bundesamt für sicherheit in der informationstechnik eessi - ws may 11.-12., 2000, paris, folie...

Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May 11.-12., 2000, Paris, Folie 1/18Klaus J. Keus, BSI

Electronic Signatures in Germany,

Article 9 Committee and EESSI:

a short snap shoot

or

The Need for Harmonisation

EESSI-WS: Electronic Signature Standardisation:

The National Dimension

May 11th. - 12th., 2000

Paris , Afnor, Tour Europe

Klaus J. Keus

BSI/GISA

Electronic Signatures in GermanyElectronic Signatures in Germany


Signature Act: SigG §3 des IUKDG (Informations- und

Kommunikationsdienstegesetz (Information and Communication

Services Act))

- ratified by the German Parliament August 1st., 1997

- Ordinance approved November 1st., 1997 (SigV)

- 2-year Evaluation time schedule / experience

Foundations



existing exhaustive IT-Security Infrastructure incl.:existing exhaustive IT-Security Infrastructure incl.:

- Electronic Signature Scheme: working

(evaluation and confirmation bodies for components and

concepts installed)

- Root: operating since September 1998

- CSP: licenced in 1999: 1

licenced in 2000: 1

in 2000 will be licenced: additional 3-5

Lessons learned: I



existing technical and organisational requirements:existing technical and organisational requirements:

- Technical components available and confirmed

(all required components (smart cards (E4), PKI-Systems (E2), etc.))

- Interoperability Guidance available

(ISIS: Industrial Signature Interoperability Specification, Sept. 99:

www.dud.de)

- Technical working Group of leading CSPs

- National Coordination Board: Mirror working group to EESSI (AG INDI)

Lessons learned: II



Trial pilots / applications:Trial pilots / applications:

- Government: e.g. public procurement (call for tender), digital identity

card for government employees etc.

- Trade & Industry:

several in preparation (insurance area, banking area, notary area, tax

consulting area etc.)

Lessons learned: III



- Update of the current Signature Act respecting the EU-Directive

- Respecting the experiences of the evaluation phase

- overall concept and coordination of actions to implement electronic

signatures in trade & industry and in government (i.e. private and

public areas)

- Enhance the specific legislation for the adoption of electronic

signatures as an equivalent to handwritten signatures (e.g. civil law,

administration law etc.)

Call for Action



Scalability of electronic signatures

High value electr. signatures

Qualified electronic signatures (Article 5 (1))

electronic signatures

High

Medium

Basic


- definition of a harmonised legal framework for qualified signatures

(exclusively)

- harmonisation of the requirements in respect to Annex I, II, III and IV

- Implementation of supervision scheme

- replacement of CSP licencing by optional voluntary accreditation of

CSPs

Update of the Signature Act:general requirements I



- Maintaining the current security level by voluntary accreditation of

CSPs and (enhanced) requirements for technical components (based

upon offer)

- ensuring „former“ investigations

- Liability of CSPs

- enhancement of privacy requirements in accordance to EU-directive for

all CSPs

Update of the Signature Act:general requirements II



- adoption of terminology (§ 2)

- permission for CSP subcontracting (§ 4 (5))

- qualified attribute certificates linked to the qualified certificate (§ 5, § 8)

- regulation for the accreditation of confirmation bodies (§14 ©)

- adoption of regulations for fine (§ 14 (f))

Update of the Signature Act:specific requirements I



- technical neutral requirements for time stamping (§ 2 (14))

- adoption of updated regulations for the recognition of

foreign electronic signatures and products (§ 15)

Update of the Signature Act:specific requirements II



- June 2000: ratification by the German cabinet

- Fall 2000: ratification by the German Parliament

- January 2001: Implacement (goal)

- source / reference: www.iukdg.de

Time schedule



Electronic-Signature Committee (Article 9 Committee):

- the definition of legal and procedural Issues

- approval of EESSI output

- assistance for the EC

EESSI:

- „technical“ support for article 9 committee (article 3(5))

- exclusively technical issues

(creation / definition and the analysis of available and

generally recognised standards)

- deliverables as input for the article 9 committee

Tasks: Main view

Electronic-Signature CommitteeElectronic-Signature Committee


Tasks laid down in Annex 10 as: clarification of the requirements laid down in the Annexes I-IV Clarification of the requirements referred to Article 3(4) Clarification of the existing and published, generally recognised standards for signature products in accordance with Article 3(5)

other matters (e.g.): exchange of information on the envisaged national supervision and accreditation schemes / systems ensure interoperability of services and products discuss additional requirements set up in the public sector

Tasks

Electronic-Signature CommitteeElectronic-Signature Committee


Certificate validation model:

Chain model vs. shell model vs. hybrid model

Attribute Certificates

Criteria for the Accreditation of CSPs:

* BS7799:

and further criteria:

* GIMITS

* IT-Baseline Security Handbook

Open issues(e.g.)

Contributions of EESSI vs. National activities / needs

Contributions of EESSI vs. National activities / needs


- Time frame:

18 months for implementation of directive vs.

Schedule of EESSI workplan

- Priorities of packages:

what‘s needed - what‘s desired?

- Interoperability vs. Security?

- Trial applications: Link to EC - ISIS Projects

Problems

Contributions of EESSI vs. National activitiesContributions of EESSI vs. National activities


- to EESSI for arranging this platform for discussion

- to CEN/ISSS, ETSI and EA for their contributions

- to the experts doing the work

- to EC DG Entreprise to enable the EESSI Project

- to you for listening

Thanks



Questions?


bundesamt für sicherheit in der informationstechnik eessi - ws may 11.-12., 2000, paris, folie...

Documents