1 / 18

Implementation of Electronic Signature Law

Implementation of Electronic Signature Law. Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic of Lithuania. Electronic Signature Law (1).

ntravis
Download Presentation

Implementation of Electronic Signature Law

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic of Lithuania

  2. Electronic Signature Law (1) • Came into force on 11 July, 2000 and is based on the Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures • Changes of Electronic signature law were made on 6 June, 2002

  3. Electronic Signature Law (2) • The law regulates the creation, verification, and validity of electronic signature, signature users’ rights and obligations, establish the certification services and requirements of their providers and the rights and functions of the institution of electronic signature supervision • Technological neutrality principle is held and several general principles of PKI are defined

  4. Electronic Signature Law (3) • Secure-electronicsignaturecreated by a secure-signaturecreation-device and based on a qualified-certificate which is valid , shall have the same legal force that a hand-written signature in written documents has and shall be admissible as evidence in court • If parties agree - electronic signature will have the same force that a hand-written signature in written documents has and shall be admissible as evidence in court(amendment of Electronic signature law on July 6, 2002)

  5. Electronic signature supervision institution • By the Resolution Nr. 568 the Government of the Republic of Lithuania on April 27, 2002 has transferred function of Electronic signature supervision institution to the Informational Society Development Committee • The Informational Society Development Committee organises and coordinates processes related to the development of information society

  6. Directive 1999/93/EC ETSI, (EESSI ) standards The law onelectronic signatures June 11, 2000(amended on June 6, 2002) Legislative functions Supervision body (Information Society Development Committee) April 23, 2002 Registration of service providers Voluntary accreditation Supervision

  7. Legal Acts Regulating Electronic Signature • Acts within competence of Government: • Requirements for certification service providers issuing qualified certificates • Requirements for electronic signature creation devices • The procedure for registration of certification service providers issuing qualified certificates • The order of supervision of electronic signature

  8. Legal Acts Regulating Electronic Signature in Lithuania (Follow-up) • Acts within competence of supervision institution: • Requirements for electronic signature verification procedure • Requirements and the order for voluntary accreditation of certification service providers • The order of supply of supplementary certification services (time-stamping, directory services, consultancy services)

  9. Levels of standardization and regulation Signature Law Directive National legislation Ordinance Annexes National decree (high-lev reqs) E.g. Germany, Italy: EU Directive National implementation Level 1 Level 2 Level 3 Level 4 Source: European Electronic Signature Standardization Initiative (EESSI) Final report of the EESSI expert team 20 July, 1999 Supervision Technical Rules International functional and quality standards Conformity assessment Standards International interoperability standards

  10. Lithuanian standards regulating electronic signature infrastructure LST ETSI TS 101 456 – Policy requirements for certification authorities issuing qualified certificates LST ETSI TS 101 733 – Electronic signature formats LST ETSI TS 101 861 – Time stamping profile LST ETSI TS 101 862 – Qualified certificate profile LST ETSI TS 102 023 – Policy requirements for time-stamping authorities LST ISO – IEC 17799 – Information technology – Code of practice for information security management LST CWA 14168 – Secure signature-creation devices “EAL4” LST CWA 14170 – Security requirements for signature creation applications LST CWA 14171 – Procedures for electronic signature verification

  11. Lithuanian standards regulating electronic signature infrastructure(follow-up) LST CWA 14167-1 – Security requirements for trustworthy systems managing certificates for electronic signatures – Part 1: System security requirements LST CWA 14167- 2 - Security requirements for trustworthy systems managing certificates for electronic signatures – Part 2: Cryptographic module for CSP signing operations – Protection profile (MCSO-PP) LST CWA 14167-3 - Security requirements for trustworthy systems managing certificates for electronic signatures – Part 3: Cryptographic module for CSP key generation services LST ISO 9001:2001 – Quality managements systems. Requirements LST ISO/IEC 15408 – Information technology – Security techniques – Evaluation criteria for IT security Part 1: Introduction and general model Part 2: Security functional requirements Part 3: Security assurance requirements

  12. Requirements for Certification Service Providers Issuing Qualified Certificates Based on the Annex II of the Directive 1999/93/EC Functions of service providers: • Registration • Creation of qualified certificates • Managing of certificate's data and it’s revocation Requirements for internal administration: • Approved and publicly promulgated certification regulations • High education and qualified specialists • Civil liability assurance • Recommended quality management systems LST ISO 9001:2001

  13. Requirements for Certification Service Providers Issuing Qualified Certificates (Follow-up) Requirements on service providing: • Purvey information about certificates any time • Record date and time of certificate's creation, suspension and revocation • Reserve information set by certificate's rules Liability of service providers: • Registration can be suspended or revoked • Damage shall be compensated according to the procedure established by laws Reference to LST ETSI TS 101 456 standard

  14. Requirements for Electronic Signature Devices Sets requirements for devices used by service providers: • Measures and components for certification service only • Sheltered from unauthorized changes • Secure technical and crypto graphical safety of executable functions • Control every action that can influence work of certificate’s operating system • Trustworthy system which is assured to EAL4 or higher • Manufacturer’s declaration or conformity certificate of accredited authority • Reference to Lithuania standards LST CWA 14167-1 and LST CWA 14167-2

  15. Requirements for Electronic Signature Creation Devices (Follow-up) Sets requirements for signature creation devices: • Secure signature creation device, ensured by password and/or biometrical data • Trustworthy crypto graphical and data formative algorithms • Manufacturer’s declaration or conformity certificate of accredited authority • Trustworthy system which is assured to EAL4 or higher • Reference to Lithuania standards LST CWA 14168 and LST CWA 14170 Based on Directive 1999/93/EC Annex 3 Sets requirements for signature verification devices: • Trustworthy verify electronic signature • Any security-relevant changes can be detected • Reference to Lithuania standards LST CWA 14171 Based on Directive 1999/93/EC Annex 4

  16. The Procedure for Registration of Certification Service Providers Issuing Qualified Certificates Objective of service providers registration – collectinformation about service providers to ensure supervision of electronic signature • Sets procedure of application submission • Terms Data and documents of service provider • Order of application examination • Ability to correct or renew data and documents • Notice in writing about possible suspension of registration • Suspension of registration, in case, notified defects are not removed • Revocation of registration, in case, notified defects are not removed in additional terms

  17. The Order of Supervision of Electronic Signature Defines relations between the Committee and certification service providers Object of supervision – certification service providers issuing qualified certificates or which purvey facilities related to qualified certificates Objectives of supervision: • Take part in implementation of national policy in electronic signature • Coordinate activities of qualified service providers • Supervise how service providers observe determined requirements • Pursue compatibility of electronic devices in national and international scale Measures of supervision: • Preparation of legal acts • Registration and accreditation of service providers • Succession of certificate’s data when service provider stops activities • Reports to parliament and government • Sets objectives and

  18. Thank You Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic of Lithuania Gedimino pr. 11 LT-2039 Vilnius Lithuania Ph.: (370 2) 663972 Fax.: (370 2) 663980 e-mail: info@ivpk.ltWEB: www.ivpk.lt

More Related