CWA 14355:2004

Guidelines for the implementation of Secure Signature-Creation Devices CWA 14355:2004

Scope

Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community
framework for electronic signatures [Dir.1999/93/EC] – referred to as “the Directive” in the remainder of this
document – specifies requirements for secure signature-creation devices (SSCDs) in its Annex III.
CWA 14169 clarifies these SSCD security requirements as Protection Profiles that follow the provisions of
the Common Criteria (CC) [SSCD PP]. A technology neutral approach has been followed by these PPs.
The present document gives guidance on the implementation of [SSCD PP] for specific platforms (e.g. smart
cards, personal data assistants, mobile phones, or PCs) and the operation in specific environments (e.g.
public terminals or secured environments).
The document is intended both for vendors preparing to write a Security Target (ST) conforming to the SSCD
PP as well as for users with a need to understand the capabilities of different technical solutions for fulfilling
the SSCD PP.
A further objective of the document is to compare [SSCD PP] to similar PPs or other well established
evaluation standards. This shall assist implementers and ST writers in identifying roads of how to develop
products that meet other standards in addition to the SSCD PPs and thus shall assist in avoiding duplicate
evaluation processes.
The document limits its scope to electronic signatures based on asymmetric cryptography, i.e. to digital
signatures based on private key – public key pairs.