eIDAS: Qualified Electronic Seals for the Internet of Everything

by Gaurav Sharma (guest) on 21. March 2019

When it comes to digital certificates and signatures, the most obvious applications that pop into our heads are surrounding financial transactions or other such services where formal and legally binding contracts have to be signed. However, the benefits that qualified electronic signatures/ seals provide under EU law are not at all restricted to only such digital service providers. Today, we explore a significantly different environment, but one that faces the same challenges regarding security and trust.

One of the fastest growing segments of the digital economy is the Internet of Things (IoT), or increasingly, the Internet of Everything (IoE) which has an even broader scope than IoT. There are several billion devices that utilize this in some way ranging from internet routers, mobile phones to smart cars, smart TVs and even utilities like power plants. Ensuring the security of all of these devices (IoT) and the data, processes and digital identities associated with them (IoE), is of paramount importance.

Safeguarding for the Internet of Everything

Just like people need to prove their digital identities before initiating a transaction, the same principles apply to the billions of connected devices and applications that our society utilizes for its day to day operations. These devices or applications must also be able to authenticate themselves before sending or receiving data or performing certain actions. Access management can then also be performed using these certificates. As per eIDAS, “an electronic seal refers to any data in an electronic form, which is attached to or logically associated with other data in electronic form, to ensure the latter’s origin and integrity”. This provides the necessary confirmation about the origin of the data (the source is verified) as well as the integrity of that data (the content has not been tampered with).

Automation and Legal Status

New Call-to-actionQualified Electronic Signatures require a natural personal to digitally sign. This meant that automation was not possible with that mechanism. However, with qualified electronic seals this automation can be achieved and certificates, timestamps and validation reports may be issued as and when required.

Legally, qualified electronic seals provide the same legal status as physical seals. An example of this might be a ticket issuing machine and as long as it adheres to the Regulatory Technical Standards mandated under EU law, member states have to accord the appropriate legal status to those tickets.

Thinking Outside the Box

The potential applications of this reach far beyond the limited uses that we see currently, and the only limitation is our imagination. For example, we are already seeing smart and self-driving cars hitting the road and concerns are being raised about their potential vulnerability to hackers. Such risks can be reduced through the use of qualified electronic seals which provide origin/ source authentication as well as ensuring integrity of the communicated message.

Another example might be commercial airliners where a team on the ground can take control of an aircraft in case the flight crew is compromised in some way and that can avoid unfortunate incidents like the 2015 Germanwings flight or potential hijackings.

As one can imagine, the highest standards of assurance will be required for such applications and that is where eIDAS compliant qualified electronic seals come into the picture.

Download white paper

References and Further Reading


Other Related Articles: # eIDAS # QES

Want to know how we can help ?

Get in touch to better understand how our solutions secure ecommerce and billions of transactions worldwide.