1 min read

Cryptomathic Signer Achieves Early Common Criteria Certification

Cryptomathic Signer Achieves Early Common Criteria Certification

Unique combination of eIDAS QSCD Common Criteria certification and ‘What You See Is What You Sign’ functionality creates ultimate assurance level for non-repudiable remote electronic signatures.

Remote electronic signature specialist, Cryptomathic, today announces that its popular e-signature solution, Signer, has been recognized as providing the highest possible level of security following its Common Criteria certification to the new eIDAS protection profile 419 241-2 for remote Qualified Electronic Signatures.

Signer’s Common Criteria certification significantly raises the bar. Not only does Signer join an elite few remote Qualified Signature Creation Devices (QSCDs) to be certified against the new eIDAS protection profile, it is the first solution to place the Signature Activation Module (SAM) inside the Hardware Security Module (HSM). This means the signing payload can only be executed from inside the protected cryptographic environment, making it significantly more resistant to attack, including from insiders. Signer also offers What You See Is What You Sign (WYSIWYS) functionality, which provides strong non-repudiation and addresses long term validation signature profiles for XML or PDF documents. The combination of these factors elevates Signer to a high-assurance level that is unmatched anywhere else in the e-signature industry.

“Common Criteria certification to this new protection profile is widely expected to become a mandatory requirement under the terms of the eIDAS regulation, so we’re delighted to be this far ahead of the game,” comments Guillaume Forget, Managing Director, Cryptomathic GmbH. “The governments, banks and other entities that use Signer rely on Cryptomathic to provide the highest possible assurance level in its remote qualified e-signature services. To meet these expectations, we have set up and enforced secure development environment and procedures that meet the highest levels within Common Criteria. Cryptomathic has demonstrated the ability to document and meet security properties, again, at the highest level. The certification has shown that our development team in Denmark is in full control of all tools and processes related to the complete product life cycle. It’s a terrific achievement and cements our position at the bleeding edge of high security software.”

Cryptomathic is an industry leader in e-signature technology and assists multiple trust services providers and banks to enable their customers to electronically sign documents and transactions at the highest assurance level.


Download white paper