BS EN 419241-1:2018 - Trustworthy Systems Supporting Server Signing. General System Security Requirements

BS EN 419241-1:2018

Trustworthy Systems Supporting Server Signing. General System Security Requirements

Status : Current   Published : July 2018



1.1 General This document specifies security requirements and recommendations for Trustworthy Systems Supporting Server Signing (TW4S) that generate digital signatures. The TW4S is composed at least of one Server Signing Application (SSA) and one Signature Creation Device (SCDev) or one remote Signature Creation Device. A remote SCDev is a SCDev extended with remote control provided by a Signature Activation Module (SAM) executed in a tamper protected environment. This module uses the Signature Activation Data (SAD), collected through a Signature Activation Protocol (SAP), in order to guarantee with a high level of confidence that the signing keys are used under sole control of the signer. The SSA uses a SCDev or a remote SCDev in order to generate, maintain and use the signing keys under the sole control of their authorized signer. Signing key import from CAs is out of scope. So when the SSA uses a remote SCDev, the authorized signer remotely controls the signing key with a high level of confidence. A TW4S is intended to deliver to the signer or to some other application, a digital signature created based on the data to be signed. This standard: - provides commonly recognized functional models of TW4S; - specifies overall requirements that apply across all of the services identified in the functional model; - specifies security requirements for each of the services identified in the TW4S; - specifies security requirements for sensitive system components which may be used by the TW4S. This standard is technology and protocol neutral and focuses on security requirements. 1.2 Outside of the scope The following aspects are considered outside of the scope of this document: - other trusted services that may be used alongside this service such as certificate issuance, signature validation service, time-stamping service and information preservation service; - any application or system outside of the TW4S (in particular the signature creation application including the creation of advanced signature formats); - signing key and signing certificate import from CAs; - the legal interpretation of the form of signature (e.g. electronic signature, electronic seal, qualified or otherwise). 1.3 Audience This standard specifies security requirements that are intended to be followed by: - providers of TW4S systems; - Trust Service Providers (TSP) offering a signature creation service.

Standard NumberBS EN 419241-1:2018
TitleTrustworthy Systems Supporting Server Signing. General System Security Requirements
Publication Date16 July 2018
Normative References(Required to achieve compliance to this standard)ISO/IEC 19790, ISO/IEC 15408, FIPS PUB 140-2
Informative References(Provided for Information)CEN/TS 419221-3, ETSI EN 319 411-2, ETSI/TS 119 101, ETSI EN 319-122, EN 419211, CWA 14355, ETSI EN 319 411-1, ETSI EN 319 132, EN 419251-1, CEN/TS 419261, CEN/TS 419221-2, ETSI/TS 102 853, ETSI/TS 119 312, EN 419212, ETSI/SR 001 604, EN 419221-5, ETSI EN 319 401, CEN/TS 419221-4, ETSI EN 319 142
ReplacesPD CEN/TS 419241:2014
International RelationshipsEN 419241-1:2018
Draft Superseded By17/30348282 DC
DescriptorsCertification (approval), Information exchange, Electronic signatures, Data storage protection, Computer terminals, Algorithms, Data security, Cryptography, Data processing
Title in FrenchSystèmes fiables de serveur de signature électronique Exigences de sécurité générales du système
Title in GermanVertrauenswürdige Systeme, die Serversignaturen unterstützen Allgemeine Systemsicherheitsanforderungen
ISBN978 0 580 95733 8
File Size1.193 MB

 Your basket
Your basket is empty

Multi-user access to over 3,500 medical device standards, regulations, expert commentaries and other documents


Access, view and download standards with multiple user access, across multiple sites with BSOL

Worldwide Standards
We can source any standard from anywhere in the world

Develop a PAS

Develop a fast-track standardization document in 9-12 months