3 min read

eIDAS: Qualified Electronic Seals for the Internet of Everything

eIDAS: Qualified Electronic Seals for the Internet of Everything

When we think of digital certificates and signatures, the first applications that come to mind involve financial transactions or other services requiring the signing of formal, legally binding contracts. However, the benefits that qualified electronic signatures/ seals provide under EU law are not at all restricted to only such digital service providers. Today, we explore a significantly different environment facing the same security and trust challenges.

One of the fastest-growing segments of the digital economy is the Internet of Things (IoT), or increasingly, the Internet of Everything (IoE), which has an even broader scope than IoT. Several billion devices utilize this in some way, ranging from internet routers and mobile phones to smart cars, smart TVs, and even utilities like power plants. Ensuring the security of all of these devices (IoT) and the data, processes, and digital identities associated with them (IoE), is of paramount importance.


Safeguarding for the Internet of Everything

Just like people need to prove their digital identities before initiating a transaction, the same principles apply to the billions of connected devices and applications that our society utilizes for its day-to-day operations. Additionally, these devices or applications must be able to authenticate themselves before to transmitting or receiving data or performing specific operations. Access management can then also be performed using these certificates. As per eIDAS, “an electronic seal refers to any data in an electronic form, which is attached to or logically associated with other electronic data to ensure the latter’s origin and integrity”. This provides the required certification of the data's provenance (the source is verified) as well as the integrity of that data (the content has not been tampered with).


Automation and Legal Status

New Call-to-actionQualified Electronic Signatures require natural personnel to digitally sign. This meant that automation was not possible with that mechanism. However, this automation can be achieved with qualified electronic seals, and certificates, timestamps, and validation reports may be issued as and when required.

Legally, qualified electronic seals provide the same legal status as physical seals. An example of this might be a ticket-issuing machine. As long as it adheres to the Regulatory Technical Standards mandated under EU law, member states have to accord the appropriate legal status to those tickets.


Thinking Outside the Box

The potential applications of this reach far beyond the limited uses that we see currently, and the only limitation is our imagination. For example, we are already seeing smart and self-driving cars hitting the road, and concerns about their potential vulnerability to hackers are raised. Such risks can be reduced by using qualified electronic seals, which provide origin/ source verification and assure the integrity of the communicated message.

Another example would be commercial airliners, where a team on the ground can take control of an aircraft if the flight crew has been compromised, so preventing unpleasant situations such as the 2015 Germanwings flight or potential hijackings.

As one can imagine, the highest standards of assurance will be required for such applications, and that is where eIDAS-compliant qualified electronic seals come into the picture.



Download white paper



References and Further Reading