Abstract
This document establishes security requirements for TWSs and technical components that can be used by a
CSP in order to issue QCs and NQCs in accordance with [Dir.1999/93/EC].
Although [Dir.1999/93/EC] has a very general approach and speaks of electronic signatures of any kind, the
underlying assumption in this document is that electronic signatures are created by means of public key
cryptography, that the subject uses a cryptographic key pair consisting of a private and public component,
and that a certificate produced by a system considered in this document essentially binds the public key of
the subject to the identity and possibly other information of the subject by means of an electronic signature
which is created with the private key (certificate signing key) of the issuing CSP. Other forms of electronic
signatures are outside the scope of this document.
With reference to electronic signatures, [Dir.1999/93/EC] provides two levels of signature, one a standard
Electronic Signature and the other an Advanced Electronic Signature. Within this CWA, these are used in
conjunction with NQCs and QCs respectively. This CWA provides security requirements for both these levels
where the security requirements for TWSs issuing QCs are higher than for those just issuing NQCs.
Security requirements for TWSs also include a minimum set of requirements to be fulfilled by the signature
algorithms and their parameters allowed for use by CSPs. These requirements are provided in [ALGO].
Security requirements for the optional Subject Device Provision Service, which provides SCDev/SSCD
provision to Subjects are included within the scope of this CWA. However, requirements for the actual
SSCD devices themselves, as used by Subjects of the CSP, are outside the scope of this document. Security
requirements for SSCDs are provided in the separate document Secure Signature Creation Devices
Basket
