EN 419241-1:2018
EN 419241-1:2018 is a European standard specifying requirements for trustworthy systems supporting electronic signatures. It outlines security requirements for signature creation devices (SCDev) to ensure the integrity and authenticity of the signatures users produce.
Compliance of ThrivoSign with EN 419241-1:2018
ThrivoSign is designed to comply with the detailed requirements set forth in EN 419241-1:2018, ensuring a secure and trustworthy environment for electronic signature creation. Below is a comprehensive outline of how ThrivoSign meets these requirements:
1
The TW4S is composed at least of one Server Signing Application (SSA) and one Signature Creation Device (SCDev) or one remote Signature Creation Device.
T-RSSP is a compliant Server Signing Application that securely handles the process of creating electronic signatures. It ensures user authentication, document integrity, and signature creation within a controlled and secure environment. ThrivoSign provides detailed logs and audit trails to ensure transparency and accountability in the signing process.
I4PSAM is a compliant Signature Creation Device that securely generates and manages cryptographic keys. It provides a tamper-resistant environment to protect private keys and supports secure cryptographic operations for creating electronic signatures. I4PSAM ensures secure communication with the SSA, maintaining the integrity and confidentiality of the signing process.
2
A remote SCDev is a SCDev extended with remote control provided by a Signature Activation Module (SAM) executed in a tamper protected environment. This module uses the Signature Activation Data (SAD), collected through a Signature Activation Protocol (SAP), in order to guarantee with a high level of confidence that the signing keys are used under sole control of the signer.
T-RSSP integrates with I4PSAM to ensure secure, compliant remote signature creation under signer’s sole control.
3
The SSA uses a SCDev or a remote SCDev in order to generate, maintain and use the signing keys under the sole control of their authorized signer. Signing key import from CAs is out of scope.
T-SSA uses I4PSAM to securely manage signing keys under the authorized signer's sole control.
4
3.6 remote signature creation device
signature creation device used remotely from signer perspective and applying the signature activation protocol to provide control of signing operation on its behalf and guarantees with a high level of confidence that the signing keys are used under sole control of the signer
I4PSAM ensures remote control of signing operations via the Signature Activation Protocol, guaranteeing that signing keys are used solely under the signer's control with high confidence.
5
3.7
signature activation data
set of data, which is collected by the SAP, used to control with a high level of confidence a given signature operation, performed by a cryptographic module on behalf of the signer, that this under sole control of the signer
The signing process is initiated by the authorized signer via SSA interface.
This data includes information such as the signer's identity, the document to be signed, time-stamps, and any additional authentication factors is collected
T-RSSP retrieve authorized signer SAM detail. SAD is securely generated and transmitted to the I4P SAM.
I4P SAM authenticates the received SAD to verify its source and ensure it has not been tampered with.
The I4P SAM uses the verified SAD to trigger the cryptographic module for the actual signing operation.
6
3.8 signature activation module
configured software that uses the SAD in order to guarantee with a high level of confidence that the signing keys are used under sole control of the signer
I4PSAM is a configured software module that uses Signature Activation Data (SAD) to ensure, with high confidence, that the signing keys are used solely under the control of the authorized signer. It integrates with an EAS setup and utilizes JWT tokens for delegated authentication to enhance security and ensure the integrity of the signing process.
7
3.10
signature creation application
application that creates a signed document, using the digital signature generated by a SCDev
T-SSA is a compliant Signature Creation Application that creates signed documents using the digital signatures generated by I4PSAM, ensuring secure and authenticated signature creation.
8
signature creation sevice
configured software and/or hardware cryptographic module used to create a digital signature
i4p SAM module to comply
9
3.14
signer’s interaction component
software and/or hardware component used by the signer to support the SAP
T-SIC is a mobile app that provides software interfaces for the signer to securely interact with the Signature Activation Protocol (SAP), ensuring the signing process is performed under the signer's sole control.
10
5.4
— Sole control assurance level 2 (SCAL2): — The signing keys are used, with a high level of confidence, under the sole control of the signer. — The authorized signer’s use of its key for signing is enforced by the SAM by means of SAD provided, by the signer, using the SAP, in order to enable the use of the corresponding signing key. Only support SCAL2
T-RSSP supports SCAL2, ensuring signing keys are used under the sole control of the signer with high confidence. The authorized signer’s key usage for signing is enforced by the SAM using SAD, with delegated authentication handled separately from the T-SIC mobile app, which complies with the Signature Activation Protocol (SAP).
11
5.5
The enrolment of the signer and the electronic identification means characteristics and design requirements are defined in SRA_SAP.1.1.
Contact sales@idthrivo.com for further information
12
5.7.2.2 1.1.1.1 SCAL2
The authentication mechanism requirements are defined in SRA_SAP.1.1.
Contact sales@idthrivo.com for further information
13
5.7.3.2 SCAL2
—The SAD SHALL be set, computed or be the result of a secured interaction between the SAM and the SIC through the SSA, to authorize the signing operation within the SCDev, and
— The SAD SHALL be transmitted to the SAM through the SSA to authorize the signing operation within the SCDev for a dedicated DTBS/R.
T-RSSP supports SCAL2, ensuring signing keys are used under the sole control of the signer with high confidence. SAD is securely set or computed through SSA-SIC interaction and transmitted to the SAM for authorization.
14
5.7.4 Delegation of authentication to an external party
The TSP MAY delegate the authentication process to an external party (e.g. to an identity provider).
T-RSSP use build-in IDP to comply delegation of authentication
15
5.8 1.1 Signature activation data
To reach the SCAL2, the use of the SAD to ensure control over the signer’s key SHALL be enforced by the SAM.
Signature activation at SCAL2 requires fulfilment of several conditions as signer authentication and authenticity of signature operation request from the signer (details are given in 5.7).
Both properties MAY be given directly by the SAD. It is however for instance also possible to perform signer authentication prior to SAD generation, e.g. using delegation of authentication.
SAD can be a set of data or be a result of cryptographic operations (details are given in SRA_SAP.2) from which the same information can be derived.
SAD contributes to authenticate directly or indirectly the signer.
When the signer authentication takes place prior to collection of the SAD, the SAD SHALL contain items to identify the signer asserted by a known source. This assertion MAY come from either the SIC or from a trusted electronic identity provider. The source of the assertion SHALL be authenticated.
T-RSSP use build-in IDP to comply delegation of authentication
16
5.10 Signer’s interaction component
The SIC is a piece of software and/or hardware, operated on the signer’s environment under its sole control.
Using this component is essential in the SAP process and for the creation of a digital signature by the SCDev.
The SIC always participates in the SAP in order to authenticate the signer or to generate the SAD:
— The SIC can directly generate the SAD, or
— The SIC can be used to authenticate the signer, and the assertion that identify the signer will be used in the SAD generation.
T-SIC used to authenticate the signer, and the T-RSSP generate assertion that identify the signer will be used in the SAD generation.
17
For SCAL2 private or secret keys are required to be generated and used in a tamper protected environment. In addition the software of the SAM is also required to be used in a tamper protected environment.
T-RSSP only support SCAL2 for now.
18
19
20
21
22
23
24
Diagram
In summary, ThrivoSign complies with EN 419241-1:2018, ensuring a secure and trustworthy environment for electronic signature creation. By meeting the detailed requirements of this standard, ThrivoSign guarantees the integrity and confidentiality of electronic signatures through advanced security measures and robust key management protocols. This compliance ensures that ThrivoSign provides a reliable solution for organizations needing secure and legally compliant electronic signatures.
Last updated