European Citizen’s Initiative – How eIDAS is Enabling Participative Democracy in the EU

The last few decades have seen more countries adopt a democratic form of government than ever before in history. For the most part though, citizens do not directly participate in day-to-day governance but rather elect representatives like Members of Parliament or Senators to do that in their stead. These MPs decide on the issues that are most relevant to society and then these issues are debated on and legislation may follow.

Read more

The private life of private keys

A private cryptographic key is an extremely sensitive piece of information, and requires a whole set of special security measures to protect it. This article outlines some problems with key management relating to the life cycle of private cryptographic keys. There are many types of cryptographic keys; each type has own inherent challenges. Here, we outline some of the challenges we meet when managing the life cycle of asymmetric cryptographic keys and pairs.

Read more

eIDAS and the eHealth Governance Initiative

The European healthcare market is currently worth over USD 2 trillion. This figure is only expected to rise further as populations age, not only in the EU but in countries around the world. The cost of healthcare varies greatly and has even given rise to a new industry – medical tourism. Even within the EU, healthcare standards and costs vary greatly. While some of the factors that make healthcare more expensive (like the number of skilled practitioners or wages) cannot be changed overnight, there are certain other inefficiencies which can be removed.

Read more

The eIDAS-compliant Printout of a Digitally Signed Document

This article describes a model that could enable an electronically signed document to be printed out and used as an original in legal proceedings, in compliance with the eIDAS regulation.

Read more

Introducing a PCI DSS compliant Key Management System to a Bank

A key management system is a critical component in achieving PCI DSS compliance for a banking institution. It involves implementing a crypto system that manages the secure creation, exchange, distribution, storage and use of cryptographic keys for the ultimate goal of protecting users’ or clients’ sensitive data.

Read more

The PSD2 - Directive and Distributed Authentication

PSD2 breaks up the ways in which banks do their business, by forcing them to open up their APIs. By doing so, PSD2 challenges the way in which data was traditionally secured in banks.

Read more

Exploring eIDAS - The Key Principles for Trust Services

The eIDAS Regulation creates a pan European market for electronic Trust Services (eTS). This includes things like electronic signatures and seals, electronic service delivery, website authentication and time stamps. The major thrust of the Regulation is towards ensuring that these mechanisms, when used, get the same legal status as conventional paper-based alternatives - across borders, throughout the EU.

Read more

Cryptographic Key Management - the Risks and Mitigation

With the increasing dependence on cryptography to protect digital assets and communications, the ever-present vulnerabilities in modern computing systems, and the growing sophistication of cyber attacks, it has never been more important, nor more challenging, to keep your cryptographic keys safe and secure. A single compromised key could lead to a massive data breach with the consequential reputational damage, punitive regulatory fines and loss of investor and customer confidence.

Read more

eIDAS: Qualified Certificates supporting PSD2

The Payment Service Directive 2 (PSD2) allows non-banks to provide payment services which before were reserved for banks only. The market of services initiating a payment transaction or getting information about account balance will grow, and will also be open for new business models and technologies. The Directive and its implementation standards require all transactions to be handled through secure channels and all data shall be protected regarding authenticity and integrity.

Read more