SIST-TS CEN/TS 419241:2014

SLOVENSKI STANDARD
SIST-TS CEN/TS 419241:2014
01-julij-2014
Varnostne zahteve za zaupanja vredne sisteme, ki podpirajo strežniško
podpisovanje
Security Requirements for Trustworthy Systems Supporting Server Signing
Sicherheitsanforderungen für Vertrauenswürdige Systeme, die Serversignaturen
unterstützen
Exigences de sécurité pour des systèmes fiables de serveur de signature électronique
Ta slovenski standard je istoveten z: CEN/TS 419241:2014
ICS:
35.240.99 8SRUDEQLãNHUHãLWYH,7QD IT applications in other fields
GUXJLKSRGURþMLK
SIST-TS CEN/TS 419241:2014 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST-TS CEN/TS 419241:2014

---------------------- Page: 2 ----------------------

SIST-TS CEN/TS 419241:2014

TECHNICAL SPECIFICATION
CEN/TS 419241

SPÉCIFICATION TECHNIQUE

TECHNISCHE SPEZIFIKATION
March 2014
ICS 35.240.99
English Version
Security Requirements for Trustworthy Systems Supporting
Server Signing
Exigences de sécurité pour des systèmes fiables de Sicherheitsanforderungen für Vertrauenswürdige Systeme,
serveur de signature électronique die Serversignaturen unterstützen
This Technical Specification (CEN/TS) was approved by CEN on 14 October 2013 for provisional application.

The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to submit their
comments, particularly on the question whether the CEN/TS can be converted into a European Standard.

CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS available
promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in parallel to the CEN/TS)
until the final decision about the possible conversion of the CEN/TS into an EN is reached.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United
Kingdom.





EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2014 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TS 419241:2014 E
worldwide for CEN national Members.

---------------------- Page: 3 ----------------------

SIST-TS CEN/TS 419241:2014
CEN/TS 419241:2014 (E)
Contents Page
Foreword .3
Introduction .4
1 Scope .5
1.1 General .5
1.2 Out of scope .5
1.3 Audience .5
2 Normative references .6
3 Terms and definitions .6
4 Symbols and abbreviations .9
5 Description of Trustworthy Systems Supporting Server Signing . 10
5.1 General . 10
5.2 Signature Creation and Server Signing Objectives . 10
5.3 AdES bound to a natural or legal person . 10
5.4 Levels of sole control . 10
5.5 Batch Server Signing . 11
5.6 SCD . 11
5.6.1 General . 11
5.6.2 SCD for AdES . 11
5.6.3 SCD for QES . 11
5.6.4 Signer's authentication and SAD . 12
5.6.5 Privileged system users . 12
5.7 Functional model . 12
5.7.1 General . 12
5.7.2 Scopes of requirements depending of sole control levels . 12
5.7.3 SSA Core Components . 13
5.7.4 SCD activation mechanisms . 14
6 Security Requirements . 16
6.1 General . 16
6.2 General Security Requirements (SRG) . 16
6.2.1 Management (SRG_M) . 16
6.2.2 Systems and Operations (SRG_SO) . 17
6.2.3 Identification and Authentication (SRG_IA) . 18
6.2.4 System Access Control (SRG_SA) . 18
6.2.5 Key Management (SRG_KM) . 19
6.2.6 Accounting and Auditing (SRG_AA). 20
6.2.7 Archiving (SRG_AR) . 22
6.2.8 Backup and Recovery (SRG_BK) . 22
6.3 Core Components Security Requirements (SRC) . 23
6.3.1 SCD Setup (SRC_DS) — Cryptographic key (SRC_DS.1) . 23
6.3.2 Signer Authentication (SRC_SA) . 23
6.3.3 Signature Creation (SRC_SC) . 23
6.4 Additional Security Requirements for Level 2 (SRA) . 23
6.4.1 General . 23
6.4.2 SCD Activation (SRA_DA) . 24
Bibliography . 26

2

---------------------- Page: 4 ----------------------

SIST-TS CEN/TS 419241:2014
CEN/TS 419241:2014 (E)
Foreword
This document (CEN/TS 419241:2014) has been prepared by Technical Committee CEN/TC 224 “Personal
identification, electronic signature and cards and their related systems and operations”, the secretariat of
which is held by AFNOR.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent rights.
This document has been prepared under a mandate given to CEN by the European Commission and the
European Free Trade Association.
Successful implementation of European Directive 1999/93/EC on a community framework for electronic
signatures requires standards for services, processes, systems and products related to electronic signatures
as well as guidance for conformity assessment of such services, processes, systems and products.
In 1999 the European ICT Standards Board, with the support of the European Commission, undertook an
initiative bringing together industry and public authorities, experts and other market players, to create the
European Electronic Signature Standardization Initiative (EESSI).
Within this framework the Comité Européen de Normalisation / Information Society Standardization System
(CEN/ISSS) and the European Telecommunications Standards Institute / Electronic Signatures and
Infrastructures (ETSI/ESI) were entrusted with the execution of a work programme to develop generally
recognized standards to support the implementation of Directive 1999/93/EC and the development of a
European electronic signature infrastructure.
This document will describe security requirements for a server-side system using certificates in order to create
advanced electronic signatures (AdES) in accordance with the requirements of the European Directive on
Electronic Signature 1999/93. The signature is to be supported by a qualified certificate, or other public key
certificate issued for the purposes of signing, issued by a Trust Services Provider (TSP) operating to
recognized good practices (e.g. ETSI EN 319 411-3 (aka ETSI/TS 102 042) or ETSI EN 319 411-2 (aka
ETSI/TS 101 456)). The document will include requirements for the use of the appropriate protection profiles
for the Signature Creation Device (SCDev).
The purpose of the trustworthy system is to produce an advanced electronic signature created under sole
control of a natural person, or a legal person (such advanced electronic signatures produced by legal persons
are called electronic seals).
The Signature Generation Service Provider (SGSP) operates the trustworthy system in an environment with a
security policy which incorporates general physical, personnel, procedural and documentation security
requirements as defined in ETSI EN 319 411-2 / ETSI EN 319 411-3.
This document is identified as CEN/TS 419241 within the Rationalised Framework for Electronic Signature
Standardization ETSI SR 001 604.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the following
countries are bound to announce this Technical Specification: Austria, Belgium, Bulgaria, Croatia, Cyprus,
Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany,
Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland,
Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom.
3

---------------------- Page: 5 ----------------------

SIST-TS CEN/TS 419241:2014
CEN/TS 419241:2014 (E)
Introduction
The European Directive 1999/93/EC establishes a framework of requirements for the use of electronic
signatures. This Directive also introduces the notion of advanced electronic signature which is defined as
legally equivalent to a hand-written one if generated by a physical person using a qualified certificate stored in
a Secure Signature Creation Device (SSCD).
Since the publication of the Directive, other forms of electronic signatures have appeared in order to meet
market needs (e.g. e-Invoicing, e-Procurement). These other forms do not necessarily require the use by a
natural or legal person of a secure signature creation device and/or qualified certificate.
One of these forms is an electronic signature created using a networked server. The Signature Creation Data
(SCD) is under control of an individual user but held centrally within a shared server, instead on a secure
signature creation device held by the signatory.
It is not the intent of this standard to limit the type of public key certificate, qualified or otherwise, used by the
networked signing server.
The main objective of this standard is to define requirements and recommendations for a networked signing
server which may process electronic certificates used by natural or legal persons for electronically signing
documents.
This document specifies basic requirements for server signing. Additional specifications may be issued which
provide more detailed requirements. For further details see ETSI SR 001 604.
4

---------------------- Page: 6 ----------------------

SIST-TS CEN/TS 419241:2014
CEN/TS 419241:2014 (E)
1 Scope
1.1 General
This document specifies security requirements and recommendations for Trustworthy System Supporting
Server Signing (TW4S) that generate advanced electronic signatures as defined in Directive 1999/93/EC. This
document may also be applied to electronic signatures complying to Article 5(1) of Directive 1999/93/EC
employing a Secure Signature Creation Device (SSCD) compliant with Annex III and supported by a qualified
electronic signature.
The Server Signing Application (SSA) runs on a networked server supporting one or more signatories to
remotely sign electronic documents using centralized signature keys held on the signing server under sole
control of the signatory.
An SSA is intended to deliver to the user or to some other application process in a form specified by the user,
an Advanced- or where applicable a Qualified - Electronic Signature associated with a Signer's Document as
a Signed Data Object.
This document:
— provides commonly recognized functional models of TW4S;
— specifies overall requirements that apply across all of the services identified in the functional model;
— specifies security requirements for each of the services identified in the SSA.
— specifies security requirements for sensitive system components which may be used by the SSA
(e.g. Signature Creation Device (SCDev)).
This document does not specify technologies and protocols, but rather identifies requirements on the security
on technologies to be employed.
1.2 Out of scope
The following aspects are considered to be out of scope:
— other trusted services that may be used alongside this service such as signature validation service, time-
stamping service and information preservation service,
— any application or system outside of the SSA,
— the legal interpretation of any form of signature (e.g. the implications of countersignatures, of multiple
signatures and of signatures covering complex information structures containing other signatures).
1.3 Audience
This document specifies security requirements that are intended to be followed by:
— providers of SSA systems.
— Trust Service Providers (TSP) offering signature generation service.
5

---------------------- Page: 7 ----------------------

SIST-TS CEN/TS 419241:2014
CEN/TS 419241:2014 (E)
2 Normative references
The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
EN 419211 (all parts), Protection profiles for secure signature creation device
CWA 14167-2, Cryptographic module for CSP signing operations with backup — Protection profile —
CMCSOB PP
CWA 14167-3, Cryptographic module for CSP key generation services protection profile — CMCKG-PP
CWA 14167-4, Cryptographic module for CSP signing operations — Protection profile — CMCSO PP
ISO/IEC 15408 (all parts), Information technology — Security techniques — Evaluation criteria for IT security
ISO/IEC 19790:2006, Information technology — Security techniques — Security requirements for
cryptographic modules
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1
Advanced Electronic Signature
electronic signature which meets the following requirements:
— it is uniquely linked to the signer;
— it is capable of identifying the signer;
— it is created using means that the signer can maintain under his sole control; and
— it is linked to the data to which it relates in such a manner that any subsequent alteration of the data is
detectable
[SOURCE: Directive 1999/93/EC]
3.2
Certificate
electronic attestation that links a signature verification data to a person, and confirms the identity of that
person
[SOURCE: Directive 1999/93/EC]
3.3
Certificate Identifier
unambiguous identifier of a Certificate
3.4
Certification Service Provider
entity or a legal or natural person who issues certificates or provides other services related to electronic
signatures
[SOURCE: Directive 1999/93/EC]
6

---------------------- Page: 8 ----------------------

SIST-TS CEN/TS 419241:2014
CEN/TS 419241:2014 (E)
3.5
Data Content Type
signature attribute that expresses the encoding format of the Signers’ Document (SD)
3.6
Data To Be Signed
data (e.g. a document or parts of a document) to be signed as well as any signature attributes that are bound
together with the data by the signature
NOTE Data To Be Signed is the input to the cryptographic signing algorithm. The specific way that Data To Be
Signed and any signature attributes are fed as input is defined in the specifications of the signature type in use.
3.7
Electronic Signature
data in electronic form attached to - or logically associated with - other electronic data and which serves as a
method of authentication of that data
[SOURCE: Directive 1999/93/EC]
3.8
Qualified Certificate
certificate which meets the requirements laid down in Annex I of the Directive [i.e. Dir. 1999/93/EC] and is
provided by a certification service provider who fulfils the requirements laid down in Annex II of that Directive
[SOURCE: Directive 1999/93/EC]
3.9
Qualified Electronic Signature
advanced electronic signature which is based on a qualified certificate and which is created by a secure
signature creation device
Note 1 to entry: This definition based on Article 5.1 of Directive 1999/93/EC.
3.10
Secure Signature Creation Device
signature creation device that meets the requirements laid down in Annex III of the EU Directive
[SOURCE: Directive 1999/93/EC]
3.11
Signatory
Signer
person who holds a signature creation device and acts either on his own behalf or on behalf of the natural or
legal person he represents
[SOURCE: Directive 1999/93/EC]
Note 1 to entry: The term ‘signer’ is used throughout this document as a synonym.
3.12
Server Signing Application
application that provides a remote access to the Signature Creation Application (SCA)
3.13
Signature Creation Application
application that creates an electronic signature, using the digital signature produced by an SCDev connected
to the SCA
7

---------------------- Page: 9 ----------------------

SIST-TS CEN/TS 419241:2014
CEN/TS 419241:2014 (E)
3.14
Signature Creation Data
unique data, such as codes or private cryptographic keys, which are used by the signatory to create an
electronic signature
[SOURCE: Directive 1999/93/EC]
3.15
Signature Creation Data Identifier
unambiguous identifier of a SCD
3.16
Signature Creation Device
configured software or hardware used to implement the SCD
[SOURCE: Directive 1999/93/EC]
Note 1 to entry: Secure Signature Creation Device (SSCD) or Hardware Security Module (HSM) are examples of
Signature Creation Devices (SCDev).
3.17
Signature Creation Environment
physical, geographical and computational environment of the signature creation system
3.18
Signature Generation Service Provider
Trust Service provider which provides trust services that allow secure remote management of signatory's
signature creation device and generation of electronic signatures by means of such a remotely managed
device
3.19
Signature Invocation
non-trivial interaction between the signer and the SSA or SCDev that is necessary to invoke the start of the
signing process in the SSA/SCDev to generate the Signed Data Object (SDO), and that is the 'Wilful Act' of
the signer
3.20
Signature Policy
set of rules for the creation and validation of an electronic signature, that defines the technical and procedural
requirements for electronic signature creation and validation, in order to meet a particular business need, and
under which the signature can be determined to be valid
[SOURCE: ETSI/TS 101 733]
3.21
Signature Suite
combination of a signature algorithm with its parameters, a key generation algorithm, a padding method, and a
cryptographic hash function
[SOURCE: ETSI/TS 102 176]
3.22
Signed Data Object (s)
document(s) or parts of the document(s) for which an electronic signature has been generated, along with the
electronic signature
8

---------------------- Page: 10 ----------------------

SIST-TS CEN/TS 419241:2014
CEN/TS 419241:2014 (E)
3.23
Signer’s Activation Data
data (e.g. PIN, password or biometric data, one time password or cryptographically generated authentication
token) which is used to authenticate the signer to the SCDev and which is required to allow the use of the
SCD held on the SCDev and which may be referred to as 'Activation Data' in other documents
3.24
Signer's/Signers’ Document
document for which one or more signers intend to create an Electronic Signature or for which an Electronic
Signature was created
3.25
Trusted Path
path between two entities or components within an SSA that provides integrity and authenticity
3.26
Trust Service Provider
entity which provides electronic services which enhances trust and confidence in electronic transactions
3.27
Trustworthy System Supporting Server Signing
Server-side system using SCD in order to create Advanced Electronic Signatures (AdES) in accordance with
the requirements of the European Directive on Electronic Signatures [i.e. Directive 1999/93/EC]
Note 1 to entry: The system includes at least an SSA and an SCDev.
4 Symbols and abbreviations
AdES Advanced Electronic Signature
CC Common Criteria, ISO/IEC 15408, Evaluation criteria for IT security
CEN Comité Européen de Normalisation (European Committee for Standardization)
CEN/ISSS CEN Information Society Standardization System
CSP Certification Service Provider
DTBS Data to be Signed
EAL Evaluation Assurance Level
EC European Commission
EESSI European Electronic Signature Standardization Initiative
ETSI European Telecommunications Standards Institute
HSM Hardware Security Module
ISO/IEC International Organization for Standardization / International Electrotechnical Commission
ISSS Information Society Standardization System
PIN Personal Identification Number
PKC Public Key Certificate
QC Qualified Certificate
QES Qualified Electronic Signature
SAD Signer's Activation Data
SCA Signature Creation Application
SCD Signature Creation Data
9

---------------------- Page: 11 ----------------------

SIST-TS CEN/TS 419241:2014
CEN/TS 419241:2014 (E)
SCDev Signature Creation Device
SCDid Signature Creation Data Identifier
SD Signers’ Document
SDO Signed Data Object
SGSP Signature Generation Service Provider
SSA Server Signing Application
SSCD Secure Signature Creation Device
TS Technical Specifications
TSP Trust Service Provider
TW4S Trustworthy System Supporting Server Signing
WS/E- CEN/ISSS Electronic Signatures workshop
SIGN
5 Description of Trustworthy Systems Supporting Server Signing
5.1 General
This clause describes the different concepts of server signing in order to clarify how the requirements found in
the next section should be implemented.
5.2 Signature Creation and Server Signing Objectives
The purpose of the SSA and the SCDev is to take an SD and the related signature attributes, form them into
Data To Be Signed (DTBS) and produce over them an Advanced, or where applicable a Qualified, Electronic
Signature and to produce a Signed Data Object (SDO) as a result.
The form of signature to be created including whether it is a Qualified or Advanced Electronic Signature
comes within the scope of the applicable signature policy legal requirements.
5.3 AdES bound to a natural or legal person
The electronic signature for an electronic document applied in compliance with this standard can be the
signature of a natural or legal person. Within the scope of the current document the term “signatory” is used to
denote both a legal or natural person, and the term electronic signature is also used to denote an electronic
seal created by a legal person.
In case the electronic signature is a natural person’s, the identity of this natural person can be supplemented
by that of a legal person to indicate that the natural person is acting in connection with a legal person when
signing a document. This may be indicated using e.g. the “organizationName” within the subject of the natural
person’s certificate.
5.4 Levels of sole control
The Directive requires advanced electronic signature to be created under the sole control of the signatory.
Two levels of sole control are identified in the present document:
— Level 1: the signer authentication is not enforced by the SCDev but by the SSA environment and the SCA
uses the signer's SCD linked by the SSA to the authenticated identity of the signer; it is not expected that
such implementations would meet the requirements of sole control as it would be expected for an SSCD;
10

---------------------- Page: 12 ----------------------

SIST-TS CEN/TS 419241:2014
CEN/TS 419241:2014 (E)
— Level 2: the signer authentication is enforced by the SCDev by a means that the signer uses for signing
(the SAD or derivate thereof) in order to enable the use of the corresponding SCD; the signer
authentication is aimed to achieve the same level of assurance of sole control as what would be achieved
by a stand-alone SSCD.
The decision to use level 1 or 2 sole controls rests on the applicable legal requirements depending on the
signature policy and legal requirements applicable to the type of documents being signed.
5.5 Batch Server Signing
In some EU Member States it is possible to sign a batch of documents, without requiring the signer to inspect
and explicitly approve each document. This means that the signer has only to apply sole controls to the
signing process for a batch rather than each individual document.
Other countries allow signing a batch where the signer does not need to explicitly approve each document,
but gets an opportunity to inspect before signing, such as giving links to the documents in the batch.
Other countries may not allow the batch signing. In this case, it is to be ascertained if this prohibition blindly
applies to any kind of advanced electronic signatures or solely to qualified ones.
As the legal applicability of batch signing depends on legal and application environment, the SSA should have
configuration profiles to allow or disallow batch signing for AdES and QES.
5.6 SCD
5.6.1 General
Directive 1999/93/EC defines two main electronic signature types: an Advanced Electronic Signature and an
Advanced Electronic Signature based on a Qualified Certificate (so called Qualified Electronic Signature).
They have different implications as to where the SCD (usually called “private key”) is generated, kept and
used.
AdES do not strictly require private keys to be generated and kept in hardware devices, while implementations
of QES used in practice have this feature as a basic distinction.
5.6.2 SCD for AdES
To generate advanced electronic s
...