Category

Trust Electronic Services

New ETSI OIDs for signature validation services policies

By | #eIdAS, eIDAS, Electronic Signatures, OID, Qualified electronic signatures Validation, Servicios de Confianza Digital, Trust Electronic Services, Trust Service Providers | No Comments

New Draft ETSI TS 119 441 proposes new OIDs for Signature Validation Service Policy:

  • itu-t(0) identified-organization(4) etsi(0) VAL SERVICE-policies(9441) policy-identifiers(1) main (1)
  • itu-t(0) identified – organization(4) etsi(0) VAL SERVICE – policies( 9441) policy – identifiers(1) qualified (2)
That is
  • OID 0.4.0.9441.1.1 as the main policy OID for Validation Services, and
  • OID 0.4.0.9441.1.2 as the policy OID for Validation Services that identifies qualified validation services as defined in articles Articles 32 and 33 of the Regulation UE 910/2014 (EIDAS)

Article 32

Requirements for the validation of qualified electronic signatures

1.   The process for the validation of a qualified electronic signature shall confirm the validity of a qualified electronic signature provided that:

(a)

the certificate that supports the signature was, at the time of signing, a qualified certificate for electronic signature complying with Annex I;

(b)

the qualified certificate was issued by a qualified trust service provider and was valid at the time of signing;

(c)

the signature validation data corresponds to the data provided to the relying party;

(d)

the unique set of data representing the signatory in the certificate is correctly provided to the relying party;

(e)

the use of any pseudonym is clearly indicated to the relying party if a pseudonym was used at the time of signing;

(f)

the electronic signature was created by a qualified electronic signature creation device;

(g)

the integrity of the signed data has not been compromised;

(h)

the requirements provided for in Article 26 were met at the time of signing.

2.   The system used for validating the qualified electronic signature shall provide to the relying party the correct result of the validation process and shall allow the relying party to detect any security relevant issues.

3.   The Commission may, by means of implementing acts, establish reference numbers of standards for the validation of qualified electronic signatures. Compliance with the requirements laid down in paragraph 1 shall be presumed where the validation of qualified electronic signatures meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2).

Article 33

Qualified validation service for qualified electronic signatures

1.   A qualified validation service for qualified electronic signatures may only be provided by a qualified trust service provider who:

(a)

provides validation in compliance with Article 32(1); and

(b)

allows relying parties to receive the result of the validation process in an automated manner, which is reliable, efficient and bears the advanced electronic signature or advanced electronic seal of the provider of the qualified validation service.

2.   The Commission may, by means of implementing acts, establish reference numbers of standards for qualified validation service referred to in paragraph 1. Compliance with the requirements laid down in paragraph 1 shall be presumed where the validation service for a qualified electronic signature meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2).

New taxonomy of digital trust electronic services after #eIdAS

By | Trust Electronic Services | No Comments

Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trustworthy services in electronic transactions in the internal market and repealing Directive 1999/ 93 / EC (eIDAS) is fully applicable from July 1, 2016.

The information displayed on the website of the Ministry of Industry, Energy and Tourism (MINETUR) on electronic certification service providers has been adapted to the new classification and categories of services provided in the aforementioned eIDAS Regulation.

Therefore, as of July 1, 2016, MINETUR publishes a new version of the service providers database with the following structure:

Qualified trust electronic services:

  • Qualified electronic certificate issuing service for electronic signature;
  • Qualified electronic certificate issuing service for qualified electronic certificates;
  • Qualified electronic certificate issuing service for website authentication;
  • Qualified electronic time stamps issuing service;
  • Qualified certified electronic delivery service;
  • Qualified electronic signatures validation service;
  • Qualified electronic seal validation service;
  • Qualified electronic signature preservation service;
  • Qualified electronic seal preservation service.

Unqualified trust electronic services:

  • Unqualified electronic certificate issuing service for electronic signature;
  • Unqualified electronic certificate issuing service for unqualified electronic seal;
  • Unqualified electronic certificate issuing service for website authentication;
  • Unqualified electronic time stamps issuing service;
  • Unqualified certified electronic delivery service;
  • Unqualified electronic signatures validation service;
  • Unqualified electronic seal validation service;
  • Unqualified electronic signature preservation service;
  • Unqualified electronic seal preservation service.

Other services:

Section in which services related to electronic signatures that do not have the condition of trustservice according to the eIDAS Regulation are published, but they could also remain within the framework of Law 59/2003, of December 19, of electronic signature, which includes the issuing services of electronic certificates of legal person or entity without legal personality, the issuance services of component certificates, publications certification services or electronic contracting services.

In addition, it provides the possibility of obtaining categorized information on electronic certificate issuing services used as identification and signature systems of Public Administrations (Law 11/2007, dated June 22, on electronic access of citizens to Public Services , Law 39/2015, of October 1, of the Common Administrative Procedure of the Public Administrations and Law 40/2015, of October 1, of the Legal Regime of the Public Sector):

  • Issuing service of electronic certificates of Public Administrations website;
  • Issuing service of electronic certificates of Public Administrations seal;
  • Issuing service of electronic certificate for public employees.