When it comes to digital certificates and signatures, the most obvious applications that pop into our heads are surrounding financial transactions or other such services where formal and legally binding contracts have to be signed. However, the benefits that qualified electronic signatures/ seals provide under EU law are not at all restricted to only such digital service providers. Today, we explore a significantly different environment, but one that faces the same challenges regarding security and trust.
One of the fastest growing segments of the digital economy is the Internet of Things (IoT), or increasingly, the Internet of Everything (IoE) which has an even broader scope than IoT. There are several billion devices that utilize this in some way ranging from internet routers, mobile phones to smart cars, smart TVs and even utilities like power plants. Ensuring the security of all of these devices (IoT) and the data, processes and digital identities associated with them (IoE), is of paramount importance.
Safeguarding for the Internet of Everything
Just like people need to prove their digital identities before initiating a transaction, the same principles apply to the billions of connected devices and applications that our society utilizes for its day to day operations. These devices or applications must also be able to authenticate themselves before sending or receiving data or performing certain actions. Access management can then also be performed using these certificates. As per eIDAS, “an electronic seal refers to any data in an electronic form, which is attached to or logically associated with other data in electronic form, to ensure the latter’s origin and integrity”. This provides the necessary confirmation about the origin of the data (the source is verified) as well as the integrity of that data (the content has not been tampered with).
Automation and Legal Status
Qualified Electronic Signatures require a natural personal to digitally sign. This meant that automation was not possible with that mechanism. However, with qualified electronic seals this automation can be achieved and certificates, timestamps and validation reports may be issued as and when required.
Legally, qualified electronic seals provide the same legal status as physical seals. An example of this might be a ticket issuing machine and as long as it adheres to the Regulatory Technical Standards mandated under EU law, member states have to accord the appropriate legal status to those tickets.
Thinking Outside the Box
The potential applications of this reach far beyond the limited uses that we see currently, and the only limitation is our imagination. For example, we are already seeing smart and self-driving cars hitting the road and concerns are being raised about their potential vulnerability to hackers. Such risks can be reduced through the use of qualified electronic seals which provide origin/ source authentication as well as ensuring integrity of the communicated message.
Another example might be commercial airliners where a team on the ground can take control of an aircraft in case the flight crew is compromised in some way and that can avoid unfortunate incidents like the 2015 Germanwings flight or potential hijackings.
As one can imagine, the highest standards of assurance will be required for such applications and that is where eIDAS compliant qualified electronic seals come into the picture.
References and Further Reading
- Selected articles on eIDAS (2014-today), by Gaurav Sharma, Guillaume Forget, Jan Kjaersgaard, Dawn M. Turner, and more
- Benefits of the eIDAS Toolbox – Case Studies from Various Industries (Part 1) (2018), by Gaurav Sharma
- Benefits of the eIDAS Toolbox – Case Studies from Various Industries (Part 2) (2018), by Gaurav Sharma
- Digital Trade and Trade Financing - Embracing and Shaping the Transformation (2018), by SWIFT & OPUS Advisory Services International Inc
- REGULATION (EU) No 1316/2013 establishing the Connecting Europe Facility, amending Regulation (EU) No 913/2010 and repealing Regulations (EC) No 680/2007 and (EC) No 67/2010(12/2013), by the European Parliament and the European Council
- Selected articles on Electronic Signing and Digital Signatures (2014-today), by Ashiq JA, Gaurav Sharma, Guillaume Forget, Jan Kjaersgaard , Peter Landrock, Torben Pedersen, Dawn M. Turner, and more
- Selected articles on Authentication (2014-today), by Heather Walker, Luis Balbas, Guillaume Forget, Jan Kjaersgaard, Dawn M. Turner and more
- eIDAS webinar 1: Using electronic Identification, Authentication and trust Services for Business (2018), by the European Commission
- The European Interoperability Framework - Implementation Strategy (2017), by the European Commission
- Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (2016), by the European Commission
- REGULATION (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (2016), by the European Parliament and the European Council
Proposal for a REGULATION concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications), (2017), by the European Parliament and the European Council
- Revised Directive 2015/2366 on Payment Services (commonly known as PSD2) (2015), by the European Parliament and the Council of the European Union
- REGULATION (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (2014) by the European Parliament and the European Commission
DIRECTIVE 2013/37/EU amending Directive 2003/98/EC on the re-use of public sector information (2013) by the European Parliament and the Council