Back

EVS-EN 419241-1:2018

Trustworthy Systems Supporting Server Signing - Part 1: General System Security Requirements

General information

Valid from 16.07.2018
Base Documents
EN 419241-1:2018
ICS Groups
35.030 IT Security
Directives or regulations
None

Standard history

Status
Date
Type
Name
16.07.2018
Main
EVS-EN 419241-1:2018
06.05.2014
Main
CEN/TS 419241:2014
1.1  General
This document specifies security requirements and recommendations for Trustworthy Systems Supporting Server Signing (TW4S) that generate digital signatures.
The TW4S is composed at least of one Server Signing Application (SSA) and one Signature Creation Device (SCDev) or one remote Signature Creation Device.
A remote SCDev is a SCDev extended with remote control provided by a Signature Activation Module (SAM) executed in a tamper protected environment. This module uses the Signature Activation Data (SAD), collected through a Signature Activation Protocol (SAP), in order to guarantee with a high level of confidence that the signing keys are used under sole control of the signer.
The SSA uses a SCDev or a remote SCDev in order to generate, maintain and use the signing keys under the sole control of their authorized signer. Signing key import from CAs is out of scope.
So when the SSA uses a remote SCDev, the authorized signer remotely controls the signing key with a high level of confidence.
A TW4S is intended to deliver to the signer or to some other application, a digital signature created based on the data to be signed.
This standard:
-  provides commonly recognized functional models of TW4S;
-  specifies overall requirements that apply across all of the services identified in the functional model;
-  specifies security requirements for each of the services identified in the TW4S;
-  specifies security requirements for sensitive system components which may be used by the TW4S.
This standard is technology and protocol neutral and focuses on security requirements.
1.2  Outside of the scope
The following aspects are considered outside of the scope of this document:
-  other trusted services that may be used alongside this service such as certificate issuance, signature validation service, time-stamping service and information preservation service;
-  any application or system outside of the TW4S (in particular the signature creation application including the creation of advanced signature formats);
-  signing key and signing certificate import from CAs;
-  the legal interpretation of the form of signature (e.g. electronic signature, electronic seal, qualified or otherwise).
1.3  Audience
This standard specifies security requirements that are intended to be followed by:
-  providers of TW4S systems;
-  Trust Service Providers (TSP) offering a signature creation service.

Required fields are indicated with *

*
*
*
PDF
26.84 € incl tax
Paper
26.84 € incl tax
Browse standard from 2.44 € incl tax
Standard monitoring
English (PDF 364 KB)

Related products

Main

EVS-EN ISO/IEC 27001:2017

Information technology - Security techniques - Information security management systems - Requirements (ISO/IEC 27001:2013 including Cor 1:2014 and Cor 2:2015)
Withdrawn from 15.08.2023
Main

EVS-EN ISO/IEC 27001:2023

Information security, cybersecurity and privacy protection - Information security management systems - Requirements (ISO/IEC 27001:2022)
Newest version Valid from 15.08.2023
Main

EVS-EN ISO/IEC 27002:2022

Information security, cybersecurity and privacy protection - Information security controls (ISO/IEC 27002:2022)
Newest version Valid from 01.12.2022
Main

EVS-EN ISO/IEC 27002:2017

Information technology - Security techniques - Code of practice for information security controls (ISO/IEC 27002:2013 including Cor 1:2014 and Cor 2:2015)
Withdrawn from 01.12.2022

Customers who bought this item also bought

Main

EVS-EN 419241-2:2019

Trustworthy Systems Supporting Server Signing - Part 2: Protection profile for QSCD for Server Signing
Newest version Valid from 15.03.2019
Main

EVS-EN 419211-3:2013

Protection profiles for secure signature creation device - Part 3: Device with key import
Newest version Valid from 09.12.2013
Main

EVS-EN 419211-4:2013

Protection profiles for secure signature creation device - Part 4: Extension for device with key generation and trusted channel to certificate generation application
Newest version Valid from 06.01.2014
Main

EVS-EN 419211-5:2013

Protection profiles for secure signature creation device - Part 5: Extension for device with key generation and trusted channel to signature creation application
Newest version Valid from 06.01.2014

Standards designation

EVS Estonian standard
EN European standard (published by an CEN or CENELEC)
EN ISO International standard adopted as an European standard
ISO International Organization for Standardization’s standard
IEC International Electrotechnical Commission’s standard
HD CENELEC’s harmonisation document
   
EVS-EN European standard implemented in Estonia
EVS-EN ISO International standard adopted in Europe and implemented in Estonia
EVS-EN ISO/IEC International standard/International electrotechnical standard adopted in Europe and implemented in Estonia
EVS-IEC International electrotechnical standard implemented in Estonia
EVS-ISO International standard implemented in Estonia
   
A, AMD amedment
+A a full standard plus the amendment
/A only amendment
COR, AC corrigendum
+COR a full standard plus the corrigendum
NA national annex
+NA a full standard plus the national annex
/NA only national annex
TS technical specification
TR technical report
CWA agreement, developed by a CEN or CENELEC
prEVS-EN (etc) draft standard
   
et the standard is in Estonian only
en the standard is in English only
et-en the standard is in Parallel text Estonian-English