SIST-TP CEN/TR 419210:2019

SLOVENSKI STANDARD
SIST-TP CEN/TR 419210:2019
01-maj-2019
8SRUDEQRVWVWDQGDUGRY&(1]DNYDOLILFLUDQRHOHNWURQVNRQDSUDYR]DXVWYDUMDQMH
SHþDWDYVNODGX]8UHGER(8ãWH,'$6
Applicability of CEN Standards to Qualified Electronic Seal Creation Device under the
EU Regulation N°910/2014 (eIDAS)
Anwendbarkeit von CEN Normen für qualifizierte elektronische
Siegelerstellungseinheiten unter der eIDAS Verordnung.
Applicabilité des normes CEN aux dispositifs de création de cachet électronique qualifiés
sous la régulation européenne n°910/2014 (eIDAS)
Ta slovenski standard je istoveten z: CEN/TR 419210:2019
ICS:
35.030 Informacijska varnost IT Security
35.240.63 Uporabniške rešitve IT v IT applications in trade
trgovini
SIST-TP CEN/TR 419210:2019 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST-TP CEN/TR 419210:2019

---------------------- Page: 2 ----------------------

SIST-TP CEN/TR 419210:2019


CEN/TR 419210
TECHNICAL REPORT

RAPPORT TECHNIQUE

March 2019
TECHNISCHER BERICHT
ICS 35.030; 35.240.63
English Version

Applicability of CEN Standards to Qualified Electronic Seal
Creation Device under the EU Regulation N°910/2014
(eIDAS)
Application des normes du CEN aux dispositifs de Anwendbarkeit von CEN Normen für qualifizierte
création de cachets électroniques qualifiés au titre du elektronische Siegelerstellungseinheiten unter der
règlement européen n°910/2014 (eIDAS) Verordnung (EU) Nr. 910/2014 (eIDAS)


This Technical Report was approved by CEN on 18 February 2019. It has been drawn up by the Technical Committee CEN/TC
224.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and United Kingdom.





EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2019 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TR 419210:2019 E
worldwide for CEN national Members.

---------------------- Page: 3 ----------------------

SIST-TP CEN/TR 419210:2019
CEN/TR 419210:2019 (E)
Contents
European foreword . 3
Introduction . 4
1 Scope . 5
2 Normative references . 5
3 Terms, definitions and abbreviations . 5
3.1 Terms and definitions . 5
3.2 Abbreviations . 5
4 A consideration of relevant regulatory requirements . 6
5 Features commonly required by use cases . 8
5.1 Introduction . 8
5.2 Features . 9
5.2.1 Local / Remote . 9
5.2.2 Authentication Shared / Not Shared . 9
5.2.3 Multiple Digital Signatures . 9
5.2.4 Key Shared / Not Shared . 9
5.2.5 Secure Environment . 9
6 Analysis of Standard and Required Features. 10
6.1 EN 419 211-x . 10
6.1.1 General. 10
6.1.2 Regulatory vs Standard Requirements . 10
6.1.3 Applicability to Required Features . 10
6.2 EN 419 221-5 . 11
6.2.1 General. 11
6.2.2 Regulatory vs Standard Requirements . 11
6.2.3 Applicability to Required Features . 12
6.3 EN 419 241-1 / −2 . 15
6.3.1 General. 15
6.3.2 Regulatory vs Standard Requirements . 15
6.3.3 Applicability to Required Features . 16
7 Summary of conclusions . 17
Annex A (informative) Example Use Cases . 18
A.1 General. 18
A.2 Own key: . 18
A.3 Remote Signing . 18
A.4 Shared key, shared authentication . 19
A.5 Shared key, separate authentication . 19
A.6 Empowered Application . 20
A.7 TSP Sealing . 20
Bibliography . 22


2

---------------------- Page: 4 ----------------------

SIST-TP CEN/TR 419210:2019
CEN/TR 419210:2019 (E)
European foreword
This document (CEN/TR 419210:2019) has been prepared by Technical Committee CEN/TC 224
“Personal identification, electronic signature and cards and their related systems and operations”, the
secretariat of which is held by AFNOR.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
3

---------------------- Page: 5 ----------------------

SIST-TP CEN/TR 419210:2019
CEN/TR 419210:2019 (E)
Introduction
EU Regulation No 910/2014 on electronic identification and trust services for electronic transactions in
the internal market (also known as eIDAS)[1] builds on the concept and requirements defined in the
repealed EU Directive 1999/93 on Electronic Signatures [2]. eIDAS defines an electronic seal which
authenticates the origin of data but created under control, as opposed to “sole control” for electronic
signatures, of a legal person (e.g. organization), as opposed to natural person (i.e. individual).
Technically, electronic seals have similar requirements as electronic signatures and both can be based on
digital signatures. eIDAS recognizes a special level of qualified electronic seal which is created using a
qualified seal creation device (QSealCD) and supported by a qualified certificate, in the similar way as a
qualified electronic signature is created using qualified signature creation device (QSigCD) supported by
a qualified certificate. The requirements for a qualified seal creation device are described as “mutatis
mutandis” as for a qualified signature creation device. The requirements for a qualified signature creation
device are considered to be met by the equivalent defined in Directive 1999/93 referred to as a secure
signature creation device (SSCD).
CEN has issued standards EN 419 211 parts 1 to 6, which were initially aimed at SSCD but have been
accepted as applicable to QSigCD and QSealCD (COMMISSION IMPLEMENTING DECISION (EU) 2016/650
of 25 April 2016). Further standards have since been issued EN 419 221 part 5 and EN 419 241 parts 1
and 2 which can also be applied as QSigCD and QSealCD. However, for some use cases of electronic seals
some standards may be considered more appropriate than others.
This document considers the legal requirements and practical use cases against the features of the
standards to assist in selecting the most appropriate standard.
4

---------------------- Page: 6 ----------------------

SIST-TP CEN/TR 419210:2019
CEN/TR 419210:2019 (E)
1 Scope
This document considers the legal requirements and practical use cases against the features of the CEN
standards which may be used to support electronic seals in accordance to EU Regulation N° 910/2014
with the aim to provide guidance on the most appropriate standard to use in particular types of usage.
2 Normative references
There are no normative references in this document.
3 Terms, definitions and abbreviations
3.1 Terms and definitions
For the purposes of this document, the terms and definitions given in EU Regulation N° 910/2014 and
the following apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
• IEC Electropedia: available at http://www.electropedia.org/
• ISO Online browsing platform: available at http://www.iso.org/obp
NOTE The term “seal” is used to denote “electronic seal”, and “signature” is used to denote “electronic
signature”.
3.1.1
digital signature
data appended to, or a cryptographic transformation of a data unit that allows a recipient of the data unit
to prove the source and integrity of the data unit and protect against forgery (e.g. by the recipient)
Note 1 to entry: Digital signature is a technical concept which may be related to the legal concept of electronic
signature or electronic seal as defined in EU Regulation N° 910/2014.
3.1.2
signer
entity being the creator of a digital signature
Note 1 to entry: Signer is a technical concept which may be related to the legal concepts of signatory or creator of a
seal.
3.2 Abbreviations
DTBS Data To Be Signed
DTBS/R Data to be signed or its unique representation
eIDAS EU Regulation N° 910/2014 [1]
SSCD secure signature creation device
TSP trust service provider
QSealCD qualified seal creation device
QSigCD qualified signature creation device
QSCD Either QSealCD or QSigCD
QTSP qualified trust service provider
5

---------------------- Page: 7 ----------------------

SIST-TP CEN/TR 419210:2019
CEN/TR 419210:2019 (E)
4 A consideration of relevant regulatory requirements
The following recitals and articles of eIDAS are considered to have impact on the requirements for
electronic seals, which may or may not be supported by a QSealCD, in particular where they differ from
electronic signatures. Those items considered most relevant are underlined.
Recital (51) It should be possible for the signatory to entrust qualified electronic signature creation
devices to the care of a third party, provided that appropriate mechanisms and procedures are
implemented to ensure that the signatory has sole control over the use of his electronic signature creation
data, and the qualified electronic signature requirements are met by the use of the device.
Recital (52) The creation of remote electronic signatures, where the electronic signature creation
environment is managed by a trust service provider on behalf of the signatory, is set to increase in the
light of its multiple economic benefits. However, in order to ensure that such electronic signatures receive
the same legal recognition as electronic signatures created in an entirely user-managed environment,
remote electronic signature service providers should apply specific management and administrative
security procedures and use trustworthy systems and products, including secure electronic
communication channels, in order to guarantee that the electronic signature creation environment is
reliable and is used under the sole control of the signatory. Where a qualified electronic signature has
been created using a remote electronic signature creation device, the requirements applicable to
qualified trust service providers set out in this Regulation should apply.
Recital (59) Electronic seals should serve as evidence that an electronic document was issued by a legal
person, ensuring certainty of the document’s origin and integrity.
Recital (65) In addition to authenticating the document issued by the legal person, electronic seals can be
used to authenticate any digital asset of the legal person, such as software code or servers.
Article 3. (25) ‘electronic seal’ means data in electronic form, which is attached to or logically associated
with other data in electronic form to ensure the latter’s origin and integrity;
Article 3.((31) ‘electronic seal creation device’ means configured software or hardware used to create an
electronic seal;
Article 3.(32) ‘qualified electronic seal creation device’ means an electronic seal creation device that
meets mutatis mutandis the requirements laid down in Annex II
Article 35.2 A qualified electronic seal shall enjoy the presumption of integrity of the data and of
correctness of the origin of that data to which the qualified electronic seal is linked.
Article 36 Requirements for advanced electronic seals [compared with advanced electronic signatures].
An advanced electronic seal shall meet the following requirements:
(a) it is uniquely linked to the creator of the seal; [same as electronic signature.]
(b) it is capable of identifying the creator of the seal; [same as electronic signature.]
(c) it is created using electronic seal creation data that the creator of the seal can, with a high level of
confidence under its control, use for electronic seal creation; and [electronic signature requires “sole
control”]
(d) it is linked to the data to which it relates in such a way that any subsequent change in the data are
detectable. [electronic signature “linked to data signed therewith” which it is understood has the same
technical implications.]
Article 39 references Article 29, 30, 31 “mutatis mutandis”;
Annex II Requirements For Qualified Electronic Signature Creation Devices:
6

---------------------- Page: 8 ----------------------

SIST-TP CEN/TR 419210:2019
CEN/TR 419210:2019 (E)
1. Qualified electronic signature creation devices shall ensure, by appropriate technical and procedural
means, that at least:
(a) the confidentiality of the electronic signature creation data used for electronic signature creation
is reasonably ensured;
(b) the electronic signature creation data used for electronic signature creation can practically occur
only once;
(c) the electronic signature creation data used for electronic signature creation cannot, with
reasonable assurance, be derived and the electronic signature is reliably protected against
forgery using currently available technology;
(d) the electronic signature creation data used for electronic signature creation can be reliably
protected by the legitimate signatory against use by others.
2. Qualified electronic signature creation devices shall not alter the data to be signed or prevent such data
from being presented to the signatory prior to signing.
3. Generating or managing electronic signature creation data on behalf of the signatory may only be done
by a qualified trust service provider.
4. Without prejudice to point (d) of point 1, qualified trust service providers managing electronic
signature creation data on behalf of the signatory may duplicate the electronic signature creation
data only for back-up purposes provided the following requirements are met:
(a) the security of the duplicated data sets must be at the same level as for the original data sets;
(b) the number of duplicated data sets shall not exceed the minimum needed to ensure continuity of
the service.
The following qualified trust services identified in the Regulation require the use of advanced electronic
seal or signature created by the qualified trust service provider:
- Article 33: Qualified validation service
- Article 42: time-stamp
- Article 44: registered delivery services
- Annex I: Certificate for electronic signature
- Annex III: Certificate for electronic seal
- Annex IV: Certificate for website authentication
In addition to these recitals, articles and Annex II requirements, the following relating directly to qualified
electronic signatures and indirectly (mutatis mutandis) to qualified electronic seals can have impact on
the technical requirements of QSealCD:
Article 26: An advanced electronic signature shall meet the following requirements:
(a) it is uniquely linked to the signatory;
(b) it is capable of identifying the signatory;
7

---------------------- Page: 9 ----------------------

SIST-TP CEN/TR 419210:2019
CEN/TR 419210:2019 (E)
(c) it is created using electronic signature creation data that the signatory can, with a high level of
confidence, use under his sole control; and
(d) it is linked to the data signed therewith in such a way that any subsequent change in the data are
detectable.
Article 30: Certification of qualified electronic signature creation devices
1. Conformity of qualified electronic signature creation devices with the requirements laid down in
Annex II shall be certified by appropriate public or private bodies designated by Member States.
EN 28.8.2014 Official Journal of the European Union L 257/101
2. Member States shall notify to the Commission the names and addresses of the public or private body
referred to in paragraph 1. The Commission shall make that information available to Member States.
3. The certification referred to in paragraph 1 shall be based on one of the following:
(a) a security evaluation process carried out in accordance with one of the standards for the security
assessment of information technology products included in the list established in accordance
with the second subparagraph; or
(b) a process other than the process referred to in point (a), provided that it uses comparable security
levels and provided that the public or private body referred to in paragraph 1 notifies that
process to the Commission. That process may be used only in the absence of standards referred
to in point (a) or when a security evaluation process referred to in point (a) is ongoing.
The Commission shall, by means of implementing acts, establish a list of standards for the security
assessment of information technology products referred to in point (a). Those implementing acts
shall be adopted in accordance with the examination procedure referred to in Article 48(2).
4. The Commission shall be empowered to adopt delegated acts in accordance with Article 47 concerning
the establishment of specific criteria to be met by the designated bodies referred to in paragraph 1
of this Article.
The following point is considered of particular significance in considering the differences in requirements
between devices supporting signatures and seals in eIDAS:
Signatures require “sole control” whereas seals require “control” which implies differences in the form
of control over the signing key, and in particular whether this has to be under the control of just one
individual natural person or, in the case of a seal, may be under control of an organisational entity (see
particularly 36 c highlighted above).
5 Features commonly required by use cases
5.1 Introduction
This clause identifies features commonly required by use cases employing seals such as identified in
Annex A.
8

---------------------- Page: 10 ----------------------

SIST-TP CEN/TR 419210:2019
CEN/TR 419210:2019 (E)
5.2 Features
5.2.1 Local / Remote
The QSealCD is either:
a) Local: Under direct control of the signer, or
b) Remote: Managed by a QTSP
5.2.2 Authentication Shared / Not Shared
The authentication data used to authorize use of a signing key protected by a QSealCD is under control
of:
a) Not shared: An authorized individual person (or authorized application), or
b) Shared: A set of individuals (or authorized applications) applying organisational controls to restrict
availability to authorized individuals.
5.2.3 Multiple Digital Signatures
A person or application(s) is authorized to use a signing key protected by a QSealCD to create:
a) Single: A single digital signature against a single data object or its representation (DTBS/R)
b) Multiple Set: Multiple digital signatures against a defined set of DTBS/R
c) Multiple Limited: A set of digital signatures against a set of DTBS/R limited by time or other usage
parameter
d) Multiple unlimited: An unlimited set of digital signatures against a undefined set of DTBS/R
5.2.4 Key Shared / Not Shared
The key used to create a digital signature is under control of:
a) Not Shared: Single person representing a legal person (or authorized application), with other persons
(or authorized applications) representing the same legal person having a different key.
b) Shared: Multiple persons (or authorized applications) who all represent the same legal person and
share the same key .
5.2.5 Secure Environment
The security of the environment where the QSCD is managed:
a) No Sec Requirement: No specific requirements on environment security,
b) Secured: The QSealCD is used in a secure environment with physical access and use of the device is
restricted to persons and applications trusted to act for the legal person.
c) TSP: The QSealCD is operated by an audited TSP (i.e. Qualified TSP).
9

---------------------- Page: 11 ----------------------

SIST-TP CEN/TR 419210:2019
CEN/TR 419210:2019 (E)
6 Analysis of Standard and Required Features
6.1 EN 419 211-x
6.1.1 General
This clause discusses how the regulatory requirements and the required features for use of a QSealCD
are supported by EN 419 211 parts 1 to 6 [3].
Unless stated otherwise the part and clause references given below relate to EN 419 211 [3].
6.1.2 Regulatory vs Standard Requirements
The standard is aimed at meeting the requirements of a secure signature creation device to support
electronic signatures in Directive 1999/93 including Annex III (Clause 5). This may be considered
equivalent to eIDAS Annex II items 1 and 2. eIDAS Annex II Items 3 and 4 relating to remote signature /
seal creation are not included.
The equivalent may also be applied “Mutatis Mutandis” to Qualified Signature Creation Device where the
requirements for control are considered to be less stringent (“control” instead of “sole control”).
6.1.3 Applicability to Required Features
Feature Applicability Relevant requirement Notes
(references relate to
EN 419 211)
F1: Local / Remote Local The whole standard. The standard was written
in terms of requirements
As example see part 1
for SSCD (considered
Clause 3.2 definitions.
equivalent to QSigCD) for
the creation of qualified
electronic signatures (e.g.
see part 1 Clause 3.2
definitions).
Remote not covered in
Directive 1999/93 used as
the basis for EN 419 211.
It is assumed that the
signing device is under
direct control of the
signatory and not
managed by a TSP (not
covered by SSCD
requirements).
This means that QSealCD
which are based on this
standard cannot be used
for remote signing.
10

---------------------- Page: 12 ----------------------

SIST-TP CEN/TR 419210:2019
CEN/TR 419210:2019 (E)
F2: Authentication Not shared The standard defines the The standard is not aimed
Shared / Not Shared signatory as a person who acts at sharing authentication
on behalf of a natural or legal data among several
person (see part 1 people.
Clause 3.2.15)
This would break the strict
The reference authentication rules of the standard for
data (RAD) (see part 1 3.2.13) the RAD and VAD to
and validation authentication authenticate a single
data (VAD – see 3.2.23) used in person (called the
the standard is aimed at signatory).
authenticating the signatory (a
This means that QSealCD
person in the singular).
which are based on this
standard cannot be used
with shared
authentication.
F3: Multiple Single The intent to sign is linked to a This means that QSealCD
signatures specific DTRBS/R. (see part 1 which are based on this
Clause 6.2.1 item e) standard cannot be used
for any form of multiple
The “user” of the SSCD can be a
signatures.
human user or external IT
entity (see part 1
Clause 3.2.13).
F4: Key Shared / Not Not Shared The standard defines the The RAD and VAD
Shared signatory as a person who acts authenticate only a single
on behalf of a natural or legal person (called the
person (see part 1 signatory).
Clause 3.2.15)
This means that QSealCD
which are based on this
standard cannot be used
with shared keys.
F5: Secure No Sec No assumptions in the
environment Requirements standards for the operational
environment.
6.2 EN 419 221-5
6.2.1 General
This clause discusses how the regulatory requirements and the required features for use of a QSealCD
are supported by EN 419 221-5 [4].
Unless stated otherwise the clause references given below relate to EN 419 221-5 [4].
The conditions for the use of an EN 419 221-5 cryptographic device as a local qualified electronic
[signature or] seal creation device is specified in TS 419 221-6.
6.2.2 Regulatory vs Standard Requirements
The primary purpose of EN 419 221-5 is for use by TSPs (qualified and non-qualified) (Clause 4.3.1).
The standard also indicates it is intended to meet the requirements of Qualified Electronic Signature, and
Electronic Seal, Creation Devices (Clause 4.3.2) when used locally by TSPs.
11

---------------------- Page: 13 ----------------------

SIST-TP CEN/TR 419210:2019
CEN/TR 419210:2019 (E)
Appendix A of EN 419 221-5 describes how the requirements for a Qualified Signature Creation Device
(as defined in Annex II of (EU) No 910/2014) are covered by the standard.
The equivalent may also be applied “Mutatis Mutandis” to a Qualified Seal Creation Device where the
requirements for control are considered to be less stringent (“control” instead of “sole control”).
6.2.3 Applicability to Required Features
Feature Applicability Relevant requirement Notes
(references relate to
EN 419 221–5 unless
indicated otherwise)
F1: Local / Local, or The standard covers both This means that QSealCD which are
Remote use cases for Local Signing based on this standard can be used
Remote
and Remote Signing. for Local Signing.
Section 4.4.2.2 describes The cryptographic module requires
the Local Signing use case. authorization information to control
access to the key. When used for
Section 4.4.2.3 describes
remote sealing this authorization
the Remote signing use
needs to be under remote control of
case.
the legal person. This may be
The following text is
provided by the authorization
quoted from the section
mechanism directly supporting
This use case is aimed at
remote control by the legal person or
TSPs supporting
addition of certified functionality as
requirements for remote
described in EN 419 241–2.
signing, or sealing, as
specified in Regulation Note that the text in EN 419 221–5
910/2014. In th
...