Foreword
Introduction
1. Scope
2. References
3. Definitions
4. Abbreviations
5. Signature Creation Functional Model
5.1 Signature Creation Objectives
5.2 Model
5.3 Signature Creation Applications
5.4 Secure Signature Creation Devices
5.5 Signature Creation Application Instantiation
5.6 Control and possession of Signature Creation
Systems
6. Signed Data Object Information Model
6.1 Signer's Document (SD)
6.2 Signature Attributes
6.3 Data To Be Signed (DTBS)
6.4 Data To Be Signed (Formatted) (DTBSF)
6.5 Data To Be Signed Representation (DTBSR)
6.6 Advanced Electronic Signature
6.7 Qualified Electronic Signature
6.8 Signed Data Object
6.9 Signer's Authentication Data (not shown)
7. Overall Security Requirements of the SCA
7.1 Introduction
7.2 Trusted Path
7.2.1 Basic Trusted Path Requirement
7.2.2 Requirements for Public SCA
7.2.3 Referencing the correct SD and Signature
Attributes
7.3 Requirements for Distributed Signature Creation
Applications
7.4 Requirements resulting from un-trusted processes
and communications ports
7.5 Post signature verification of the Signed Data
Object
7.6 Requirements of the DTBS
8. SD Presentation Component (SDP)
8.1 Purpose
8.2 Background
8.3 Data Content Type Requirements
8.4 SD Non-ambiguity Requirements
8.5 Requirements for Presentation Insensitive SDs
8.6 Hidden Text and Active Code Requirements
9. Signature Attribute Viewer (SAV)
10. Signer Interaction Component (SIC)
10.1 High level user interface principles
10.2 Signature Invocation
10.3 Signature process inactivity timeout
10.4 Signer Control Functions
10.5 Retrieval of Signer's Characteristics
10.6 User Interface Aspects
11. Signer's Authentication Component (SAC)
11.1 General Aspects
11.2 Obtaining the Signer's Authentication Data
11.3 Knowledge based Signer Authentication
11.4 Biometric Signer Authentication
11.5 Provision of the wrong Signer's Authentication
Data
11.6 Change of Signer's Authentication Data and Reset
of the Retry Counter
11.7 Signer's Authentication Data User Interface Aspects
11.8 Security Requirements for the SAC Component
12. Data To Be Signed Formatter (DTBSF)
12.1 Functions of the DTBSF component
12.2 Security Requirements for the DTBSF component
13. Data Hashing Component (DHC)
13.1 Functions of the DHC Component
13.2 Production of the DTBS Representation
13.3 Formatting of the electronic signature input
13.4 Security Requirements for the DHC Component
14. SCDev/SCA Communicator (SSC)
14.1 Interaction Sequences
14.2 Establishing the Physical Communication
14.3 Retrieval of SCDev Token Information
14.4 Selection of the SCDev functionality on a
multi-application platform
14.5 Retrieval of Certificates
14.6 Selection of Signature Creation Data
14.7 Performing Signer Authentication
14.8 Digital Signature Computation
14.9 Signature Logging
14.10 Security requirements for the SSC Component
15. SCD/SCA Authenticator (SSA)
15.1 SCA - SCDev Authentication for SCA under service
provider's control
15.2 Security Requirements for the SSA Component
16. SD Composer (SDC)
16.1 Security Requirements for the SDC Component
17. Signed Data Object Composer (SDOC)
18. External Interface for Input/Output
18.1 Risks to the SCA
18.2 Import of Certificates
18.3 Import of an SD and Signature Attributes
18.4 Download of SCA Components
18.5 Security Requirements for Input Control
Annex A (Informative) - General Recommendations
A.1 Operation of the Signature Creation Application
A.2 Requirement on the environment
A.3 Presentation insensitive SD
Annex B Guidance to implement a User Interface
B.1 Purpose
B.2 User interface consistency
B.3 Use of colour
B.4 Feedback
B.5 Security Breach detection
B.6 Invalid choice
B.7 Preservation of information presentation
B.8 Personalisation
B.9 Signer's Control when integrating with user
profiling techniques
B.10 Configure/Edit Signature Creation process
B.11 Distinguishing between certificates
B.12 Timing of operations
B.13 Security of terminals in public domain
B.14 User retention of secrets
B.15 User instructions
B.16 Presentation of operational sequence
B.17 Presentation of distinguishable parts
B.18 Guidance
B.19 Terminology
B.20 Error tolerance
B.21 Informative error messages
B.22 Single handed operation of public SCAs
B.23 Cancellation of operation
B.24 Undo operation
B.25 Signer's Authentication Component (SAC)
B.25.1 Choice of signer authentication method
B.25.2 Biometric signer authentication
Annex C Signature Logging Component (SLC)
Annex D (Informative) - SCDev Holder Indicator (SHI)
Annex E (Informative) - References