Third-Party Certifications, Standards & Compliance
Reference |
Description |
||
1999/93/EC | EU Electronic Signatures Directive for Qualified Electronic Signatures and National Certification Service Providers issuing Qualified Certificates to the public. | ||
2003/59/EC | Revision of the community legislation on the access to the road transport market and on the admission to the occupation of road transport operator. | ||
AES | Advanced Encryption Standard | ||
CA/PKI | Certificate Authority/Public Key infrastructure | ||
PKIX | X.509 based Public Key Infrastructure | ||
DER | Distinguished Encoding Rules | ||
PEM | Privacy Enhanced Mail | ||
DES | Data Encryption Standard | ||
DSA | Digital Signature Algorithm | ||
LDAP | Lightweight Directory Access Protocol Version 3 | ||
MD5 | Message-Digest algorithm version 5 | ||
SHA-1 | Secure Hash Algorithm 1 | ||
SHA-2 | Secure Hash Algorithm 2 | ||
MIME | Multi-purpose Internet Mail Extensions | ||
S/MIME | Secure Multi-purpose Internet Mail Extensions | ||
SSL | Secure Socket Layer | ||
TLS | Transport Layer Security | ||
UTF-8 | 8-bit Unicode Transformation Format | ||
X.509 v3 | Attribute Certificate Frameworks Version 3 | ||
RSA | Algorithm for public-key cryptography | ||
Triple DES | Data Encryption Standard Block Cipher | ||
CWA 14167 | Trustworthy CA Systems Management | ||
CWA 14169 | Secure signature-creation devices EAL4+ [See HSM compliance below] | ||
CWA 14172 | Compliance to CEN Directives for CA ownership & Operation | ||
CWA 14355 | Secure Signature-Creation Devices | ||
CWA 14365 | Use of Electronic Signatures: Legal & Technical Aspects | ||
CWA 14890 | Application Interface for smart cards used as Secure Signature Creation Devices | ||
CWA 15579 | E-invoices and digital signatures | ||
CWA 15580 | Storage of Electronic Invoices | ||
CWA 15581 | Guidelines for eInvoicing Service Providers | ||
CWA 15582 | eInvoice Reference Model for EU VAT purposes specification | ||
ETSI SR 002 176 | Electronic Signatures and Infrastructures [ESI] Algorithms and Parameters for Secure Electronic Signatures | ||
ETSI TS 101 456 | Policy requirements for Certification Authorities issuing Qualified Certificates | ||
ETSI TS 101 861 | Time Stamping profile | ||
ETSI TS 101 862 | Qualified Certificate profile | ||
ETSI TS 102 023 | Electronic Signatures and Infrastructures [ESI] Policy requirements for Time Stamping Authorities | ||
ETSI TS 102 040 | Electronic Signatures and Infrastructures [ESI] International Harmonization of Policy Requirements for CAs issuing Certificates | ||
ETSI TS 102 042 | Policy requirements for Certification Authorities issuing Public Key Certificates | ||
ETSI TS 102 280 | X.509 V.3 Certificate Profile for Certificates Issued to Natural Persons | ||
FIPS PUB 46-3 | Data Encryption Standard [DES] | ||
FIPS PUB 140-2 | Security Requirements For Cryptographic Modules | ||
FIPS PUB 180-2 | Secure Hash Standard | ||
FIPS PUB 186-3 | Digital Signature Standard [DSA] | ||
FIPS PUB 197 | Advanced Encryption Standard [AES] | ||
IETF RFC 373 | Arbitrary Character Sets | ||
IETF RFC 1231 | MD5 Hashing Algorithm | ||
IETF RFC 1422 | Only relating to general certificate, key management and Certificate Revokation List [CRL] | ||
IETF RFC 2315 | See PKCS#7 below | ||
IETF RFC 2459 | Internet X.509 Public Key Infrastructure Certificate and CRL Profile | ||
IETF RFC 2527 | Guidelines for Certification Practice Statements [CPS] & Certificate Policies [CP] | ||
IETF RFC 2560 | X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP | ||
IETF RFC 2587 | Internet X.509 Public Key Infrastructure LDAPv2 Schema | ||
IETF RFC 2818 | HTTP Over TLS | ||
IETF RFC 2898 | See PKCS#5 below | ||
IETF RFC 2986 | See PKCS#10 below | ||
IETF RFC 3039 | Internet X.509 Public Key Infrastructure Qualified Certificates Profile | ||
IETF RFC 3161 | Internet X.509 Public Key Infrastructure Time-Stamp Protocol [TSP] | ||
IETF RFC 3279 | Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile | ||
IETF RFC 3280 | Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List [CRL] Profile | ||
IETF RFC 3628 | Internet X.509 Public Key Infrastructure Qualified Certificates Profile | ||
IETF RFC 3629 | UTF-8, a transformation format of ISO 10646 | ||
IETF RFC 3647 | Internet X.509 Public Key Infrastructure Certificate Policy [CP] and Certification Practice Statement [CPS] Framework | ||
IETF RFC 3739 | X.509 Public Key Infrastructure [PKI] Qualified Certificates profile | ||
IETF RFC 4514 | [Lightweight Directory Access Protocol [LDAP] String Representation of Distinguished Names | ||
ISO/IEC 7816-15 | See PKCS#15 below | ||
ISO 15408 | Information technology — Security techniques Evaluation criteria for IT security | ||
APGridPMA | International Grid Trust Federation [IGTF] Classic X.509 CAs for Asia Pacific Grid Policy Management Authority | ||
EUGridPMA | International Grid Trust Federation [IGTF] Classic X.509 CAs for European Union Grid Policy Management Authority | ||
TAGPMA | International Grid Trust Federation [IGTF] Classic X.509 CAs for The Americas Grid Policy Management Authority | ||
ISO 27001 | Methodology, Knowledge Transfer & Service | ||
ITU X.509 | The Directory: Public-key and attribute certificate frameworks | ||
ITU-T X.520 | Selected Attribute Types | ||
NTP | Network Time Protocol | ||
HTTP | Hypertext Transfer Protocol | ||
HTTPS | Hypertext Transfer Protocol Secure | ||
PKCS#1 | RSA Cryptography Standard: this standard defines the RSA cryptography | ||
PKCS#5 | Password-Based Cryptography Standard: this standard defines how to encrypt/decrypt data using passwords | ||
PKCS#7 | Cryptographic Message Syntax Standard: this standard describes a general syntax for data that may have cryptography applied to it, such as digital signatures and digital envelopes | ||
PKCS#8 | Private-Key Information Syntax Standard: this standard describes a syntax for private-key information where private-key information includes a private key for some public-key algorithm and a set of attributes. | ||
PKCS#9 | Selected Object Classes and Attribute Types: this standard this standard defines two new auxiliary object classes, pkcsEntity and naturalPerson, and selected attribute types for use with these classes. | ||
PKCS#10 | Certification Request Syntax Standard: this standard describes syntax for certification requests where a certification request consists of a distinguished name, a public key, and optionally a set of attributes, collectively signed by the entity requesting certification. | ||
PKCS#11 | Cryptographic Token Interface Standard: this standard specifies an application programming interface (API), called “Cryptoki,” to devices which hold cryptographic information and perform cryptographic functions. | ||
PKCS#12 | Personal Information Exchange Syntax: this standard describes a transfer syntax for personal identity information, including private keys, certificates, miscellaneous secrets, and extensions. | ||
PKCS#15 | Applies to smart card vendors | ||
HSM |
Hardware Security Module [HSM] |
||
Common Criteria | HSM Hardware, HSM vendor should further confirm the compliance | ||
EAL | HSM Hardware, HSM vendor should further confirm the compliance | ||
FIPS 140 | Security Requirements for Cryptographic Modules (HSM and Smart Card vendors to provide further confirmation on this compliance) | ||
Smart Cards |
Cryptographic Service Provider [CSP] |
||
ISO 7816 Parts 1 - 5 | Smart Card Operating System Transport Application Parts 1 - 5 | ||
ISO 7816 Parts 7 - 9 | Smart Card Operating System Transport Application Parts 7 - 9 | ||
EAL4+ | HSM and Smart Card vendors to provide further confirmation on this compliance | ||
FIPS 140 Validated | HSM and Smart Card vendors to provide further confirmation on this compliance | ||
ISO 7816 1-5 Compatible | Microcontroller and supplementary Numeric Processing Unit [NPU] capable of calculating cryptographic operations according to PKCS #11 and PKCS #15 according to ISO/IEC 7816-1 to 7816-5 requirements | ||
32 bit crypto processor | For improved card performance and usability | ||
Support for RSA 1024/2048 bits | Key length capabilities | ||
Support for DES algorithm | Symmetric Algorithm | ||
Support for 3DES algorithm | Symmetric Algorithm | ||
CSP software | Cryptographic Service Provider [CSP] on chip OS capable of performing cryptographic functions | ||
Development Roadmap |
Pending Compliance |
||
EEC | Elliptical Curve Cryptography | ||
SCVP | Server-based Certificate Validation Protocol | ||
ICAO MRTD | International Civil Aviation Organisation [ICAO], PKI for Machine Readable Travel Documents [MRTD] offering ICC Read-Only Access | ||
XKMS | XML Key Management Services | ||
Lightweight OCSP | Lightweight Online Certificate Status Protocol [OCSP] Profile for High-Volume Environments | ||
Digi-Card OS | Development of proprietary smart card Operating System [OS] |