CONTENTS

1 Scope
2 References
2.1 Identical Recommendations | International Standards
2.2 Paired Recommendations | International Standards equivalent in technical content
2.3 Additional References
3 Definitions
4 General Aspects
4.1 Basis of Security Assurance and Trust
4.2 Interaction between a TTP and Entities Using its Services
4.2.1 In-line TTP Services
4.2.2 On-line TTP Services
4.2.3 Off-line TTP Services
4.3 Interworking of TTP Services
5 Management and Operational Aspects of a TTP
5.1 Legal Issues
5.2 Contractual Obligations
5.3 Responsibilities
5.4 Security Policy
5.4.1 Security Policy Elements
5.4.2 Standards
5.4.3 Directives and Procedures
5.4.4 Risk Management
5.4.5 Selection of Safeguards
5.4.5.1 Physical and Environmental Measures
5.4.5.2 Organisational and Personnel Measures
5.4.5.3 IT Specific Measures
5.4.6 Implementation Aspects of IT Security
5.4.6.1 Awareness and Training
5.4.6.2 Trustworthiness and Assurance
5.4.6.3 Accreditation of TTP Certification Bodies
5.4.7 Operational Aspects of IT Security
5.4.7.1 Audit/Assessment
5.4.7.2 Incident Handling
5.4.7.3 Contingency Planning
5.5 Quality of Service
5.6 Ethics
5.7 Fees
6 Interworking
6.1 TTP-Users
6.2 User-User
6.3 TTP-TTP
6.4 TTP-Law Enforcement Agency
7 Major Categories of TTP Services
7.1 Time Stamping Service
7.1.1 Time Stamping Authority
7.2 Non-repudiation Services
7.3 Key Management Services
7.3.1 Key Generation Service
7.3.2 Key Registration Service
7.3.3 Key Certification Service
7.3.4 Key Distribution Service
7.3.5 Key Installation Service
7.3.6 Key Storage Service
7.3.7 Key Derivation Service
7.3.8 Key Archiving Service
7.3.9 Key Revocation Service
7.3.10 Key Destruction Service
7.4 Certificate Management Services
7.4.1 Public Key Certificate Service
7.4.2 Privilege Attribute Service
7.4.3 On-line Authentication Service Based on Certificates
7.4.4 Revocation of Certificates Service
7.5 Electronic Notary Public Services
7.5.1 Evidence Generation Service
7.5.2 Evidence Storage Service
7.5.3 Arbitration Service
7.5.4 Notary Authority
7.6 Electronic Digital Archiving Service
7.7 Other Services
7.7.1 Directory Service
7.7.2 Identification and Authentication Service
7.7.2.1 On-line Authentication Service
7.7.2.2 Off-line Authentication Service
7.7.2.3 In-line Authentication Service
7.7.3 In-line Translation Service
7.7.4 Recovery Services
7.7.4.1 Key Recovery Services
7.7.4.2 Data Recovery Services
7.7.5 Personalisation Service
7.7.6 Access Control Service
7.7.7 Incident Reporting and Alert Management Service
Annex A Security Requirements for Management of TTPs
Annex B Aspects of CA management
B.1 Example of Registration Process Procedures
B.2 An example of requirements for Certification Authorities
B.3 Certification Policy and Certification Practice Statement (CPS)
Annex C Bibliography