Secure signature creation device

The term Secure Signature Creation Unit (SSEE) was defined in the " Directive 1999/93 / EC on Community Framework Conditions for Electronic Signatures " as configured software or hardware that is used to store and use the signature key ( signature creation unit ) and the requirements of Appendix III of Directive met. These are analogously:

1. SSEEs must ensure that the signature keys
   • can practically only occur once and their confidentiality is adequately guaranteed,
   • cannot be derived with sufficient certainty and the signature is protected against forgery when using the respective available technology,
   • can be reliably protected by the rightful signatory from being used by others.
2. SSEEs do not change the data to be signed and do not prevent this data from being presented to the signer before the signature process.

Due to this guideline, the concept of the SSEE was defined in the legislation of almost all EU member states and the states of the EEA with the same content. Exceptions are Great Britain and Ireland, in which no corresponding regulations exist.

Secure signature creation units enable the creation of qualified electronic signatures that are equivalent to a handwritten signature.

Legal details

The compliance of secure signature creation units with the legal requirements is carried out by the confirmation bodies designated by the member states. These confirmations must be recognized by all other member states on the basis of Article 3 (4) of the EU Directive. According to Article 3 No. 5 of the EU Directive, no confirmation is required for a secure signature creation device if it can be proven to comply with an international standard that the European Commission has determined as suitable for this. In its decision of July 14, 2003, the Commission identified the specification "CWA 14169" of the European Committee for Standardization (CEN) as a suitable standard which defines protection profiles for a security evaluation according to Common Criteria . However, the legal relevance of this decision is controversial, as the named specification is not an official standard. Nevertheless, this specification for testing SSEEs has established itself across Europe.

Implementation in Germany

The German Signature Act adopts and specifies the requirements from Directive 1999/93 / EC in § 17 SigG and §15 SigV. In particular, it is required that storage of the signature key outside of the secure signature creation unit must be excluded, and that an SSEE must reliably identify the key holder through possession and knowledge or through possession and one or more biometric features before using the signature key. The cryptographic algorithms used by a secure signature creation unit must correspond to the publication of the Federal Network Agency via suitable algorithms or demonstrably offer at least equivalent security.

The confirmation of a secure signature creation unit must be carried out by a confirmation body recognized by the Federal Network Agency. There are currently four confirmation offices in Germany for products for qualified signatures. According to Annex 1 of the Signature Ordinance, the confirmation of a secure signature creation unit requires at least one test of the security properties with a test depth EAL4 or ITSEC with a test depth E3 high. (The Common Criteria protection profile from CWA 14169, which the European Commission considers suitable for testing, fulfills this requirement.) In addition, the confirmation body must confirm the compliance of the security requirements against which the CC or ITSEC test was carried out with the requirements of the Signature Act.

Determinations of compliance of an SSEE with the requirements of Directive 1999/93 / EC by another member state of the European Union or the European Economic Area are recognized in accordance with Section 23 SigG. A test according to a standard published as suitable by the European Commission is recognized; However, it is currently unclear whether this rule applies to the specification referenced by the Commission (see above).

All secure signature creation units that have been confirmed in Germany to date are processor chip cards or USB sticks that contain a processor of the same type as processor chip cards. Technical requirements for chip cards with signature functionality lay down z. B. DIN V 66291-1 .

Implementation in Austria

In Austria, the concept of the secure signature creation unit will be included in the Signature Act as of January 1, 2008 (§2 line 5). In the original version, the content of the requirements for the corresponding component was taken over from Directive 1999/93 / EC and specified in Section 18. In particular, the use of the signature key must be protected by an authorization code (e.g. PIN, fingerprint). The number of signatures that are triggered with an authorization must be known to the signatory. The cryptographic algorithms used by a secure signature creation unit must meet the requirements of the appendix to the Signature Ordinance and correspond to the current state of the art.

Compliance with the safety requirements must be certified by a recognized certification body. The only confirmation body in Austria is the Association Center for Secure Information Technology - Austria (A-SIT) . The certification can be based on evaluations according to Common Criteria and ITSEC. When used in a controlled environment, the technical security requirements can also be met organizationally. The fulfillment of these safety requirements must be checked by a confirmation body.

Certificates from other member states of the European Union or the European Economic Area on the conformity of an SSEE with the corresponding requirements of Directive 1999/93 / EC are equivalent to the certificates from a domestic certification body. A test according to a standard considered suitable by the European Commission is recognized.

Implementation in Liechtenstein

The Liechtenstein Signature Act defines requirements for secure signature creation units in Article 18 (1). In terms of content, the security requirements correspond to those of the Austrian Signature Act. The cryptographic algorithms used by a secure signature creation unit must meet the requirements of document ETSI SR 002 176 or can be shown to offer at least equivalent security.

In accordance with Article 8 of the Ordinance on Electronic Signatures (Signature Ordinance ), compliance with the requirements must be checked and certified by a recognized confirmation body. So far, no confirmation body has been named, since according to the law on the amendment of the Signature Act as a transitional provision, the components used or recommended by certification service providers do not require a security certificate until December 31, 2008. The standards published as suitable by the European Commission, as well as Common Criteria or ITSEC in general, are approved as test criteria. No test depths are explicitly prescribed for testing according to Common Criteria or ITSEC, but the protection profiles or security specifications used must be recognized as suitable by the confirmation body. Certificates from other member states of the European Economic Area about the compliance of an SSEE with the corresponding requirements of Directive 1999/93 / EC are to be treated the same as the certificates from a domestic certification body.

Please note the information on legal issues!