Over deze norm
This document establishes security requirements for TWSs and technical components that can be used by a CSP in order to issue QCs and NQCs in accordance with [Dir.1999/93/EC]. Although [Dir.1999/93/EC] has a very general approach and speaks of electronic signatures of any kind, the underlying assumption in this document is that electronic signatures are created by means of public key cryptography, that the subject uses a cryptographic key pair consisting of a private and public component, and that a certificate produced by a system considered in this document essentially binds the public key of the subject to the identity and possibly other information of the subject by means of an electronic signature which is created with the private key (certificate signing key) of the issuing CSP. Other forms of electronic signatures are outside the scope of this document. With reference to electronic signatures, [Dir.1999/93/EC] provides two levels of signature, one a standard Electronic Signature and the other an Advanced Electronic Signature. Within this CWA, these are used in conjunction with NQCs and QCs respectively. This CWA provides security requirements for both these levels where the security requirements for TWSs issuing QCs are higher than for those just issuing NQCs. Security requirements for TWSs also include a minimum set of requirements to be fulfilled by the signature algorithms and their parameters allowed for use by CSPs. These requirements are provided in [ALGO]. Security requirements for the optional Subject Device Provision Service, which provides SCDev/SSCD provision to Subjects are included within the scope of this CWA. However, requirements for the actual SSCD devices themselves, as used by Subjects of the CSP, are outside the scope of this document. Security requirements for SSCDs are provided in the separate document Secure Signature Creation Devices [CENSSCD].
|Nederlandse titel||Security Requirements for Trustworthy Systems Managing Certificates for Electronic Signatures - Part 1: System Security Requirements|
|Engelse titel||Security Requirements for Trustworthy Systems Managing Certificates for Electronic Signatures - Part 1: System Security Requirements|