Electronic voting systems assessment

By | Elecciones, Elections, Electronic Vote, Voto electrónico | No Comments


Spanish Order ICT / 140/2019, of 14 February, which regulates the conditions for the exercise of electronic voting in the electoral process for the renewal of the plenary sessions of the Official Chambers of Commerce, Industry, Services and Navigation provides guidance for the deployment of electronic voting systems that must be auditable and audited.

In its article 9 (Audit of the electronic voting system) It indicates:

1. The electronic voting system shall have an audit and verification regime totally independent that allows to examine the processes used to gather and  count the votes and recount them, in order to confirm the accuracy  From the results.

2. The external audit system should, at a minimum, allow:

  • That the independent observers can supervise the elections without disclosing the possible result or final count.
  • Detect electoral fraud.
  • Give assurance that all votes counted are authentic and maintain the anonymity of the voter at all times.

3. This audit must assist both the testing phase of the system as a whole to the voting phase, counting and dissemination.

TCAB is a pioneer compliance assessment entity in providing audit services of electronic voting platforms.

Contact TCAB to request preliminary audits of electronic voting platforms and to support in the electoral processes that make use of this type of platforms.

TCAB is an expert in certificates and electronic signature and can assess compliance with all aspects required by the regulations.

Contact by calling 91 388 0789

AMETIC Elections

By | AMETIC, Elecciones, Elections | No Comments

AMETIC celebrates its Electoral General Assembly, on November 7, 2018 in the CEOE´s Sala José María Cuevas  C/Diego de León, 50 CP. 28006 Madrid.

Trust Conformity Assessment Body presents its candidacy to represent the segment of SMEs and micro-SMEs in the AMETIC board of Directors.

Trust Conformity Assessment Body is an innovative SME security specialist that audits electronic signature systems, blockchain and security and interoperability schemes and is accredited by ENAC to evaluate qualified electronic trust service providers  in the framework of the EIDAS (Regulation UE 910/2014).

The wide knowledge of technical standards and legal environment that we possess is usually useful for our clients and we think  it can also be for the board of Directors of our association.

Being an SME, we know the challenges and difficulties of companies of this size, and we think that we can help to sensitize the management bodies of the association andother stakeholders on the importance of SMEs in the productive fabric of the country and on the Policies necessary for these companies to be able to develop and grow in a profitable way.

This is our first video as candidate:

TCAB candidacy in AMETIC elections

The sixth edition of the ENISA NCSS seminar will take place on September 18th

By | NCSS | No Comments

On September 18th, 2018, the sixth edition of the seminar “ENISA NCSS” on national cybersecurity strategies in Helsinki (Finland) will take place.

The event, which has been jointly organized by the Finnish Telecommunications Regulatory Authority (FICORA) and ENISA, will have as its central theme the development, implementation and evaluation of national cybersecurity strategies (NCSS, in its acronym in English). The creation of National, European and Sectorial Information Sharing and Analysis Centres (ISACs) will also be addressed. In addition, there will be various discussion forums  in which representatives of the public and private sectors will be able to present their ideas on national cybersecurity strategies and will share best practices for the creation of ISACs.

Audience at ENISA NCSS

The audience that will attend this seminar are, mainly, those actors involved in the development and implementation of national cybersecurity strategies and the people involved in the creation of ISACs such as sector regulators and national supervisory authorities; legislators and national authorities; private sector and universities.

Activities at ENISA NCSS

Early in the morning, the opening ceremony will be held by the General Secretary of the Finnish Security Committee, Vesa Valtonen. Next, Pentti Olin, member of the Committee of Security, will expose  the national strategy of security implemented by Finland to the assistants.

Later on, the first working session will take place, with a focus on the dissemination of the updates in the national strategies included in the NIS technical standard. Several countries, including Luxembourg, will join this session, which will be closed with a panel discussion.

In the second session, celebrated in the afternoon, the different National, European and Sectorial Information Sharing and Analysis Centres (ISACs) will be analyzed. As in the previous session, a discussion panel will take place at the end of the presentations.

If you wish to take a look at the agenda, please click here.

Practical information on ENISA NCSS

Date: September 18th, 2018

Venue: Dynamicum, Erik Palménin aukio1, Helsinki (Finland).

If you want more information about the event, click here.

 

ENISA NCSS Workshop

ETSI publishes remote server signing standards draft versions

By | ETSI, European Telecommunications Standards Institute | No Comments

ETSILast July 2nd, 2018, the European Telecommunications Standards Institute (ETSI) published a new draft version of the following digital signature creation standards, which mainly focuses on develop the new technical environment of remote server signing compliant with eIDAS: ETSI TS 119 431-1, TS 119 431-2 and ETSI 119 432.

ETSI TS 119 431-1:Electronic Signatures and Infrastructures (ESI);Policy and security requirements for trust service providers; Part 1:TSP service components operating a remote QSCD /SCDev

This standard focuses on digital signature creation devices and aims to create a digital signature value on behalf of a remote signer.

Moreover, it specifies the policy and security requirements generally applicable to trust service providers (TSPs) which implement a service component that operates a signature or seal creation device (as defined in Regulation (EU) No 910 / 2014), called remote QSCD / SCDev.

This component contains a server signature application, which is the server signature application service (SSASC) component. In addition to being the signature application of the server, it contains the service elements and the signature creation device (SCDev).

The requirements of this standard are aligned with the requirements specified in CEN EN 419 241-1.

ETSI TS 119 431-2:Electronic Signatures and Infrastructures (ESI);Policy and security requirements for trust service providers;Part 2: TSP service components supporting AdES digital signature creation

ETSI TS 119 431-2 provides the policy and security requirements for the trust service provider (TSPs) that implements a service component that supports the creation of AdES digital signatures. This component contains a signature creation application and, in summary, is called the signature creation application service component (SCASC). However, it is more than just the SCA, since it contains the elements of service thanks to which a part of the main part of the application can be implemented as defined in EN 319 102-1 [1] and TS 119 101.

This standard is based on the general policy requirements specified in ETSI EN 319 401 [9] and take into account the related requirements of ETSI TS 119 101.

ETSI TS 119 432:Electronic Signatures and Infrastructures (ESI);Protocols for remote digital signature creation

This standard specifies the applicable protocols and interfaces when carried out, by a distributed solution composed of two or more systems / services / components, the process of creation of AdES digital signatures (as defined by ETSI EN 319 102-1 and / or digital signature values), as a result of the Data Representation Signatures to be signed. This standard is limited to the remote server signature.

If you wish, you can consult the original version of the documents and send your opinions through the contact form by clicking here.

For more information about ETSI, click here.