ETSI SR 019 020

The present document provides a framework for further standardization for the creation and validation of AdES digital signatures, such as specified in ETSI EN 319 122 [i.2], ETSI EN 319 132 [i.3], ETSI EN 319 142 [i.4] or ETSI EN 319 162 [i.6], in mobile and distributed environments assisted by remote servers. The present document takes into account that the capabilities of personal devices will continue to evolve and is likely to increasingly overlap with the capabilities of other computing devices. The present document identifies the recommended scope of such standards and any suggested provision thought appropriate to these standards.

The standards framework in the present document is based on an analysis of scenarios commonly known to be in use or of potential interest. A classification scheme based on that used in ETSI TR 119 000 [i.1] is used to classify the standardization requirements based on the analysis of common scenarios.

The present document does not address standardization for mobile environments where the whole signature creation and/or validation process is carried out within the personal device. Whilst considered important to the market, this generally does not involve external interfaces which require further standardization beyond that already supported using existing standards within ETSI TR 119 000 [i.1].

The present document does not directly address specific requirements for mobile access to other supporting trust services such as time-stamping, revocation status or directory services as it is considered that these would either be addressed by signature creation or validation services, or that a personal device has the capabilities to address these services directly by use of existing standards within ETSI TR 119 000 [i.1].

The present document particularly considers standardization requirements for scenarios involving assistance of remote services supporting:

a) Local signing use cases where the signing key is held with the signer's personal device.
b) Server signing use cases where the signing key is held in a shared server.
c) Validation of signatures where the digital signature is verified supported by a remote server.

The present document does not include an analysis of the security risks nor identification of specific security requirements for AdES digital signatures in mobile and distributed environments; security requirements are addressed in CEN TS 419 241 [i.15]. It rather addresses the requirements for standards supporting the distribution of the functionality related to creation and validation of AdES digital signature between distributed system elements.

The present document is limited to AdES digital signatures supported by PKI and public key certificates, including use of secure signing devices such as qualified electronic signature (and seal) creation devices as defined in Regulation (EU) No 910/2014 [i.5], and aims to meet the general requirements of the international community to provide trust and confidence in electronic transactions, including, amongst other, applicable requirements from Regulation (EU) No 910/2014 [i.5].Whilst scenarios may be applicable to electronic seals, the present document concentrates on the use of services in support of digital signatures for natural persons or natural persons associated with legal persons.

The present document takes into account existing standards and publicly available specifications in the current framework for digital signature standardization ETSI TR 119 000 [i.1].