ANF AC´s Public Key Infrastructure (PKI)
CERTIFICATION AUTHORITYElectronic Certification Services Provider
The Certification Authority (CA) is a trustworthy entity responsible for providing electronic certification services. In particular, it assumes responsibility for:
- Electronic certificates issuance.
- Publish and facilitate access to the validity status of certificates.
- Guarantee the identity of certificate holders.
- Ensure the accuracy of the information included in the certificates.
- Revoke certificates whenever the security of the system has been under risk.
- Manage the Public Key Infrastructure in accordance with the legal and technical regulations in force.
The PKI of ANF AC has been designed following international recommendations and standards:
- IETF RFC 5280 (Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List Profile) updated by 6818.
- ETSI TS 101 456 (Policy requirements for certification authorities issuing qualified certificates).
- CA / Browser Forum. Baseline requirements for the issuance and management of public trust certificates.
- CA / Browser Forum. Guidelines for the Issuance and Management of Extended Validation Certificates.
In process of adaptation to Regulation (EU) 910/2014 of the European Parliament and of the Council, of July 23rd, 2014, on electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation)
According to the legislation of each country, certification authorities receive different denominations e.g.: Trust Services Provider (EU), Information Certification Entity and Related Services (Ecuador) or Digital Certification Services Provider (Peru). Regardless of the denomination agreed in each country, the functions in the provision of these services is common to all of them, having as a basic guide the UNCITRAL Model Law on electronic signatures (UNCITRAL is the main legal body of the United Nations).
Another essential element, common in all international legislation, is to consider the identity outlined in the electronic certificate as legal evidence, and the electronic signatures prepared with these certificates have, regarding the data recorded in electronic form, the same legal value that the handwritten signature in relation to those recorded on paper.
ANF AC was the first Spanish certification authority to be officially accredited in 2000, since then has been in possession of the technology to issue recognized electronic certificates, advanced electronic signatures, digital time stamps and online verification of the status of certificates.
ANF AC is officially accredited to operate in all EU member countries, and third parties in Latam. In accordance with current legislation, it is officially registered in the TSL of the Government of Spain. In all EU member countries, the common legal framework of reference is Regulation (EU) 910/2014 of the European Parliament and of the Council, of July 23rd, 2014, on electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation) in force since last July 1st. In Spain, the basic standard is the Law 59/2003 of December 19st on electronic signature.