Page 17 - Annual-Report-201704
P. 17
We made good progress with the specification of a Electronic Signatures
technical solution to meet the requirements identified In 2016 our Electronic Signatures and Infrastructures
for an eUICC, completing the first version of a TS on the committee (TC ESI) completed its work in response to the EC
physical, logical and electrical characteristics of the eUICC. mandate on Electronic Signature Standardisation, M/460,
To achieve interoperability between eUICCs issued by publishing all the outstanding specifications required.
different providers, we approved a profile specification of M/460 aimed to achieve mutual recognition and the cross-
the eUICC which specifies the format to be used for the border interoperability of electronic signatures throughout
Profile Package that is loaded into an eUICC. This means that Europe by providing a Rationalised Framework for electronic
the same structure is used on all eUICCs for data, including signature standardisation.
subscriptions, ensuring the interoperable management of
such data. Our European Standards (ENs) include a series of six new
standards and four revised ENs on security and policy
We upgraded several existing test specifications to cover requirements which will be used by conformity assessment
new releases of the respective core specifications and bodies to audit Trust Service Providers (TSPs) and assess
reviewed a large number of existing test descriptions to take their conformity with relevant requirements of the ‘eIDAS
into account experience gained in the field. This included Regulation’ on electronic identification and trust services
updating of the test specifications for the support of the UICC for electronic transactions in the internal market. These
as a mobile contactless SE. standards also form an audit scheme recognised by the
CA/Browser Forum for certification authorities issuing
To increase interoperability and avoid proprietary certificates for website authentication.
implementations, there is a need to standardise the
interaction between the Near Field Communication (NFC) The majority of the standards, however, relate to the creation
controller, the UICC and other (secure) elements, particularly and validation of digital signatures to support various types
the routing of data to a specific application (in any one of the of electronic signatures and seals. The well-known signature
secure elements) without user interaction being required formats, CAdES, XAdES, PAdES, and the signature container
at the time of the contactless transaction. The technical format, ASiC, have now become ENs.
realisation of the requirements for the support of multiple
contactless Host Controller Interface hosts was carried out in We updated our TR which describes the general structure
close co-operation with GlobalPlatform and the NFC Forum for the standardisation of digital signatures and outlines
to achieve a harmonised approach. We completed our part existing and potential standards for such signatures, and we
of the work in 2016, ensuring that legacy UICC applications provided guidance documents and test specifications for
still work in a device implementing Host Card Emulation. interoperability and conformance testing.
The findings of the three organisations were expected to be
published as a joint white paper early in 2017. Other work in 2016 addressed cryptographic suites, long
term preservation, and a signature validation policy for
We continued to maintain the application identity register European qualified electronic signatures/seals using trusted
for smart card applications on behalf of various other lists.
organisations.
15
