Center Vlade RS za informatiko

  • View
    40

  • Download
    0

Embed Size (px)

DESCRIPTION

SI*CA IN STANDARDI S PODROČJA OVERJANJA POTRDIL. Center Vlade RS za informatiko. Mag. Davorka Šel. Pravna podlaga pri delovanju Overitelja. Zakon o elektronskem poslovanju in elektronskem podpisu – ZEPEP Uredba o pogojih za elektronsko poslovanje in elektronsko podpisovanje - PowerPoint PPT Presentation

Text of Center Vlade RS za informatiko

SI*CASI*CA IN
Mag. Davorka Šel
 
Outline: The development of computer communication technology along with widespread use of such systems opens new possibilities and a whole new realm of visions in using these technologies for communication and e-commerce. As a result of all these possibilities, their widespread use and accessibility very often provoke fear and distrust regarding security and privacy issues. Secure e-commerce is nowadays a necessity. SIGOV-CA is Slovenian Governmental Certification Authority, which issues qualified digital certificates for which the highest level of security and the so-called principles of strong encryption are applied. In order to enhance security, SIGOV-CA recommends storage of user digital certificates on smart cards. Even more, the storage of enterprise certificates on smart cards is required for all employees in public administration, which is enforced by means of certificate policy.
SI*CA
Zakon o elektronskem poslovanju in elektronskem podpisu – ZEPEP
Uredba o pogojih za elektronsko poslovanje in elektronsko podpisovanje
Zakon o varstvu osebnih podatkov - ZVOP
Zakon o tajnih podatkih - ZTP
Politika delovanje overitelja (javni del in zaupni del notranjih pravil overitelja)
SI*CA
V EU
Tehnini standardi so potrebni za potrjevanje tehninih produktov in za nadzor in potrjevanje e-storitev.
Evropska komisija je pooblastila naslednje standardizacijke institucije:
CENELEC – EU Committee for Electrotechnical Standardization ( www.cenelec.org )
ETSI – EU Telecommunication Standards Institute ( www.etsi.org )
CEN - EU Committee for Standardization ( www.cenorm.be )
SI*CA
CWA14172-2 EESSI Conformity Assessment Guidance – Part: 2: Certification Authority services and processes,
CWA14172-3 EESSI Conformity Assessment Guidance – Part: 3: Trustworthy systems managing certificates for electronic signatures,
CWA14172-4 EESSI Conformity Assessment Guidance – Part: 4: Signature Creation Application and Procedures for Electronic Signature Verification,
CWA14172-5 EESSI Conformity Assessment Guidance – Part: 5: Secure signature creation devices,
CWA14171 Procedures for Electronic Signature Verification,
CWA 14170 Security Requirements for Signature Creation Systems,
CWA 14169 Secure Signature-Creation Dvices, version 'EAL 4+',
CWA 14168 Secure Signature-Creation Devices, version 'EAL 4',
CWA 14167-1 Security Requirements for Trustworthy Systems Managing Certificates for Electronic Signatures – Part1: System Security Requirements,
CWA 14167-2 Security Requirements for Trustworthy Systems Managing Certificates for Electronic Signatures – Part 2 Cryptographic Module for CSP Signing Operation – Protection Profile (MCSO-PP).
SI*CA
Qualified Certificate Profile - TS 101 862 v 1.2.1 (junij 2001),
Policy requirements for certification authorities issuing public key certificates - TS 102 042 (april 2002),
International Harmonization of Policy Requirements for CAs issuing Certificates - TR 102040 (marec 2002).
ETSI priporoila glede storitve asovnega iga:
Policy requirements for time-stamping authorities - TS 102 023 (april 2002),
Time stamping profile - TS 101 861 v1.2.1 (marec 2002).
ETSI priporoila glede digitalnega podpisa:
Signature Policies Report - TR 102 041 (februar 2002),
XML Advanced Electronic Signatures (XAdES) - TS 101 903 (februar 2002),
Electronic Signatures and Infrastructures (ESI); Electronic Signature Formats - TS 101 733 v 1.4.0 (september 2002),
XML format for signature policies - TR 102 038 (april 2002).
SI*CA
Format in sintaksa podpisa
CRP
RDZ
EMŠO
Naslov
bivališa
EMŠO
D.št.
MŠO

2 – potrdila SIGEN-CA
3457523 –imetnik, firma
20 – tip potrdila
01 – zaporedna številka
7 – kontrolna številka
5 let overjanje
asovni ig
dig. podpisa
statusu preklicanih potrdil
3 – Razvoj in integracija e-storitev
2 – Postavitev javno