[1] Third-Party Certifications, Standards & Compliance
|
Reference |
Description |
||
| 1999/93/EC [2] | EU Electronic Signatures Directive for Qualified Electronic Signatures and National Certification Service Providers issuing Qualified Certificates to the public. | ||
| 2003/59/EC | Revision of the community legislation on the access to the road transport market and on the admission to the occupation of road transport operator. | ||
| AES | Advanced Encryption Standard | ||
| CA/PKI | Certificate Authority/Public Key infrastructure | ||
| PKIX | X.509 based Public Key Infrastructure | ||
| DER | Distinguished Encoding Rules | ||
| PEM | Privacy Enhanced Mail | ||
| DES | Data Encryption Standard | ||
| DSA | Digital Signature Algorithm | ||
| LDAP | Lightweight Directory Access Protocol Version 3 | ||
| MD5 | Message-Digest algorithm version 5 | ||
| SHA-1 | Secure Hash Algorithm 1 | ||
| SHA-2 | Secure Hash Algorithm 2 | ||
| MIME | Multi-purpose Internet Mail Extensions | ||
| S/MIME | Secure Multi-purpose Internet Mail Extensions | ||
| SSL | Secure Socket Layer | ||
| TLS | Transport Layer Security | ||
| UTF-8 | 8-bit Unicode Transformation Format | ||
| X.509 v3 | Attribute Certificate Frameworks Version 3 | ||
| RSA | Algorithm for public-key cryptography | ||
| Triple DES | Data Encryption Standard Block Cipher | ||
| CWA 14167 | Trustworthy CA Systems Management | ||
| CWA 14169 | Secure signature-creation devices EAL4+ [See HSM compliance below] | ||
| CWA 14172 | Compliance to CEN Directives for CA ownership & Operation | ||
| CWA 14355 | Secure Signature-Creation Devices | ||
| CWA 14365 | Use of Electronic Signatures: Legal & Technical Aspects | ||
| CWA 14890 | Application Interface for smart cards used as Secure Signature Creation Devices | ||
| CWA 15579 | E-invoices and digital signatures | ||
| CWA 15580 | Storage of Electronic Invoices | ||
| CWA 15581 | Guidelines for eInvoicing Service Providers | ||
| CWA 15582 | eInvoice Reference Model for EU VAT purposes specification | ||
| ETSI SR 002 176 | Electronic Signatures and Infrastructures [ESI] Algorithms and Parameters for Secure Electronic Signatures | ||
| ETSI TS 101 456 | Policy requirements for Certification Authorities issuing Qualified Certificates | ||
| ETSI TS 101 861 | Time Stamping profile | ||
| ETSI TS 101 862 | Qualified Certificate [2] profile | ||
| ETSI TS 102 023 | Electronic Signatures and Infrastructures [ESI] Policy requirements for Time Stamping Authorities | ||
| ETSI TS 102 040 | Electronic Signatures and Infrastructures [ESI] International Harmonization of Policy Requirements for CAs issuing Certificates | ||
| ETSI TS 102 042 | Policy requirements for Certification Authorities issuing Public Key Certificates | ||
| ETSI TS 102 280 | X.509 V.3 Certificate Profile for Certificates Issued to Natural Persons | ||
| FIPS PUB 46-3 | Data Encryption Standard [DES] | ||
| FIPS PUB 140-2 | Security Requirements For Cryptographic Modules | ||
| FIPS PUB 180-2 | Secure Hash Standard | ||
| FIPS PUB 186-3 | Digital Signature Standard [DSA] | ||
| FIPS PUB 197 | Advanced Encryption Standard [AES] | ||
| IETF RFC 373 | Arbitrary Character Sets | ||
| IETF RFC 1231 | MD5 Hashing Algorithm | ||
| IETF RFC 1422 | Only relating to general certificate, key management and Certificate Revokation List [CRL] | ||
| IETF RFC 2315 | See PKCS#7 below | ||
| IETF RFC 2459 | Internet X.509 Public Key Infrastructure Certificate and CRL Profile | ||
| IETF RFC 2527 | Guidelines for Certification Practice Statements [CPS] & Certificate Policies [CP] | ||
| IETF RFC 2560 | X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP | ||
| IETF RFC 2587 | Internet X.509 Public Key Infrastructure LDAPv2 Schema | ||
| IETF RFC 2818 | HTTP Over TLS | ||
| IETF RFC 2898 | See PKCS#5 below | ||
| IETF RFC 2986 | See PKCS#10 below | ||
| IETF RFC 3039 | Internet X.509 Public Key Infrastructure Qualified Certificates Profile | ||
| IETF RFC 3161 | Internet X.509 Public Key Infrastructure Time-Stamp Protocol [TSP] | ||
| IETF RFC 3279 | Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile | ||
| IETF RFC 3280 | Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List [CRL] Profile | ||
| IETF RFC 3628 | Internet X.509 Public Key Infrastructure Qualified Certificates Profile | ||
| IETF RFC 3629 | UTF-8, a transformation format of ISO 10646 | ||
| IETF RFC 3647 | Internet X.509 Public Key Infrastructure Certificate Policy [CP] and Certification Practice Statement [CPS] Framework | ||
| IETF RFC 3739 | X.509 Public Key Infrastructure [PKI] Qualified Certificates [2] profile | ||
| IETF RFC 4514 | [Lightweight Directory Access Protocol [LDAP] String Representation of Distinguished Names | ||
| ISO/IEC 7816-15 | See PKCS#15 below | ||
| ISO 15408 | Information technology — Security techniques Evaluation criteria for IT security | ||
| APGridPMA | International Grid Trust Federation [IGTF [2]] Classic X.509 CAs for Asia Pacific Grid Policy Management Authority | ||
| EUGridPMA | International Grid Trust Federation [IGTF [2]] Classic X.509 CAs for European Union Grid Policy Management Authority | ||
| TAGPMA | International Grid Trust Federation [IGTF [2]] Classic X.509 CAs for The Americas Grid Policy Management Authority | ||
| ISO 27001 | Methodology [3], Knowledge Transfer & Service | ||
| ITU X.509 | The Directory: Public-key and attribute certificate frameworks | ||
| ITU-T X.520 | Selected Attribute Types | ||
| NTP | Network Time Protocol | ||
| HTTP | Hypertext Transfer Protocol | ||
| HTTPS | Hypertext Transfer Protocol Secure | ||
| PKCS#1 | RSA Cryptography Standard: this standard defines the RSA cryptography | ||
| PKCS#5 | Password-Based Cryptography Standard: this standard defines how to encrypt/decrypt data using passwords | ||
| PKCS#7 | Cryptographic Message Syntax Standard: this standard describes a general syntax for data that may have cryptography applied to it, such as digital signatures and digital envelopes | ||
| PKCS#8 | Private-Key Information Syntax Standard: this standard describes a syntax for private-key information where private-key information includes a private key for some public-key algorithm and a set of attributes. | ||
| PKCS#9 | Selected Object Classes and Attribute Types: this standard this standard defines two new auxiliary object classes, pkcsEntity and naturalPerson, and selected attribute types for use with these classes. | ||
| PKCS#10 | Certification Request Syntax Standard: this standard describes syntax for certification requests where a certification request consists of a distinguished name, a public key, and optionally a set of attributes, collectively signed by the entity requesting certification. | ||
| PKCS#11 | Cryptographic Token Interface Standard: this standard specifies an application programming interface (API), called “Cryptoki,” to devices which hold cryptographic information and perform cryptographic functions. | ||
| PKCS#12 | Personal Information Exchange Syntax: this standard describes a transfer syntax for personal identity information, including private keys, certificates, miscellaneous secrets, and extensions. | ||
| PKCS#15 | Applies to smart card vendors | ||
|
HSM |
Hardware Security Module [HSM] |
||
| Common Criteria | HSM Hardware, HSM vendor should further confirm the compliance | ||
| EAL | HSM Hardware, HSM vendor should further confirm the compliance | ||
| FIPS 140 | Security Requirements for Cryptographic Modules (HSM and Smart Card vendors to provide further confirmation on this compliance) | ||
|
Smart Cards |
Cryptographic Service Provider [CSP] |
||
| ISO 7816 Parts 1 - 5 | Smart Card Operating System Transport Application Parts 1 - 5 | ||
| ISO 7816 Parts 7 - 9 | Smart Card Operating System Transport Application Parts 7 - 9 | ||
| EAL4+ | HSM and Smart Card vendors to provide further confirmation on this compliance | ||
| FIPS 140 Validated | HSM and Smart Card vendors to provide further confirmation on this compliance | ||
| ISO 7816 1-5 Compatible | Microcontroller and supplementary Numeric Processing Unit [NPU] capable of calculating cryptographic operations according to PKCS #11 and PKCS #15 according to ISO/IEC 7816-1 to 7816-5 requirements | ||
| 32 bit crypto processor | For improved card performance and usability | ||
| Support for RSA 1024/2048 bits | Key length capabilities | ||
| Support for DES algorithm | Symmetric Algorithm | ||
| Support for 3DES algorithm | Symmetric Algorithm | ||
| CSP software | Cryptographic Service Provider [CSP] on chip OS capable of performing cryptographic functions | ||
|
Development Roadmap |
Pending Compliance |
||
| EEC | Elliptical Curve Cryptography | ||
| SCVP | Server-based Certificate Validation Protocol | ||
| ICAO MRTD | International Civil Aviation Organisation [ICAO], PKI for Machine Readable Travel Documents [MRTD] offering ICC Read-Only Access | ||
| XKMS | XML Key Management Services | ||
| Lightweight OCSP | Lightweight Online Certificate Status Protocol [OCSP] Profile for High-Volume Environments | ||
| Digi-Card OS | Development of proprietary smart card Operating System [OS] |
Links:
[1] https://www.digi-sign.com/downloads/download.php?id=digi-ca-pdf
[2] http://www2.digi-sign.com/http
[3] http://www2.digi-sign.com/service/digi-cast