Cryptomathic Blog

Cryptomathic’s Signer is the only qualified (electronic) signature creation device (QSCD) that is certified under the SO-GIS agreement using the Common Criteria Recognition Arrangement (CCRA). Its security target conforms to the certified protection profile EN 419 241-2.

In this article, we will discuss the Certificate Authority (CA) in the context of eIDAS and what is required of this entity in ensuring the integrity of qualified electronic signatures.

The eIDAS regulation provides both the technical and legal framework for electronic identification and digital signatures that the banking sector needs to fully digitalize its processes and go paperless.

This article looks at 3 alternative deployment options for remote signing, catering for 3 different business models. The choice of the option will depend on the financial institution’s specific situation and strategic goals. This article gives guidance.

EU Regulation No 910/2014 (eIDAS) addresses the creation of remote electronic signatures using electronic signature creation data that is managed remotely by a third-party trust service provider (TSP) working on behalf of the signee.

Under eIDAS, a qualified electronic signature creation device (QSCD) must be certified and approved to be used for generating qualified electronic signatures (QES). Cryptomathic’s Signer is the only QSCD that is certified under the SOG-IS agreement using the Common Criteria Recognition Arrangement (CCRA).

The intent of eIDAS is to create a portfolio of technical and legal standards that enhance the security, legal validity and acceptance of electronic transactions that are used to conduct business online or to conduct official business across EU member state borders.

If SMEs are the backbone of an economy, professional service providers are the ones who grease the cogs of that machinery. Notaries, accountants, insurance agents, consultants etc. provide value added services that are indispensable to the operations of a business in the 21st century. We touched upon how eIDAS can be leveraged for professional service providers in a previous article here.

More than a decade ago, Cryptomathic and LuxTrust, then a newly formed trust service provider (TSP), decided to invest in the development of cloud-based electronic signing technology, in anticipation of future demand from Luxembourg’s digital ecosystem. At the time local signing devices, in the form of smart cards and USB tokens, were dominant and the only widely available means of establishing the highest level of electronic signing assurance.