Tarjetas Inteligentes :: Plataformas :: Tecnologías :: Lectores de Tarjetas | DNI-e :: Servicios Profesionales :: Integración :: e-Commerce :: Emprendedores EspañolInglés   +34 952 60 81 93 | WhatsApp +34 686 500 726 Contact KALYSIS 
Kalysis Página Principal
Lectores de Tarjetas Inteligentes y Criptográficas | Firma Electrónica Avanzada | Tokens USB

El primer Token USB de la Historia

Llave de descarga de tacógrafoLa llave Bluetooth para tacógrafos digitales más avanzada del mundo

Lectores de Tarjetas | DNI-e | Lector DNI electronico

Los lectores de DNIe más certificados del mercado

El primer análisis con inteligencia artificial de los ficheros legales del tacógrafo digital

Lectores de Tarjetas | DNI-e RFID Mifare | Tarjetas de Proximidad

Los sistemas de control de acceso más potentes de la industria

Tarjeta de Transporte de Proximidad NFC La gestión informática y electrónica con tarjetas de grandes terminales de transporte

usb token patentLa Patente Industrial de Kalysis nº 2.186.534 :: O.E.P.M. :: may 9, 2001 - 10:53
:: Lectores de Tarjetas Inteligentes y Criptográficas | Firma Electrónica Avanzada | Tokens USB
Kalysis MEI®
:: Control de Tiempos y Accesos  |  Lectores y Tarjetas de Proximidad RFID Mifare
Kalysis Community Entrar o crear una cuenta Descargas Envíar Noticias Temas
Índice Usuarios Descargas Envíar Noticias Temas


tarjetas inteligentes Business Intelligence

 
Mar 28, 2024 - 10:25 AM
buscar tarjeta inteligente buscar token usb
  
 Consorcio de Fabricantes de Lectores y Tarjetas
    
tarjeta inteligente tarjetas inteligentes   tarjeta inteligente modulo iot
tarjeta inteligente Tienda Online

Comprar en KALYSIS España Lector de tarjetas DNI - Internet de las cosas

Internet de las Cosas
- Dispositivos de Red
-- Serie a Super Ethernet
-- Serie a Ethernet
-- Serie a GPRS
-- Serie a Wi-Fi
- Módulos IoT

Lectores de Tarjetas DNI

Tarjetas Inteligentes
- Tarjeta Ciudadana
- Tarjeta Mifare

Llave de descarga de tacógrafo

La llave Bluetooth para tacógrafos digitales más avanzada del mundo.


tarjeta inteligente Es seguro. Es Kalysis

¿Preguntas? LLámanos:
(+34)
952608193

HELP CENTER
escribir a kalysisEscríbenos.



tarjeta inteligente Kalysis Lectores Tarjetas Inteligentes
· PRODUCTOS   SERVICIOS
· Lector de Tarjetas Token USB Firma Electrónica
· Lector Grabador Tarjetas Magnéticas
· Firma Electrónica Avanzada
· Teclado Tarjetas Magnéticas e Inteligentes
· APLICACIONES
Tarjetas Inteligentes

· CLIENTES
· BUSINESS PARTNERS
· INVERSORES
· SALA DE PRENSA
· PATROCINIOS
· SUBASTONIC
· CONTACTO
· Descargas
· Archivo de Noticias
· FAQs
· Propiedad Industrial
· Información Técnica
· Áreas de Aplicación
· ¿Por qué KALYSIS?
· Reseñas
· COTIZACIÓN

tarjeta inteligente Idioma
EspañolInglés
· Últimos 100 publicados
· Archivo de Artículos

SolounaTendrá solo UNA

Sabía que...

... KALYSIS es portada del Nilson Report?

Nilson Report - Tarjetas Inteligentes
Issue 814, July 2004

... la patente 2.186.534 de Kalysis es la base de la aplicación del DNI Digital o de la firma electrónica en tarjeta inteligente?

token USB... el "token USB" es un invento español patentado presentado publicamente en Bruselas?

...Los beneficios de pagos móviles crecerán drásticamente a USD20,000 millones en todo el mundo, de acuerdo con un nuevo informe estratégico de ARC Group. Esta cifra representa un crecimiento anual del 100%, y se deriva principalmente de nuevos tipos de transacción como prepago desde cajeros automáticos y otros innovadores ATMs.


tarjeta inteligente Empleo en Kalysis GRUPO
Trabajar en Kalysis
¿Buscas hacer empresa?

Que no te pique la envidia. Ven a inventar a Kalysis


tarjeta inteligente Tiendas Online & Pago Electrónico

Kalysis desarrolla especializadas tiendas online para profesionales

herramientas profesionales relojería

Póngase en contacto si es usted un fabricante o diseñador independiente, o si desea tener su propio marketplace. Kalysis tiene veinte años de experiencia en plataformas y negocios de Internet. Mantenemos sus contenidos y productos para que se dedique a lo que mejor sabe hacer: vender

Hablemos o escríbanos


tarjeta inteligente Kalysis Community
· Todos los Artículos
· AvantGo
· Descargas
· FAQ
· Feedback
· Mensajes
· Noticias
· Recomendarnos
· Reseñas
· Buscar
· Secciones
· Estadísticas
· Enviar Noticias
· Temas
· Top List
· Enlaces Web

tarjeta inteligente Tarjetas Inteligentes Estadísticas


Tarjetas Inteligentes - EstadísticasTarjetas Inteligentes en Europa


Informe mundial del mercado de tarjetas inteligentes Gartner DataQuest

Firma Electrónica Avanzada

Legislación Firma Electrónica

tarjeta inteligente Kalysis GRUPO

España Kalysis GRUPO - Plataforma Kalysis MEI

Kalysis EspañaKALYSIS Iberia, SL
Plaza de Uncibay 3
Primera Planta
29008 Málaga
ESPAÑA

952 60 81 93
686 500 726


CENTRO DE INVESTIGACIÓN
BIC Euronova - Centro Europeo de Empresas e Innovación (CEEI)
Parque Tecnológico de Andalucía (PTA)
Málaga, ES 29590
ESPAÑA

INTERNACIONAL Voz

+34 952 608193

ANID - National Association of Researchers in Educational Methodology
Camino de las Aguas, 48
37003 Salamanca
España

Kalysis SA de CVKALYSIS, SA de CV
:: General Payment Services de México, SA de CV


Camino al Desierto de Los Leones Número 35
Colonia San Ángel Inn
01000 México, Distrito Federal

Kalysis Miami
KALYSIS Central America
USA Office
9800 Southwest 62nd St
Miami, Florida 33173
USA

116 Northeast 3rd Avenue
Miami, Florida 33132
USA

+1 260 KALY-202

Kalysis NicaraguaKALYSIS Nicaragua, SA
Edificio Grupo Lacayo
Km 5½ Carretera Norte Managua
NICARAGUA

Kalysis Argentina
KALYSIS Argentina

Buenos Aires
ARGENTINA

Kalysis Montevideo
AVICARD Identificación
Avda. Gestido, M-26, S-17, Sangrila
Canelones
URUGUAY

Kalysis Chile
KALYSIS Chile
Obispo Orrego, 42. Ñuñoa
Santiago de Chile
CHILE

Kalysis Colombia
KALYSIS Colombia SA
CRA 46 No 56-63
OFIC. 109
Edificio Argental
Medellín
COLOMBIA

INTERNACIONAL Voz

+34 952 608193


Red de Distribuidores Europeos de Kalysis
Distribuidores EMEA

Austria, Alemania, Suiza, Dinamarca, Suecia, Noruega, Finlandia, Polonia, República Checa, Eslovaquia, Hungría, Eslovenia, Croacia, Latvia, Estonia y Lituania

Relaciones con la prensa y medios de comunicación
Iraís Quintana:
Correo prensa - tarjeta Inteligente


Sindicar Artículos de Kalysis Community
Tarjetas Inteligentes Sindicación Tarjetas Inteligentes


lector tarjeta inteligente

Digital Signatures and European Laws


Publicado por: Redacción
Firma Electrónica Avanzada :: Token USB tarjeta inteligente Mirella Mazzeo 2004-01-26



Editor's Note: this document has been updated with greater clarity on the difference between a key holder and owner, and the fact that a private key need not be attached to any device (though often is, to make it easier to use).

People who do business on the Internet require security and trust. In electronic commerce and communication you can't see the person you are speaking with, you can't see the documents that prove one's identity, and you can't even know if the web site you are connected to belongs to the society it says. You must also ask yourself: is this indeed the contract my business partner has sent to me or has someone unauthorized seen and changed it before it reached my desk? What will happen if I have problems with the contract and I must take it to a court of law?

To answer these juridical necessities the European Union adopted a community framework for electronic signatures some time ago (directive 1999/93/EC of the European Parliament and the council of December 13, 1999, on a community framework for electronic signatures) that has been implemented in various European countries. The European directive is used for business in which European partners (persons or societies) or public administrations are involved. It also means that if an American organization enters into an electronic contract with a European society it has to respect European requirements to ensure the contract is valid. This paper will address these issues and then provide an overview of current trends within various countries in Europe.
Introduction to digital signaturesA digital signature, also called an electronic signature, means data in electronic form that is used for security and trust in electronic business and communications. It is nowadays based on applied cryptography with asymmetrical keys. Imagine the door of a house with a two key deadbolt: the key you use to enter (public key) is not the same one required to exit (private key) so if a thief gets in the house he won't be able to exit. With digital signatures your private key, made with mathematical data associations and used to write your text, is different from the public key the addressee uses to read it. Therefore, even if the reader manages to decode the reading key, he won't have any information about the writing key.

The electronic signature working principle is this: you create some text, the text is encrypted by your private key using a mathematical relationship, you send the encrypted text, the reader who receives the text uses your publicly available key (connected to the private key) to open it, and she is then sure the text is original and it is written by you. A key does not need to be attached to any device, but often is stored on one to make it easier to use. Thus, a private key used as an electronic signature generally resides on a smart-card in a smart-card reader that is installed in the signatory's personal computer.

The principle of use is the same for every kind of digital signature, but the value of each key is different for many reasons:


  • Some keys are easier to decrypt than others, depending on the quality of algorithms and on the number of bytes used.
  • The organization who provides the keys may have or not some technical or economic requirement to be an accreditated Certification Authority and their public reputation and respectability may or may not be an issue.
  • There may be a value limit on a signature, such as cases where a signatory is only allowed to sign contracts up to a specified amount, or the signature is valid only for contracts made with specific countries.




European lawEuropean law (directive n.93/1999, hereinafter referred to as "dir.") provides three kinds of electronic signatures, each with different juridical value:



  1. electronic signature (also called a weak electronic signature or light electronic signature): "means data in electronic form which are attached to or logically associated with other electronic data and which serve as a method of authentication" (art. 2.1 dir.). It uses asymmetrical key cryptography. It is used for authentication, to be sure the person who sent the text is the electronic signature's holder, however you can't be sure she is also the key owner. A key holder is an entity that has the practical use of the electronic signature, whereas the key owner is the person who has the explicit right to use it. Usually a key holder would be a server that creates signatures on, for example, a company's software. The company or employee would be the key owner. This explicit difference stems back to Roman times, and the rights of a signature holder versus its owner forms the basis of civil law for many countries, European and otherwise. One must be clear on the difference. There are also cases where a key holder could be a person, though this is less likely. For example, if a manager is the key owner, her secretary could be the electronic signature's holder who has the actual signature key and devices -- however the secretary could sign something contentious using her manager's authority. Note that an electronic signature is admissible as evidence in legal proceedings, but the judge must decide how much value it has.


  2. advanced electronic signature: "means an electronic signature which meets the following requirements:


      [a] it is uniquely linked to the signatory;[b] it is capable of identifying the signatory;[c] it is created using means that the signatory can maintain under his sole control; and[d] it is linked to the data to which it relates that any subsequent change of the data is detectable" (art. 2.2 dir.).

    An advanced electronic signature has more significant value than an electronic signature: it guarantees the integrity of the text, as well as the authentication. The juridical value it has is for integrity: one is sure the text received is the same that was sent, and that no hacker had changed it. The judge must consider the text unexpurgated and nobody can deny its integrity.


  3. advanced electronic signature which is based on a qualified certificate and which is created by a secure-signature-creation device (also called a secure digital signature, strong digital signature, or qualified digital signature). The secure-signature-creation device (also called a Certification Authority or CA) must have the technical standards needed to ensure the key can neither be forced nor reproduced in a reasonable time, one that is longer than the validity period for the signature. These requirements are clarified by the "Electronic Signature Committee", which helps commission for technical subjects.

    The standards required for a qualified signature are significant: keys, software, smart-cards and every other device necessary must be of the latest science and technology (according to the juridical concept of "meliores scientia et conoscientia"). This means the latest technology must be used, such as Windows XP instead of Windows 98, but it also includes using known best practices. The requirements for qualified certificates (annex I, dir.) are:

      [a] the indication that the certificate is issued as a qualified certificate;[b] the identification of the Certification Authority and the State (European or foreigner) in which it is established;[c] the name (or pseudonym) of the signatory, to identify her/him; [d] signature-verification data which correspond to signature-creation data under the control of the signatory;[e] the indication of the period of validity of the certificate;[f] the identity code of the certificate; and[g] the advanced electronic signature of the certification-service-provider (Certification Authority).

    The qualified signature may also contain other elements, such as the provision for a specific attribute of the signatory. This means that, for example, a lawyer of a certain society, or a manager of a joint-venture may hold a qualified signature. There can be a limitation on the scope of use of the certificate, such as stipulation that contracts can only be signed with specific countries such as the United States. Additionally, there can be limits on the value of transactions for which the certificate can be used, such as the ability to sign contracts up to a maximum of $10,000 USD.

    This type of digital signature has a strong juridical value: it warranties authentication, integrity, confidentiality whereby only the addressee can read it because the key is very difficult to decrypt. It also provides non-repudiation, where the sender can't say she didn't send the message, and the addressee can't say he didn't receive it. A strong digital signature is very useful for business: you are sure of the identity of the signatory, the content of the text, the confidentiality of your business, and the elements you would have in any eventual legal action. No hacker can read the text, modify it, or take the place of the signatory. The judge can't make decisions on the juridical value of this qualified signature: it is fixed by the law and nobody can refute it. This kind of electronic signature has a high value, but it must be used in a correct way and thus the signatory has some duties to perform.



Duties of a qualified electronic signature user


  1. Keeping duty. The signatory has to keep the smart-card and the other tools necessary for a digital signature safe to avoid unauthorized use. Generally smart-cards are kept inside strong-boxes, but they are also protected by a pin code. If you don't secure your signature tools you are responsible for their unauthorized use. For example: you leave your smart-card on the desk in your office, the pin code is written on the smart-card, and the room is open with many people walking around. Someone enters your office and uses your smart-card to do some shopping. Do you have to pay for this unauthorized shopping? Yes, because you didn't sufficiently protect your strong electronic signature tools. You can only initiate legal action against an unauthorized user if you find her or him. This duty can be understood best using an analogy from typical credit cards laws.


  2. Information duties. You have to inform your Certification Authority about the limits of the signature, consisting of its use and/or value limits before the smart-card is given out. You have also to inform your Certification Authority as soon as possible about any loss of value in the digital signature, on every circumstance it depends. Here are a few examples of a loss of value: the signatory was one of your employees and now she is retired, the smart-card was stolen from the strong-box with the pin code, or the signatory society had gone bankrupt. In all these cases, if you don't inform the Certification Authority you are responsible for any unauthorized use.

    There are other good examples of information duties: let's say your subordinate can sign contracts for up to $10,000 USD and he has a strong digital signature. You didn't indicate this value limit to the Certification Authority, so no limit is written into the qualified certificate. The subordinate signs a contract for more than a million dollars. Can you say this contract is void? No, because you didn't inform your Certification Authority and consequently the Certification Authority didn't inform its third parties, such as its commercial partners. You can only mitigate your losses with the subordinate, and not with the organization that entered into the contract with you.


  3. Update duties. No key is safe forever, because technology improves and develops such that a good quality algorithm now becomes a low quality algorithm over time. Moreover every mathematical key can be decrypted in a certain time. The digital signature is safe only during its validity period, which is set much shorter than the time an hacker needs to decrypt it. When the validity period is gone the digital signature is no longer safe and the Certification Authority won't warrant it any longer. You have to update your digital signature when the validity period is gone, and this update means the receipt of a completely new key. If you continue to use your strong digital signature after the end of the validity period, it loses its juridical value, effectively becomes a weak electronic signature.


Choosing a Certification AuthorityTo obtain a strong electronic signature you have to first refer to a qualified certification-service provider. In Europe, a qualified Certification Authority (annex II, dir.) must respect:



  1. technical requirements, as described by the Electronic-Signature Committee. This is to ensure reliability, the valid date and time for the certificate, and the immediate revocation of the signatures that have expired. The Certification Authority has to employ personnel who possess expert knowledge, use trustworthy systems and products, and take measures against the forgery of certificates.


  2. juridical duties. It must, in accordance with the national law of the relevant European Country, verify the identity of the signatory. Additionally it has to record every relevant detail concerning a qualified certificate, for a specified period of time (generally five to ten years), it cannot store or copy signature-creation data on the provided keys, and it must inform the person who wants a strong digital key about the contract and about the digital signature's legal value.


  3. economical requirements. the certification-server provider must have sufficient financial resources and coverage to bear the risk of liability for damages.


Obtaining a secure electronic signatureTo obtain a strong digital signature you have to contact a qualified Certification Authority. The qualified certification-service provider list is available at the Electronic Authority for Public Administration for each European Union country, which consists of Italy, France, Spain, Germany, the United Kingdom, Luxembourg, Holland, Belgium, Portugal, Austria, Finland, Ireland, Denmark, Sweden, and Greece. Alternatively, one can contact the Electronic-Signatures Committee through the European Union online. The links provided are to the only official web sites that exist; where no link exists, the relevant country current does not have an official site for their public key infrastructure. Qualified Certification Authorities are diffused around the world, and they are in the list of one of the European Countries, but their value is automatically recognized in all Europe.
Current Trends in EuropeEach European Country must develop its own PKI, but some countries have been earlier to adopt it than others. Italy has a leading position because it was one of the first European countries to provide the technical measures required for strong digital signatures. It was the first to use secure digital signatures to connect all leaders of all government departments. In Italy's Justice Department, with over 40,000 employees there are already more than 10,000 strong digital signatures.

Finland uses biometric keys instead of smart-cards to produce strong digital signatures, but they are scarcely diffused. Currently, only about 1% of public employees have one, likely because the tools required are too expensive: Finnish strong electronic signatures have the same juridical value than other country qualified signatures, but Finnish keys are more expensive.

Spain uses strong digital signatures in relationships between their citizens and public administration and it is the only European country in which the qualified certification-service provider is also a public administration.

Germany is now giving secure digital signature tools to their public administration, and is working to ensure interoperability between the Certification Authorities. France is currently testing digital signatures in some public administrations. The United Kingdom is late in joining public key infrastructure; at the moment no public administration in the UK uses electronic signatures. Denmark is working for a PKI unitary for all public administrations, but at the moment only 2% of public employees have a digital signature. Austria has implemented the "Citizen Card", a smart-card for strong digital signatures used for social security and also for private business use. Holland is very late: it is the only European Country without a national law that covers the 1999 European Directive.
ConclusionElectronic signatures are backed by valid European laws and thus qualified digital signatures have great potential. Strong digital signatures have great importance to all businesses who must do electronic transactions with European partners because they have a very deep juridical value. Once again, a secure digital signature warrants the authentication, integrity, confidentiality, and non-repudiation of a signatory; these are the most desired guarantees in e-business. Strong digital signatures thus have widespread use for high value e-commerce situations: everyone wants to be sure her/his contract is valid and there is no hacker interference.

The PKI situation in Europe is still not consistent across all countries, however. Some countries, such as Italy, Austria, and Spain have well-developed infrastructure already in place; others such as Finland, Denmark, Germany, and France are still testing their PKI solutions. Further, some countries such as Holland and the United Kingdom have not even started deploying their public key infrastructure.




References

The Legal and Market Aspects of Electronic Signatures (263 page PDF) by the European Commission, final version.

Links to E.U. national resources on electronic signatures

European Institute of Public Administration, Electronic signature, 2003.

CNIPA (Italian Committee for electronic in Public Administration), Firma elettronica: tecnologie e standard, 2003.

CNIPA, Firma Digitale, 2003.

Le Camere di Commercio Italiane (Italian Business Department), Firma digitale e Registro delle Imprese. Dall'anagrafe delle imprese la spinta verso l'e-Government, 2002.

Antonello Cherchi, La firma elettronica europea è pronta, 24/2/2003.

Luca Martini, La valenza probatoria della firma digitale: aspetti giuridici e problematiche connesse, 2003.

Mario Gentili, La firma digitale, 8/2/2001.

Laura Turini, Dopo il click attenzione alla firma , 17/11/2003.

Giuseppe Briganti, Forma ed efficacia del documento informatico dopo il D.L.vo 23 gennaio 2002 n.10: "Attuazione della direttiva 1999/93/CE relativa ad un quadro comunitario per le firme elettroniche", 2002.

Mario Petrulli, La firma digitale e la disciplina antiriciclaggio, 2001.

Useful websites

www.europa.eu.int (11 languages)www.cnipa.it www.ipsze.it


 
tarjeta inteligente Relacionado
· Firma Electrónica Europea
· Kalysis :: Líneas Smart Cards
· Kalysis :: Firma Avanzada
· Tokens USB y Firma Avanzada
· Firma Electrónica Avanzada
· Token Criptográfico
· SII AEAT - Sistema
· Electronic Tokens
· Más acerca de Firma Electrónica Avanzada :: Token USB
· Noticia por Redacción


Nota más leída en Firma Electrónica Avanzada :: Token USB:
Lector Biométrico de Huella Dactilar :: BioPass


Token USB Firma Electrónica Avanzada :: Token USB  USB Token Firma Electrónica Avanzada :: Token USB







"Digital Signatures and European Laws" | Entrar o crear una cuenta | 0 Comentarios
Umbral
Los comentarios son propiedad de quienes los publican. No somos responsables de su contenido.


lector tarjeta inteligente

Kalysis GRUPO © 2001-2021 Licensed Materials - Program Property of Kalysis. All Rights Reserved
Licensed under one or more Spain Patents Nº 2,186,534 assigned to Kalysis Iberia, SL. MEI® is a trademark of Kalysis GRUPO
All trademarks are the property of their respective companies. Technical data subject to change without notice

NOTA LEGAL AMPLIADA


El Greco, 17. 29749 Málaga - Andalucía - España - EU ☎ (+34) 952 60.81.93 ☎ (+34) 952 22.79.60 ☎ (+34) 686-500-726
Inscrita en el Registro Mercantil nº 5 de Málaga. Tomo 3.322, Libro 2.234, Folio 45, Hoja MA-63694. Sociedad Limitada C.I.F. ES B92451996 Kalysis es un Operador Intracomunitario registrado en el V.I.E.S.
© 2001-2021 Kalysis Iberia, SL