Firvox, first voice based certified electronic signature

September 25, 2016 | Biometric signature, EIDAS, Voice based signature  |  Comments Off on Firvox, first voice based certified electronic signature

EADTrust has made public that Firvox Platform by Biometric Vox is the first fully compliant voice based electronic signature.

Firvox platform has been under escrutiny by EADTrust in application of specific assessment methodolgy for voice based advanced electronic signatures.

The platform follows closelly the regulatory framework of Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC

According to art. 26:

An advanced electronic signature shall meet the following requirements:

(a) it is uniquely linked to the signatory;
(b) it is capable of identifying the signatory;
(c) it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and
(d) it is linked to the data signed therewith in such a way that any subsequent change in the data is detectable.

 

EU Trusted Lists of Certification Service Providers (TSL) – TS 119 612

July 20, 2015 | Electronic signature, European regulation, Trust Services, TSL  |  Comments Off on EU Trusted Lists of Certification Service Providers (TSL) – TS 119 612

On 16 October 2009 the European Commission adopted a Decision setting out measures facilitating the use of procedures by electronic means through the ‘points of single contact’ under the Services Directive. One of the measures adopted by the Decision consisted in the obligation for Member States to establish and publish by 28. 12.2009 their Trusted List of supervised/accredited certification service providers issuing qualified certificates to the public. The objective of this obligation is to enhance cross-border use of electronic signatures by increasing trust in electronic signatures originating from other Member States. The Decision was updated several times since 16.10.2009, the last amendment was made on 28.7.2010. The consolidated version is available here for information.

The EU Trusted Lists benefits above all to the verification of advanced e-signatures supported by qualified certificates in the meaning of the e-signature directive (1999/93/EC) as far as they have to include at least certification service providers issuing qualified certificates. Member States can however include in their Trusted Lists also other certification service providers.

In order to validate advanced e-signatures supported by qualified certificates, a receiving party would first need to check their trustworthiness. This means that the receiving party has to be able to verify whether the signature is an advanced electronic signature supported by a qualified certificate issued by a supervised certification service provider as required by Article 3.3 of the e-signatures directive. The receiving party may also need to verify whether the signature is supported by a secure signature creation device.

Although the information necessary to verify these signatures should in principle be retrievable from the signature itself and from the content of the qualified certificate supporting it, this process can be rather difficult due to the differences in the use of existing standards and practices. The publicly available Trusted Lists makes it much easier for signature recipients to verify the e-signatures by complementing the data that can be retrieved from the e-signature and the qualified certificate and by providing also information on the supervised/ accredited status of Member States’ certification service providers and their services.

Member States had to establish and publish their Trusted List by 28.12.2009 at least in a “human readable” form but were free to produce also a “machine processable” form which allowed for automated information retrieval. The Trusted Lists had to be made available by all Member States, including those who have no certification service providers issuing qualified certificates; the fact that a national Trusted List is empty will then indicate the absence of certification service providers issuing qualified certificates.

In order to allow access to the trusted lists of all Member States in an easy manner, the European Commission has published a central list with links to national “trusted lists”. This central list has been created by the Directorate General for Informatics under the IDABC-programme in close collaboration with Directorates-General Internal Market and Services and Information Society and Media.

In accordance with the ETSI TS 102 231 standard (to be superseded by TS 119 612), the compiled list (the European Commission list of the locations where the Trusted Lists are published as notified by Member States) is available on a secure web-site in two formats:

Please see the important note on the central list policy and the related legal notice. The above lists relate to article 1 paragraph 4 of Commission Decision 2010/425/EU of 28 July 2010 amending Decision 2009/767/EC when the amendment entered into force on 1.12.2010.

The authenticity and integrity of the machine processable version of the compiled list is ensured through an electronic signature supported by a digital certificate. The certificate can be authenticated through one of the digests published on page 8 of the Official Journal of the European Union C 374 of 22.12.2011.

The authenticity and integrity of the human readable version of the compiled list is ensured through an TLS/SSL secured conection supported by a digital certificate. The certificate was published on page 15 of the Official Journal of the European Union C 57 of 09.03.2010.

The authenticity and integrity of the compiled list should be verified by relying parties prior to any use.

 

eIdAS – European Council adopts electronic identification and trust services regulation

July 24, 2014 | Electronic signature, European regulation, Firma electronica, Trust Services, Trusted Third Parties  |  Comments Off on eIdAS – European Council adopts electronic identification and trust services regulation

The Council of the European Union adopted yesterday (23 july 2014) a regulation which lays down conditions for mutual recognition of electronic identification; sets rules for trust services, in particular for electronic transactions; and creates a legal framework for electronic signatures, seals and time stamps, electronic documents as well as electronic registered delivery services and certificate services for website authentication (PE-CONS 60/14; statement: 11733/14 ADD 1).

The adoption came through the General Affairs Council which  meets once a month. Meetings bring together the Foreign Ministers of the Member States. Ministers responsible for European Affairs also participate depending on the items on agenda.

The  final adoption of the above mentioned legislative act by the Council follows an agreement reached at first reading with the European Parliament on april 2014. The regulation will enter into force 20 days after its publication in the EU Official Journal, which is expected to take place within the next few days.

Easier and more secure cross-border transactions

The new regulation provides a common foundation for secure electronic interaction between businesses, citizens and public authorities.

It seeks to increase the effectiveness of public and private online services, electronic business and electronic commerce in the EU and to enhance trust in electronic transactions in the internal market. Mutual recognition of electronic identification and authentication is vital, for instance in making cross-border healthcare for European citizens a reality.

System for mutual recognition of electronic identification

The new rules require member states to recognise, under certain conditions, means of electronic identification of natural and legal persons falling under another member state’s electronic identification scheme which has been notified to the Commission. It is up to the member states to choose whether they want to notify all, some or none of the electronic identification schemes used at national level to access at least public online services or specific services.

These rules only cover cross-border aspects of electronic identification, and issuing means of electronic identification remains a national prerogative.

Timeline for mutual recognition

Those member states which so wish may join the scheme for recognising each others’ notified e-identification means as soon as the necessary implementing acts are in place. This is expected to take place in the second half of 2015. The mandatory mutual recognition is expected to kick off in the second half of 2018.

From e-signature to trust services

Until now, there were EU provisions only on electronic signatures, laid down in the 1999 e-Signature Directive which is repealed with effect from July 2016.

In addition to enhancing and expanding these provisions (overcoming some of the limitations of different Directive transposition to states legislation), the new regulation also introduces, for the first time, EU-wide rules concerning trust services, such as the creation and verification of electronic time stamps and electronic registered delivery services, or the creation and validation of certificates for website authentication. Trust services which comply with the regulation can circulate freely within the single market. In addition, an EU trust mark will be created to identify trust services which meet certain strict requirements. The use of the trust mark will be voluntary.

Aproved text: REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC

European Agency of Digital Trust

 

eIDAS ammendments consolidated text voted in European Parliament

April 14, 2014 | Electronic signature, European regulation  |  Comments Off on eIDAS ammendments consolidated text voted in European Parliament

Now has become available the consolidated text with all ammendment proposal of the REGULATION (EU) No …/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on electronic identification and trust services for electronic transactions in the internal market

This proposal was voted on April. the 3rd, and passed with 534  votes in fovour, 73 votos against and 7 abstentions.

 

eIDAS – Electronic Identification and Signature (Electronic Trust Services) final draft

March 1, 2014 | Electronic signature  |  Comments Off on eIDAS – Electronic Identification and Signature (Electronic Trust Services) final draft

Vice-President Neelie Kroes and Commissioner Michel Barnier welcomed last friday (February, the 28th) Member States’ endorsement of a “Draft regulation on electronic identification and trust services for electronic transactions” in the internal market.

The Regulation will enable, for example, students to enrol at a foreign university online; citizens to fill on-line tax returns in another EU country; and businesses to participate electronically in public calls for tenders across the EU, to mention just a few of multiple new digital trust related services.

Neelie Kroes said:

“The adoption of this Regulation on e-ID is a fundamental step towards the completion of the Digital Single Market. This agreement boost trust and convenience in cross-border and cross-sector electronic transactions. I would like to thank the European Parliament, especially ITRE’s rapporteur, Marita Ulvskog and IMCO’s rapporteur, Marielle Gallo, the shadow rapporteurs, as well as the Greek, Lithuanian, Irish and Cypriot Presidencies for all their work on this file.”

Last friday (February, the 28th), EU ambassadors endorsed the political agreement reached between representatives of the European Parliament, Commission and Council on Tuesday 25 February on the final elements of this significant single market proposal.

A predictable regulatory environment for eID and electronic trust services is key to promote innovation and stimulate competition. On the one hand, it will ensure that people and businesses can use and leverage across borders their national eIDs to access at least public services in other EU countries fully respecting privacy and data protection rules. On the other hand, it will remove the barriers to seamless electronic trust services across borders by ensuring that they enjoy the same legal value as in paper-based processes.

Michel Barnier, Commissioner for Internal Market and Services added:

“I welcome this agreement which is key to completing our work on the Single Market Act. It is an important step for the development of e-commerce, e-invoicing and e-procurement. The new rules will allow all actors in the single market – citizens, consumers, businesses and administrative authorities – to develop their “on-line” activities.”

Background regarding draft Regulation on electronic identification and trust services for electronic transactions

On 4 June 2012, the European Commission proposed a draft Regulation on electronic identification and trust services for electronic transactions in the internal market (see IP/12/558 and MEMO/12/403)

The Regulation is due to be formally endorsed by the European Parliament in the April 2014 plenary session and by the Council of Ministers in June. It will come into force on 1st July 2014 and will be directly applicable cross the EU from that date. The economic effect will be immediate, overcoming problems of fragmented national legal regimes and cutting red tape and unnecessary costs.

Foster the interoperability of eID usage and trust services. The existing EU legislation on eSignatures has been strengthened and extended to cover the full set of electronic identification and trust services and make it more fit for the digital single market. This will have a huge impact on the legal validity and interoperability of national and cross-border electronic transactions.

The so named eIDAS Regulation provides for principles, like:

  • Transparency and accountability: well-defined minimal obligations for Trust Services Providers (TSPs) and liability;
  • Trustworthiness of the services together with security requirements for TSPs
  • Technological neutrality: avoiding requirements which could only be met by a specific technology;
  • Market rules and building on standardisation

And defines especific digital trust related services such as:

  • Electronic identification,
  • Electronic signatures for natural persons
  • Electronic seals for legal persons
  • Time stamping,
  • Electronic delivery services,
  • Electronic documents admissibility,
  • Website authentication

After eIDAS entering into force,  a EU Member State:

  • May ‘notify’ the ‘national’ electronic identification scheme(s) used at home for access to its public services
  • Must recognise ‘notified’ eIDs of other Member States for cross-border access to its online services when its national laws mandate e-identification
  • Must provide a free online authentication facility for its ‘notified’ eID(s)
  • Is liable for unambiguous identification of persons and for authentication.

Redenomination of electronic signature standards

January 20, 2014 | Electronic signature, Standards  |  Comments Off on Redenomination of electronic signature standards

Mandate M/460 is a European Commission initiative, backed by the member states, to deliver a rationalized collection os standards devoted to trustworthy trust related services designed to foster  the deployment of European Digital Single Market. Electronic signatures, electronic  identification, registered electronic mail and other services  should help securing e-business transactions and e-services in Europe.

The aim of the Mandate is to create the conditions for achieving the interoperability of eSignature  and other trust related services at a European level, by defining and providing a rationalised European eSignature standardisation framework.

 

The list of available drafts is detailed below. All drafts are available on the ETSI website

Rationalized Framework

  • SR 019 020 Rationalised Framework of Standards for Advanced Electronic Signatures in Mobile Environment

Signature Creation and validation

  • EN 319 102: Procedures for Signature Creation and Validation
  • EN 319 122 CMS Advanced Electronic Signatures (CAdES)
  • EN 319 132 XML Advanced Electronic Signatures (XAdES)
  • EN 319 142 PDF Advanced Electronic Signature Profiles (PAdES)
    • Part 1: PAdES Overview – a framework document for PAdES
    • Part 2: PAdES Basic – Profile based on ISO 32000-1
    • Part 3: PAdES Enhanced – PAdES-BES and PAdES-EPES Profiles
    • Part 4: PAdES Long Term – PAdES-LTV Profile
    • Part 5: PAdES for XML Content – Profiles for XAdES signatures
    • Part 6: Visual Representations of Electronic Signatures
    • Part 7: PAdES Baseline Profile
  • EN 319 162 Associated Signature Containers (ASiC)

Trust Service Providers Supporting Electronic Signatures

  • EN 319 411 Policy and security requirements for Trust Service Providers issuing certificates
    • Part 1: Policy requirements for Certification Authorities issuing web site certificates
    • Part 2: Policy requirements for certification authorities issuing qualified certificates
    • Part 3: Policy requirements for Certification Authorities issuing public key certificates
    • Part 4: Policy requirements for certification authorities issuing Attribute Certificates
    • EN 319 421 Policy and Security Requirements for Trust Service Providers providing Time-Stamping Services
    • Access ETSI public document repository

 

Firma electrónica certificada

October 30, 2013 | Electronic signature, Firma electronica  |  Comments Off on Firma electrónica certificada

Los sistemas de gestión de firmas electrónicas se basan en un enjambre de normas técnicas y jurídicas que hacen difícil saber si se han adoptado adecuadamente.

Las múltiples opciones en la gestión de las firmas electrónicas permiten mucha flexibilidad a la hora de diseñar los sistemas, pero un error de implementación puede arruinar un buen diseño inicial.

Por eso, la posibilidad de auditar y certificar las soluciones de firma electrónica es una garantía para los implementadores de sistemas que gestionan firmas electrónicas y también para los usuarios de esos sistemas.

EADTrust es la entidad especialista que audita sistemas de firma electrónica y otorga certificados de adopción de las mejores prácticas: Firma certificada. Puede contactar llamando al +34 91 716 0555.

Electronic signature mess

October 3, 2013 | Electronic signature, Standards  |  Comments Off on Electronic signature mess

Electronic signature is a strong way to link the identity of the signer to the content of a document, frequently as an electronic evidence of an informed consent, which is key in civil law for the validity of contracts and other signed documents. Electronic documents can this way substitute paper documents for citizen-government relationships and other private transactions.

Nevertheless, electronic signature legislation and related technical standards form  a complex echosystem that seems to be designed by specialist experts for specialist experts. The next drawing depicts the structure of several norms, rules, laws, directives and standards, related to electronic signature, to show the complexity of the environmet. And more standards are on the way.