Over deze norm
|Commissie||Informatiebeveiliging, Cyber security en Privacy|
Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a community framework for electronic signatures [EC 1999/93] - referred to as the Directive in the remainder of this document - established a legal framework for electronic signatures and certification-services in order to contribute to their legal recognition. It is laid down in article 5.1 that electronic signatures fulfilling certain quality metrics - so called qualified electronic signatures - satisfy the requirements of handwritten signatures. In article 5.2 a residual provision is given where general signatures are defined admissible as evidence in legal proceedings, even if the quality metrics of qualified electronic signatures are not met. The scope of this document is on the latter - general signatures that do not comprise the requirements laid down for qualified electronic signatures in article 5.1 of the Directive. The document therefore analyses the differences between cryptographic mechanism of digital signatures, qualified electronic signatures (according to article 5.1 of the Directive), and general electronic signatures (according to article 5.2 of the Directive). In addition, a set of use cases of electronic signatures which do not fulfil some of the requirements laid down in article 5.1 are discussed in order to point out its effectiveness in e-commerce environments or in various application fields asking for authentication measures. In addition to the use cases, the evidence that is provided by electronic signatures is discussed. The electronic signatures and certification-services are broken up into its basic elements and the proof provided by each element is discussed from a legal perspective in order to establish the coherence between the technical elements and its legal effect. An Annex of the document contains a Protection Profile (PP) for a Signature Creation Device (SCDev) suitable for such general electronic signatures. The SCDev-PP follows the provision of the Common Criteria (CC) [ISO 15408]. It is based on the [SSCD PP] that has been developed as a standard for devices that are capable of creating qualified electronic signatures. A comparison between the [SSCD PP] and the SCDev PP is given that points out the main differences. Although a CC PP has been chosen in the Annex of this CWA for highlighting the added value of independent evaluation of the security measures provided by the SCDev, other evaluation criteria may serve that purpose as well. Examples of such criteria are [FIPS 140-2] or [ITSEC].
|Nederlandse titel||Toelichting voor het gebruik van Electronische Handtekeningen|
|Engelse titel||Guide on the use of Electronic Signatures|