/Logo%202023.svg "Logo 2023"){kind=small}
/Group.svg "Group"){kind=small}
Guillaume Forget
When deploying digital signatures to fully digitalize business processes, large organization such as banks must comply with the technical and legal guidelines of the country in which they operate. Complying with standards of various jurisdictions can prove difficult when the signature solution must be made available on both a global and a local level. Cryptomathic’s eIDAS certified QSCD solution, Signer, provides the required functionality for Multi-Tenancy, Multi-Policy, and Multi-IdP support - enabling flexible electronic signatures that delivers the level of granularity that such large organizations require.
Multi-Tenant Use
Cryptomathic’s Signer is multi-tenant capable and provides a strong logical split between tenants. This makes it ideal for the banking and finance industry where clients are often booked via booking centers.
Larger organizations may have several booking centers on the same instance / technology stack and need to ensure that tenant A cannot see what tenant B does and vice versa. This “Chinese” wall between tenants also allows TSPs (trust service providers) to offer direct integration with multiple clients who cannot see what each other does. By doing so, a business can leverage one QSCD instance with multiple clients/tenants without impeding security or SLA requirements.
Multi-Policy Use
Cryptomathic’s Signer technology provides multi-policy support to deliver electronic signatures using different policies, should it be for different jurisdictions or different assurance levels within the same jurisdiction.
For example, one policy could be for qualified electronic signatures (QES), another one for advanced electronic signature (AdES) as per the EU’s eIDAS regulation. Other policies include QES and AdES, according to ZertES, the Swiss Federal law on electronic signatures.
In our Selected Signing Service offered in partnership with Swisscom we also offer support for secure electronic signatures under the Singapore Electronic Transaction Act (SG ETA), and more.
This enables global banks to introduce signature services throughout the organization with a single technology platform / API.
Multi-IdP Use
Finally, Cryptomathic’s eIDAS technology is also suited for Multi-IdP use. An Identity Provider (IdP) typically acts as a single sign-on solution to provide users with their credentials and assert that the user has been strongly authenticated. When they represent a substantial authentication level, such assertions can be used to activate the signature key in Signer in compliance with the European Norm 419 241-1 (to digitally sign at a qualified level). In Signer it is possible to support multiple IdPs simultaneously if they have been entrusted before, thus allowing for great flexibility. The current version supports:
- Security assertion markup language (SAML assertion)
- SMS-based OTP using Authenticator for easy user enrollment
- Other methods, including Open ID Connect using so-called JWT tokens.
Contact us for free consultancy on implementing a global e-signature service.
References
- Selected articles on eIDAS (2014-today), by Gaurav Sharma, Guillaume Forget, Jan Kjaersgaard, Dawn M. Turner, and more
- CEN/TC 224 - Trustworthy Systems Supporting Server Signing Part 2: Protection Profile for QSCD for Server Signing (05.2018), by AFNOR
- Conformity assessment of Trust Service Providers - Technical guidelines on trust services (2017), by the European Agency for Cyber Security
- Mutual Recognition Agreement of Information Technology Security Evaluation Certificates, VERSION 3.0 (Jan, 2010), SOG-IS
- Trustworthy Systems Supporting Server Signing Part 2: Protection
Profile for QSCD for Server Signing (2019) by CEN/TC 224 - About The Common Criteria (retrieved October 2020), by Common Criteria
- Benefits of the eIDAS Toolbox – Case Studies from Various Industries (Part 1) (2018), by Gaurav Sharma
- Benefits of the eIDAS Toolbox – Case Studies from Various Industries (Part 2) (2018), by Gaurav Sharma
- Digital Trade and Trade Financing - Embracing and Shaping the Transformation (2018), by SWIFT & OPUS Advisory Services International Inc
- REGULATION (EU) No 1316/2013 establishing the Connecting Europe Facility, amending Regulation (EU) No 913/2010 and repealing Regulations (EC) No 680/2007 and (EC) No 67/2010(12/2013), by the European Parliament and the European Council
- The European Interoperability Framework - Implementation Strategy (2017), by the European Commission