What is a Trustworthy system (TWS)?
A trustworthy system, referred to as TW4S (Trustworthy System for Server Signing), is designed to securely create digital signatures under the control of a signer, whether a natural person or a legal entity. The standard defines assurance levels for sole control of signing keys, distinguishing between low confidence (SCAL1) and high confidence (SCAL2) scenarios. SCAL2 involves using cryptographic measures enforced by a Security Application Module (SAM) to ensure the sole control of the signing keys.
Batch server signing is a functionality where multiple documents can be signed without individual inspection or approval. The decision to allow batch signing depends on legal and regulatory considerations, with the TW4S recommended to have configurable profiles for batch signing.
Regarding the signing key and cryptographic module, the standard recommends using tamper-resistant cryptographic modules (such as hardware security devices) to protect signing keys, although it allows for flexibility in key storage, including using files with additional security measures.
In summary, a trustworthy system for server signing ensures secure digital signature creation and control, with defined assurance levels and considerations for batch signing and cryptographic key protection.
Source: NEN