3.1 General legal requirements
Klaus Stranacher et al.
The concept of trusted and reliable public sector data bases on electronic signatures. The legal basis for electronic signatures is formed by the Directive 1999 / 93 / EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures( European Union, 1999). In addition, the national regulatory authorities are responsible for implementation of the Signature Directive on the national level. Therefore, following general legal requirements are defined:
• Advanced Electronic Signatures: Such a signature defines, among other things, that the signature is“ uniquely linked to the signatory” and“ is capable of identifying the signatory”. There a redactable signature scheme must satisfy the requirements of an advanced electronic signature as defined by European Union( 1999). This is a prerequisite for accountability and to identify the original signer.
• Qualified Electronic Signature: In addition to the requirements for advanced electronic signatures a qualified signature requires to base on a qualified certificate and must be created using a secure signature creation device. These additional requirements are not necessarily needed for the public sector data use cases. Nevertheless a redactable signature scheme may, optionally, meet also the requirements for qualified electronic signatures as defined by European Union( 1999).
• Accountability: In case of a dispute the signatory must be able to prove that certain modifications have been done by a certain redactor. Accountability can be achieved by technical means( see also technical requirements below).
3.2 General organisational requirements
Beside legal requirements, there exist also some general requirements on organisational level. These requirements concern mainly the role of the redactors and the signatory, i. e. the party, which holds the public sector data. So, following general organisational requirements are defined:
• Definition and Revocation of Redactors: Designated redactors should be easily definable by using existing systems( to avoid additional investments) and the signatory should also have the opportunity to revoke redactors.
• Non‐Disclosure Agreement: Designated redactors must sign an appropriate confidentiality agreement. In particular regarding the data protection as redactors usually have access to private and personal data, which is governed by data protection regulations.
• Responsibilities: Responsibilities must be clearly defined both by the signatory and the redactors( e. g. who is allowed to sign / redact, who is responsible in case of a dispute).
• Service Level Agreement / Security Compliance: Redactors must ensure to redact data within an appropriate time frame( especially for real time data). In addition, redactors must be compliant to current security regulations as they operate on private and personal data.
3.3 Technical requirements
On a technical level there exists also some requirements, which are tightly bound the particular redactable signature schemes. Therefore, we have defined following technical requirements:
• Designated Redactors: Designated redactors must be able to be specified by the redactable signature scheme. That means that the signatory must be able to determine who is allowed to modify the signed data. Persons except the signatory and the designated redactors must not be able to redact data without breaking the originally signature applied. Any change of the data by unauthorized persons must be recognizable.
• Privacy: The redactable data as well as the original signature must not allow revealing the redacted message blocks.
• Designated Parts: The signatory must be able to specify which data blocks may be modified. Editing unauthorized data must be recognized and must lead to an invalid signature.
• Accountability: See definition in legal requirements.
• Applicability: The scheme must be applicable on structured data such as XML( W3C Recommendation, 2008).
510