What is a Secure Signature Creation Device (SSCD)?

As defined by Regulation (EU) No 910/2014 (eIDAS), which took effect on 1 July 2016, an electronic signature creation device is software or hardware that has been configured to generate an electronic signature. However, for such a device to be considered a Secure Signature Creation Device (SSCD), it must meet the specifications that are stipulated in Annex II of eIDAS.

There are two main approaches to providing SSCDs:

1. Local SSCDs may include smart cards or USB tokens that must remain under the control of the signatory. There are advantages and disadvantages to using these types of SSCDs. They are portable, yet may present a problem if their specific hardware driver is not available on the platform the device is used from. A smart card reader is required to use a smart card, which not all electronic devices possess. A USB token can be read from almost any USB drive. Another consideration with a local SSCD is the risk of losing that device.

2. A remote SSCD is a software solution that is operated from a centralized signature server, such as Cryptomathic Signer. One of the biggest benefits of using a remote solution is that it can be run from almost anywhere there is a connection to the Internet regardless of the user’s device, provided that strong authentication is available. Remote signing can be seamlessly integrated with user-side mobile devices, web browsers or client PC applications. Instead of supplying a private signing key on a smart card or USB token, the key is generated and stored centrally while remaining under the sole control of its signatory. As there is no dedicated signing hardware needed on the user-side, central signing is cost effective for large scale deployments.

⇐ Back to all FAQs