Ensuring that the integrity of an e-signature remains intact is crucial to protecting its attached messages or documents. This article will explain three types of e-signature validation attacks and how they can be avoided by adopting the standards for e-signatures under eIDAS.

In Part 1 of our article, we briefly summarised the challenges faced in the uptake of eIDAS services for SMEs. A recent study conducted for the European Commission found that awareness and lack of resources were the main barriers. Efforts to highlight the benefits of eIDAS services through real-life case studies was also found to be lacking. In order to address these barriers to adoption, certain recommendations were made which are summarised below.

SMEs continue to be a key focus area for the European agencies to fuel growth and enhance economic freedom for its citizens. Various policy tools and initiatives have been designed with an aim to level the playing field and make it easier for SMEs to compete with the big conglomerates using their limited resources. These tools may be termed as force multipliers and they are made possible through a combination of policy decisions and technological advancements.

The world is slowly but surely moving away from its centuries-old obsession with paper. With the very real threat of man-made climate change, it is a welcome sign that the world is moving towards electronic means for recording and communicating information which is reducing the pressure on our forests. In addition to the trees saved, this also reduces the carbon impact of having to physically ship those documents around – usually via the least carbon-efficient modes like airplanes.

When it comes to digital certificates and signatures, the most obvious applications that pop into our heads are surrounding financial transactions or other such services where formal and legally binding contracts have to be signed. However, the benefits that qualified electronic signatures/ seals provide under EU law are not at all restricted to only such digital service providers. Today, we explore a significantly different environment, but one that faces the same challenges regarding security and trust.

The broader financial services industry – including banks, credit card companies, FinTech service providers, tech companies offering digital wallets etc – are today at the frontlines in the fight against cybercrime. Because these companies are involved in moving large sums of money around each day, they become obvious targets for criminal elements.

New technical standard to harmonise the requirements for the quality of Qualified Electronic Signatures

The EU standard (EN 419241-2) has just been published and will be used to evaluate quality and compliance with the legislation of the entities used in the activation of remote electronic signatures. This is the first of its kind in Europe and is targeted at the Qualified Trust Service Providers who deliver and store European electronic signatures. Cryptomathic has participated in the development of the standard and has thus ensured influence on the requirements.

More than a decade ago, Cryptomathic and LuxTrust, then a newly formed trust service provider (TSP), decided to invest in the development of cloud-based electronic signing technology, in anticipation of future demand from Luxembourg’s digital ecosystem. At the time local signing devices, in the form of smart cards and USB tokens, were dominant and the only widely available means of establishing the highest level of electronic signing assurance.