EN 319 411-1

Remote identification component for EIDAS certificate issuance services

By #eIdAS, Auditoría, Certificados cualificados, Conformity Assessment, Electronic Trust Services, EN 319 411-1, EN 319 411-2, Remote identification, SEPBLAC, TS 119 461, Video onboardingNo Comments

Identity proofing is not an eIDAS trusted service by itself, but a component of other trusted services. A remote identity proofing service component can be used by many different trust services.

Providers of remote identification services based on video and audio transmission systems from the applicant’s equipment can be audited according to ETSI EN 319 403-1 so that this audit can subsequently be used by a qualified certificate issuing service provider without this part of the service having to be audited again.

The standard used to assess providers of remote identification services is the recently published standard ETSI TS 119 461. This standard has been developed taking into account the following aspects:

  • It is based on ETSI EN 319 401 which contains common requirements for all trust services.
  • It includes specific requirements for the verification of the identity of natural persons.
  1.  It compiles best practice requirements on how to use certain means to implement the three tasks of “collection of attributes and electronic evidence”, “verification of electronic attributes and evidence’, and ‘binding the requested action (e.g. issuing a certificate) to the identity of the applicant’.
  2. It specifies how identity proofing processes can be constructed by combining means to achieve the basic desired outcome of the identity proofing process.
  • It links to the requirements of section 6.2 of EN 319 411-1 and EN 319 411-2 by indicating ways to fulfil these requirements by remote identification.
  • Although it lays down specific requirements for providing qualified trust services, e.g. issuing of qualified certificates of natural persons, the identity verification service is not a qualified service by itself.

The security requirements of ETSI TS 119 461 cover the most common risks, which fall into two main categories:

  • Forged evidence: An applicant falsely claims an identity using forged means of evidence.
  • Impersonation: An applicant uses valid means of evidence associated with another person.

Potential operational risks and social engineering risks are also taken into account.

Digital Trust Service Providers Assessment Standards

By EN 319 411-1, EN 319 411-2No Comments

Until July 1st 2016, the assessment of Certification Services Providers according to the standards ETSI TS 101 456, ETSI TS 102 042 and ETSI TS 102 023 will continue being valid.

From that date, the new European standards EN 319 411-1 (equivalent to ETSI TS 102 042) and EN 319 411-2 (equivalent to ETSI TS 101 456) will apply for Certification Service Providers and EN 319 421 (equivalent to ETSI TS 102 023) for Time Stamping Service Providers.

Certification Service Providers and Time Stamping Service Providers are particular cases of Digital Trust Service Providers. Other Digital Trust services are: Preservation of electronic documents signed electronically, Certified Delivery (eDelivery), Cloud Signature and Server-Based Signature.

For the new services the evaluation standards have not yet been published.