esecurity ETSI STF 305: Procedures for Handling Advanced Electronic Signatures on Digital Accounting CEN/ISSS Workshop."— Presentation transcript:

1 8 Nob 06 / CEN/ISSS www.thalesgroup.com/esecurity ETSI STF 305: Procedures for Handling Advanced Electronic Signatures on Digital Accounting CEN/ISSS Workshop on Electronic Invoices Nick Pope – Thales e-Security STF 305 Team Leader

2 1 8Nob06 / CEN/ISSS ETSI STF 305 www.thalesgroup.com/esecurity Specialist Task Force - Terms of Reference Propose drafts to ETSI Technical Committee on Electronic Signatures and Infrastructures for: Technical Report on Best Practices for handling electronic signatures and signed data for digital accounting Technical Specification on Policy requirements for trust service providers signing and/or storing data for digital accounting

3 2 8Nob06 / CEN/ISSS ETSI STF 305 www.thalesgroup.com/esecurity Approach Study into National Practices For Accounting & Digital Accounting UK France Italy Spain Germany Best Practices for Handling signed data for Digital Accounting Policy Requirements for Trusted Service Providers Signing / Storing Data For Digital Accounting

4 3 8Nob06 / CEN/ISSS ETSI STF 305 www.thalesgroup.com/esecurity Approach Study into National Practices For Accounting & Digital Accounting UK France Italy Spain Germany Best Practices for Handling signed data for Digital Accounting EU e-Invoicing Requirements Policy Requirements for Trusted Service Providers Signing / Storing Data For Digital Accounting Maximum & Minimum Commonly Acceptable

5 4 8Nob06 / CEN/ISSS ETSI STF 305 www.thalesgroup.com/esecurity Targeting Digital Accounting Through e-Invoicing National accounting practices widely vary Council Directive 2001/115/EC + CWA 15579 provide common requirement for signed VAT Invoices Took e-Invoicing requirements as common basis for Digital Accounting

6 5 8Nob06 / CEN/ISSS ETSI STF 305 www.thalesgroup.com/esecurity Basic Model

7 6 8Nob06 / CEN/ISSS ETSI STF 305 www.thalesgroup.com/esecurity Trusted Service Provider Model

8 7 8Nob06 / CEN/ISSS ETSI STF 305 www.thalesgroup.com/esecurity Use Scenarios Main Target: Pan European Trade supported by two external TSPs Other potential National Trade supported by TSP(s) Large Company Internal Service

9 8 8Nob06 / CEN/ISSS ETSI STF 305 www.thalesgroup.com/esecurity Advantages of applying Best Practice / Policy Targeted Security controls Ensure that documents are kept over necessary period Ensure that singing keys are held &,maintained securely Reduce revocation management Ensure that security of documents is properly maintained Access security Storage security Signature validity

10 9 8Nob06 / CEN/ISSS ETSI STF 305 www.thalesgroup.com/esecurity Draft Technical Report (TR) Based on ISO/IEC 17799 + ISO/IEC 27001 Information Security Management System Specific Controls & Objectives for: Signature Maintenance of Signature over storage period Storage Reporting to authorities Scanning paper originals + ISO/IEC 17799 standard objectives

11 10 8Nob06 / CEN/ISSS ETSI STF 305 www.thalesgroup.com/esecurity Draft TR - Signature Maximum Identified Practices Advanced Electronic Signature Qualified Certificate Secure Signature Creation Device Registration – ID documents & authorisation Timely revocation Minimum Identified Practices Advanced Electronic Signature CA meets recognised policy requirements Sole control requirement met Nationally “Acceptable” registration Nationally “Acceptable” revocation

12 11 8Nob06 / CEN/ISSS ETSI STF 305 www.thalesgroup.com/esecurity Draft TR – Signature (continued) Commonly Acceptable Practice for Trusted Service Provider (TSP) offering signing / storage services: Advanced Electronic Signature Qualified CA or CA meets recognised policy requirements SSCD or Sole control requirement met Registration – ID documents & authorisation Timely revocation

13 12 8Nob06 / CEN/ISSS ETSI STF 305 www.thalesgroup.com/esecurity Draft TR – Signature Maintenance Maximum Identified practices Technical / organisational procedures to assure signature verifiable throughout storage period Minimum identified practices Nationally acceptable practices Commonly Acceptable for TSP Technical / organisational procedures to assure signature verifiable throughout storage period

14 13 8Nob06 / CEN/ISSS ETSI STF 305 www.thalesgroup.com/esecurity Draft TR – Storage Maximum Identified practices Authorised access via secure channel Authentication, Integrity & optional content commitment (non-repudiation) Assure viewer available through lifetime Held on long term media / copied to assure no loss of data Held in original format – no macros / hidden code Confidentiality of company information by separation Minimum identified practices No remote access required – local access as authorised Authentication & integrity in line with national rules No specific requirement regarding readability Owner liable for any loss of data No special requirement regarding format Confidentiality maintained in storage

15 14 8Nob06 / CEN/ISSS ETSI STF 305 www.thalesgroup.com/esecurity Draft TR – Storage Commonly Acceptable Practices for TSPs Authorised access via secure channel Authentication, Integrity & optional content commitment (non-repudiation) Assure viewer available through lifetime Held on long term media / copied to assure no loss of data Held in original format – no macros / hidden code Confidentiality by logical or physical separation

16 15 8Nob06 / CEN/ISSS ETSI STF 305 www.thalesgroup.com/esecurity Draft TR – Reporting Maximum Identified practices Signed & Use secure channels (e.g. SSL) Minimum identified practices Use secure channels Commonly Acceptable for TSP Signed & Use secure channels (e.g. SSL)

17 16 8Nob06 / CEN/ISSS ETSI STF 305 www.thalesgroup.com/esecurity Draft TR – Scanned Document Maximum Identified practices Assertion (e.g. signature) that true copy Minimum identified practices Assured by good practice Commonly Acceptable for TSP Good practice & assertion where required

18 17 8Nob06 / CEN/ISSS ETSI STF 305 www.thalesgroup.com/esecurity Draft TR – ISO 17799 Objectives & Controls Maximum Identified practices ISO 17799 compliance / national rules + Specific controls for trusted personnel & components Minimum identified practices ISO 17799 desired Commonly Acceptable for TSP ISO 17799 Conformance Recommended / national rules + Specific controls for trusted personnel & components

19 18 8Nob06 / CEN/ISSS ETSI STF 305 www.thalesgroup.com/esecurity Draft Technical Specification Targeted just at Trust Service Provider (TSP) = Commonly acceptable practices from Technical Report worded in terms of specific requirements (shall) Two levels recognised: Normalised (Advanced Electronic Signature) Extended (Qualified Electronic Signature)

20 19 8Nob06 / CEN/ISSS ETSI STF 305 www.thalesgroup.com/esecurity Status Drafts out for review and comment by 12-Jan-2007: http://portal.etsi.org/docbox/esi/Open/SODA/ Final ratification & publication end Q1 2007 Comments / Questions ? nick.pope@thales-esecurity.com

21 20 8Nob06 / CEN/ISSS ETSI STF 305 www.thalesgroup.com/esecurity ETSI STF 298 – Advanced Electronic Signature Profiles ETSI Profiles for Advanced Electronic Signatures TS 102 734 – Profiles of CMS (RFC 3852) Advanced Electronic Signatures based on TS 101 733 (CAdES) TS 102 904 – Profiles of XML Advanced Electronic Signatures based onTS 101 903 (XAdES) Profiles for Government E-Invoicing Baseline for other applications Short term & Long term

Download ppt "8 Nob 06 / CEN/ISSS www.thalesgroup.com/esecurity ETSI STF 305: Procedures for Handling Advanced Electronic Signatures on Digital Accounting CEN/ISSS Workshop."

Similar presentations

Practical Digital Signature Issues. Paving the way and new opportunities. www.oasis-open.org Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.

Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.
Telia Research AB György Endersz 2000-09-26 1 European Electronic Signature Standardisation Initiative EESSI Workshop Barcelona, 2000-09-26 György Endersz,

Telia Research AB György Endersz European Electronic Signature Standardisation Initiative EESSI Workshop Barcelona, György Endersz,
Telia Research AB György Endersz 2001-05-08 1 European Electronic Signature Standardisation Initiative EESSI Budapest Seminar at the Hungarian Communication.

Telia Research AB György Endersz European Electronic Signature Standardisation Initiative EESSI Budapest Seminar at the Hungarian Communication.
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
Archiving for legal purposes How to implement the new Belgian legislation to destroy physical invoices and use an electronic archive.

Archiving for legal purposes How to implement the new Belgian legislation to destroy physical invoices and use an electronic archive.
Mountain View 25, 26 Sept 2007 The importance of incorporating XAdES extensions into ongoing XML-Sig work W3C Workshop on Next Steps for XML Signature.

Mountain View 25, 26 Sept 2007 The importance of incorporating XAdES extensions into ongoing XML-Sig work W3C Workshop on Next Steps for XML Signature.
Dematerialization of Organisations’ Key Business Processes Security and e-Invoicing ATHENEE PALACE HILTON, Bucuresti September 21 st 2004 Genovel Iovu.

Dematerialization of Organisations’ Key Business Processes Security and e-Invoicing ATHENEE PALACE HILTON, Bucuresti September 21 st 2004 Genovel Iovu.
GMP Document and Record Retention

GMP Document and Record Retention
Naklo, 22.10.2004 A.Komšo 1 eInvoices and Tax Regulation Andja Komšo Tax Administration.

Naklo, A.Komšo 1 eInvoices and Tax Regulation Andja Komšo Tax Administration.
Legal Reflexions concerning Digital Archiving Jos Dumortier K.U.Leuven University – Belgium Interdisciplinary Centre for Law & ICT (ICRI) ECPRD twin seminar.

Legal Reflexions concerning Digital Archiving Jos Dumortier K.U.Leuven University – Belgium Interdisciplinary Centre for Law & ICT (ICRI) ECPRD twin seminar.
Summary of ETSI/ESI activities Andrea Caccia ETSI/ESI TB member Note: This document expresses only the views of its author.

Summary of ETSI/ESI activities Andrea Caccia ETSI/ESI TB member Note: This document expresses only the views of its author.
Jaroslav Pinkava May 2001 Certification Authority in Praxis. Security Aspects. Conference Security and Protection of Information Ing. Jaroslav Pinkava,

Jaroslav Pinkava May 2001 Certification Authority in Praxis. Security Aspects. Conference Security and Protection of Information Ing. Jaroslav Pinkava,
© ETSI 2012 All rights reserved EUROPEAN UNION MANDATE/460 Kloster Banz 11.09.2013 Presented by Arno Fiedler, Member of European Telecommunications Standards.

© ETSI 2012 All rights reserved EUROPEAN UNION MANDATE/460 Kloster Banz Presented by Arno Fiedler, Member of European Telecommunications Standards.
2002 10 21 Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.

Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.
TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.

TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.
Host of the 13 th ECRF Annual Conference - Budapest 2010.

Host of the 13 th ECRF Annual Conference - Budapest 2010.
PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.

PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.
M.Sc. Hrvoje Brzica Boris Herceg, MBA Financial Agency – FINA Ph.D. Hrvoje Stancic, assoc. prof. Faculty of Humanities and Social Sciences Long-term Preservation.

M.Sc. Hrvoje Brzica Boris Herceg, MBA Financial Agency – FINA Ph.D. Hrvoje Stancic, assoc. prof. Faculty of Humanities and Social Sciences Long-term Preservation.
Coping with Electronic Records Setting Standards for Private Sector E-records Retention.

Coping with Electronic Records Setting Standards for Private Sector E-records Retention.
Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.

Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.

Similar presentations

Ads by Google