bundesamt für sicherheit in der informationstechnik eessi - ws may 11.-12., 2000, paris, folie...
TRANSCRIPT
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May 11.-12., 2000, Paris, Folie 1/18Klaus J. Keus, BSI
Electronic Signatures in Germany,
Article 9 Committee and EESSI:
a short snap shoot
or
The Need for Harmonisation
EESSI-WS: Electronic Signature Standardisation:
The National Dimension
May 11th. - 12th., 2000
Paris , Afnor, Tour Europe
Klaus J. Keus
BSI/GISA
Electronic Signatures in GermanyElectronic Signatures in Germany
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May 11.-12., 2000, Paris, Folie 2/18Klaus J. Keus, BSI
Signature Act: SigG §3 des IUKDG (Informations- und
Kommunikationsdienstegesetz (Information and Communication
Services Act))
- ratified by the German Parliament August 1st., 1997
- Ordinance approved November 1st., 1997 (SigV)
- 2-year Evaluation time schedule / experience
Foundations
Electronic Signatures in GermanyElectronic Signatures in Germany
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May 11.-12., 2000, Paris, Folie 3/18Klaus J. Keus, BSI
existing exhaustive IT-Security Infrastructure incl.:existing exhaustive IT-Security Infrastructure incl.:
- Electronic Signature Scheme: working
(evaluation and confirmation bodies for components and
concepts installed)
- Root: operating since September 1998
- CSP: licenced in 1999: 1
licenced in 2000: 1
in 2000 will be licenced: additional 3-5
Lessons learned: I
Electronic Signatures in GermanyElectronic Signatures in Germany
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May 11.-12., 2000, Paris, Folie 4/18Klaus J. Keus, BSI
existing technical and organisational requirements:existing technical and organisational requirements:
- Technical components available and confirmed
(all required components (smart cards (E4), PKI-Systems (E2), etc.))
- Interoperability Guidance available
(ISIS: Industrial Signature Interoperability Specification, Sept. 99:
www.dud.de)
- Technical working Group of leading CSPs
- National Coordination Board: Mirror working group to EESSI (AG INDI)
Lessons learned: II
Electronic Signatures in GermanyElectronic Signatures in Germany
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May 11.-12., 2000, Paris, Folie 5/18Klaus J. Keus, BSI
Trial pilots / applications:Trial pilots / applications:
- Government: e.g. public procurement (call for tender), digital identity
card for government employees etc.
- Trade & Industry:
several in preparation (insurance area, banking area, notary area, tax
consulting area etc.)
Lessons learned: III
Electronic Signatures in GermanyElectronic Signatures in Germany
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May 11.-12., 2000, Paris, Folie 6/18Klaus J. Keus, BSI
- Update of the current Signature Act respecting the EU-Directive
- Respecting the experiences of the evaluation phase
- overall concept and coordination of actions to implement electronic
signatures in trade & industry and in government (i.e. private and
public areas)
- Enhance the specific legislation for the adoption of electronic
signatures as an equivalent to handwritten signatures (e.g. civil law,
administration law etc.)
Call for Action
Electronic Signatures in GermanyElectronic Signatures in Germany
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May 11.-12., 2000, Paris, Folie 7/18Klaus J. Keus, BSI
Scalability of electronic signatures
High value electr. signatures
Qualified electronic signatures (Article 5 (1))
electronic signatures
High
Medium
Basic
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May 11.-12., 2000, Paris, Folie 8/18Klaus J. Keus, BSI
- definition of a harmonised legal framework for qualified signatures
(exclusively)
- harmonisation of the requirements in respect to Annex I, II, III and IV
- Implementation of supervision scheme
- replacement of CSP licencing by optional voluntary accreditation of
CSPs
Update of the Signature Act:general requirements I
Electronic Signatures in GermanyElectronic Signatures in Germany
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May 11.-12., 2000, Paris, Folie 9/18Klaus J. Keus, BSI
- Maintaining the current security level by voluntary accreditation of
CSPs and (enhanced) requirements for technical components (based
upon offer)
- ensuring „former“ investigations
- Liability of CSPs
- enhancement of privacy requirements in accordance to EU-directive for
all CSPs
Update of the Signature Act:general requirements II
Electronic Signatures in GermanyElectronic Signatures in Germany
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May 11.-12., 2000, Paris, Folie 10/18Klaus J. Keus, BSI
- adoption of terminology (§ 2)
- permission for CSP subcontracting (§ 4 (5))
- qualified attribute certificates linked to the qualified certificate (§ 5, § 8)
- regulation for the accreditation of confirmation bodies (§14 ©)
- adoption of regulations for fine (§ 14 (f))
Update of the Signature Act:specific requirements I
Electronic Signatures in GermanyElectronic Signatures in Germany
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May 11.-12., 2000, Paris, Folie 11/18Klaus J. Keus, BSI
- technical neutral requirements for time stamping (§ 2 (14))
- adoption of updated regulations for the recognition of
foreign electronic signatures and products (§ 15)
Update of the Signature Act:specific requirements II
Electronic Signatures in GermanyElectronic Signatures in Germany
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May 11.-12., 2000, Paris, Folie 12/18Klaus J. Keus, BSI
- June 2000: ratification by the German cabinet
- Fall 2000: ratification by the German Parliament
- January 2001: Implacement (goal)
- source / reference: www.iukdg.de
Time schedule
Electronic Signatures in GermanyElectronic Signatures in Germany
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May 11.-12., 2000, Paris, Folie 13/18Klaus J. Keus, BSI
Electronic-Signature Committee (Article 9 Committee):
- the definition of legal and procedural Issues
- approval of EESSI output
- assistance for the EC
EESSI:
- „technical“ support for article 9 committee (article 3(5))
- exclusively technical issues
(creation / definition and the analysis of available and
generally recognised standards)
- deliverables as input for the article 9 committee
Tasks: Main view
Electronic-Signature CommitteeElectronic-Signature Committee
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May 11.-12., 2000, Paris, Folie 14/18Klaus J. Keus, BSI
Tasks laid down in Annex 10 as: clarification of the requirements laid down in the Annexes I-IV Clarification of the requirements referred to Article 3(4) Clarification of the existing and published, generally recognised standards for signature products in accordance with Article 3(5)
other matters (e.g.): exchange of information on the envisaged national supervision and accreditation schemes / systems ensure interoperability of services and products discuss additional requirements set up in the public sector
Tasks
Electronic-Signature CommitteeElectronic-Signature Committee
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May 11.-12., 2000, Paris, Folie 15/18Klaus J. Keus, BSI
Certificate validation model:
Chain model vs. shell model vs. hybrid model
Attribute Certificates
Criteria for the Accreditation of CSPs:
* BS7799:
and further criteria:
* GIMITS
* IT-Baseline Security Handbook
Open issues(e.g.)
Contributions of EESSI vs. National activities / needs
Contributions of EESSI vs. National activities / needs
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May 11.-12., 2000, Paris, Folie 16/18Klaus J. Keus, BSI
- Time frame:
18 months for implementation of directive vs.
Schedule of EESSI workplan
- Priorities of packages:
what‘s needed - what‘s desired?
- Interoperability vs. Security?
- Trial applications: Link to EC - ISIS Projects
Problems
Contributions of EESSI vs. National activitiesContributions of EESSI vs. National activities
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May 11.-12., 2000, Paris, Folie 17/18Klaus J. Keus, BSI
- to EESSI for arranging this platform for discussion
- to CEN/ISSS, ETSI and EA for their contributions
- to the experts doing the work
- to EC DG Entreprise to enable the EESSI Project
- to you for listening
Thanks
Contributions of EESSI vs. National activitiesContributions of EESSI vs. National activities
Bundesamt für Sicherheit in der Informationstechnik EESSI - WS May 11.-12., 2000, Paris, Folie 18/18Klaus J. Keus, BSI
Questions?
Contributions of EESSI vs. National activitiesContributions of EESSI vs. National activities