NBU - Short and annotations

Shorts:

SSCD – Secure Signature Creation Device
SCVA - Signature Creation & Verification Application
SCA   - Signature Creation Application
SVA  - Signature Verification Application

HSM – Hardware Security Module
SW TWS - Software for Trustworthy System

A- SCVA – Signature Creation & Verification Application (automatic mode)
A- SCA - Signature Creation Application (automatic mode)
A- SVA - Signature Verification Application (automatic mode)

Annotations:

SSCD can be divided in two categories from point of view of their use:

·     Single-purpose SSCDs can be used only for QES creation and must not be used for key and data saving for different use than is QES creation. Basic common attribute of these devices is that by entering one password, they make operations with all keys accessible. It is caused by the fact that they do not allow setting a separate password for use of the key intended for QES creation and the other password for keys intended for different use.

·     Multi-purpose SSCDs contain separate application for QES, for example SigG, which includes separate access setting independent from the other applications being located on SSCD. The user`s application for QES communicates with SSCD application for QES either directly  through APDU commands or through certified PKC#11 interface that sends APDU commands directly to SSCD via chosen communication channel. 

SCVA, SCA, SVA applications can create and/or verify 4 types of Qualified Electronic Signatures:

•  CMS Signature
      CAdES                       CMS Advanced Electronic Signature according to ETSI
      PAdES                        PDF Advanced Electronic Signature according to ETSI
•  XML Signature
      XAdES                       XML Advanced Electronic Signatures according to ETSI
      XAdES_ZEP               according to Ditec standard
  
  • XAdES_ZEP v1.0
  • XAdES_ZEP v1.1
  • Formát zloženého podpisu v1.0
  • Formát zloženého podpisu v1.1

AdES (Advanced Electronic Signature) in accordance with Slovak legislation can be extended to the following types:

• EPES          with Explicit Policy Electronic Signature
• T                with signature Timestamp
• C-X            signature with Complete and eXtended validation data
• A               signature with Archive validation data

     Integrity signature is intended for a signature chaining for long- term archiving of files. To prevent the attacts in case the hash algorithm of the signed document is compromised, it is necessary to close the signature itself and the document being signed with Integrity signature. Integrity signature is verified by currently valid signer`s (not expired) certificate that is in the certification path towards currently trusted root certificate. Format XAdES_ZEP is an equivalent of the Integrity Signuture defined in the NSA standard Qualified Electronic Signature Formats.