eIDAS-Qualified Remote Signing: Exploring EN 419 241-2 Certified Qualified Signature Creation Devices 

EU Regulation No 910/2014 (eIDAS) addresses the creation of remote electronic signatures using electronic signature creation data that is managed remotely by a third-party trust service provider (TSP) working on behalf of the signee.

Read more

IBM's z15 Mainframe - Security, Resilience and Secure Key Management for Financial Service Platforms

Banks continue to feel the profound transformational effects that digital technologies have on their business. This can be seen in the creation and acceleration of new business activities, models, competencies, and processes. Like many other businesses, banks and other financial institutions must also embrace this digital transformation to remain competitive among their peers and to continue to grow. Adopting agile processes and new technologies will enable them to deliver services and experiences that their customers demand or do not even know that they need just yet.

Read more

Cryptomathic’s Signer Builds on the Only QSCD Certified under SOG-IS

Under eIDAS, a qualified electronic signature creation device (QSCD) must be certified and approved to be used for generating qualified electronic signatures (QES). Cryptomathic’s Signer is the only QSCD that is certified under the SOG-IS agreement using the Common Criteria Recognition Arrangement (CCRA). Its security target is written in strict conformance with EN 419 241-2: Trustworthy Systems Supporting Server Signing Part 2, Protection Profile for QSCD for Server Signing, CEN April 2019.

Read more

Building Security Systems for the Internet of Things and Crypto Agility

There is no silver bullet when it comes to securing “the” Internet of Things, instead, a careful analysis of the individual application is needed. In this article we explore a methodical, yet pragmatic approach to securing IOT devices.

Read more

BYOK: a Solution for EBA’s New ICT and Security Risk Management Guidelines

The European Banking Authority's (EBA’s) new ICT and Security Risk Management Guidelines provide guidance for cybersecurity requirements for financial institutions and third-party partners.

Read more

Crypto Service Gateway: Enabling Crypto-Agility with the CSG Policy Engine

The business world today is built on the pervasive use of cryptography, to authenticate people and processes, to secure communications, and to protect sensitive data.

Read more

Benefits of eIDAS Qualified Signature Creation Devices and Why Cryptomathic Signer has the Strongest Security Credentials

The intent of eIDAS is to create a portfolio of technical and legal standards that enhance the security, legal validity and acceptance of electronic transactions that are used to conduct business online or to conduct official business across EU member state borders. The use of qualified electronic signatures is one such standard, which requires the use of a Qualified Signature Creation Device (QSCD).

Here is an explanation of the benefits of QSCDs and why Cryptomathic Signer has the strongest security credentials for use with these devices.

Read more

Open Banking - Success through Agile Alignment of Security Infrastructure, Strategy and Technology

Open banking can offer opportunities for retail banks that are faced with competition from newcomers to the banking and finance industry. For those unfamiliar with what open banking is, it can be best defined as “the use of open APIs that enable third-party developers (FinTech or non-banking service providers) to provide applications and services around the financial institution.” These services may be located between the customer and the bank, or placed in the bank’s bank-end.

Read more

What Do Companies Perceive as the Most Important Encryption Features?

The need for certain encryption technology features can vary from company to company, depending on their individual needs for securing their data. The recent Ponemon Institute survey, Global Encryption Trends Study, showed that some encryption features are considered more essential than others when considering an encryption solution, especially for strong key management purposes.

Read more