TryTRY
BuyBUY
  • newsletter
  • contact
  • corporate
  • careers
Utimaco
TRYour free HSM simulator
BUYget a quote
  • home
  • solutions
  • products
  • services
  • blog
  • downloads
  • partners
  • company

Utimaco Portal

Here you will find everything you need as a partner and customerLogin required

  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research

Home / Blogs / Local vs. remote signing and sealing according to eIDAS

Local vs. remote signing and sealing according to eIDAS

November 09, 2020

One of the eIDAS objectives is the creation of a European market for electronic trust services with the same legal status and validity as paper-based processes – consistently applied across all member states. Two of these trust services we would like to highlight in this blog post are qualified / advanced electronic signatures and seals.

How to ensure trust, transparency and integrity of documents and transactions based on (qualified) electronic signatures & seals

Qualified electronic signatures and seals can be generated and applied locally, or remotely with a trust service provider creating the signature or seal on behalf of the signatory, i.e. the individual/company who signs/seals.

Digitization has created an exponential increase in electronic business transactions and online services, requiring strong security for every aspect of a transaction. Citizens, companies and government bodies all take benefit from the eIDAS regulation: less administrative burden due to more efficient processes, support for innovative digital services moving away from paper processes and a better user experience all along the line.

eIDAS benefits for citizens, companies and governments

Introducing the qualified electronic seal under eIDAS

Since electronic signatures can only be created by individuals (natural persons), not companies or organizations, eIDAS introduced the concept of qualified electronic seals. These are created by legal entities to proof the origin and integrity of data and documents issued by them. The sealing requirements and processes are – other than that – very similar to what the paragraph about signing states here below.

The difference between qualified and advanced signatures (or seals)

  • An “electronic signature” is any digital form of a signature, e.g. simply the scan or picture of a handwritten signature. It is rather easy to forge or apply/replicate without the signatory’s consent.
  • An “advanced electronic signature” is a signature that meets the requirement set forward by the eIDAS regulation, e.g. that only the signatory is able to create it.
  • The most secure form is the “qualified electronic signature” which in addition is based on a qualified certificate and requires a QSCD for its creation.

Local signing versus remote signature creation (server signing)

New call-to-actionThe eIDAS regulation introduces the concept of remote signing / server signing as opposed to local signing. While local signing uses cryptographic keys stored on the user’s device to create a signature, server signing relies on a trust service provider (TSP) to remotely generate and manage the signing keys on the signatory’s behalf. This eases the burden for users to securely manage their own keys and transfers this responsibility to an expert in the field.

Under eIDAS, Qualified Signature or Seal Creation Devices (QSCD) are required for issuing qualified certificates and for using qualified certificates, i.e. for the generation of electronic signatures and seals. In the case of server signing, a so-called Signature Activation Module (SAM) is part of the QSCD. It must be Common Criteria (CC) certified based on the eIDAS Protection Profile (PP) EN 419 241-2 “QSCD for Server Signing” to meet the requirements of such a QSCD.

The SAM in turn must interact with a Hardware Security Module that is CC-certified based on the eIDAS PP EN 419 221-5 “Cryptographic Module for Trust Services”.

 

eIDAS SAM HSM  infographic

Source: Utimaco, based on the ETSI standard EN 419 241 and related PPs

In the past, no common certification framework existed, and alternative certification processes and test methods have been applied. With the eIDAS Protection Profiles EN 419 221-5 now available, this changes.

The Utimaco CryptoServer CP5 Hardware Security Module (HSM) has been certified according to this eIDAS Protection Profile EN 419 221-5 “Cryptographic Module for Trust Services”. Equipped with the certification, it creates the most flexible basis for developments of a SAM according to EN 419 241-2.

For evaluation and integration testing, please get in touch at hsm@utimaco.com to get access to the Utimaco eIDAS Hardware Security Module Simulator.

New call-to-action

This blog was first published on August 22, 2018

References

  • REGULATION (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (2014) by the European Parliament and the European Commission
  • REGULATION (EU) No 1316/2013 establishing the Connecting Europe Facility, amending Regulation (EU) No 913/2010 and repealing Regulations (EC) No 680/2007 and (EC) No 67/2010(12/2013), by the European Parliament and the European Council
Back to overview

Stay on top of our news
Don’t miss out on any Utimaco updates

Subscribe to Utimaco Newsletter

We will keep you posted with news from Utimaco and the industries we protect, as well as information on upcoming events and webinars.

Subscribe now

Partners

E-Sign S.A. Cryptomathic Inc. Softline Solutions GmbH Synergy Computers (Pvt.) Ltd. - Utimaco Hardware Security Modules Partner Safesoft Kft. Telegrupp AS JJNet International Co., Limited - Utimaco Hardware Security Modules Partner Utimaco HSM - InfoGuard Swiss Cyber Security Secure Source Distribution (M) Sdn Bhd - Utimaco Hardware Security Modules Partner Rohde & Schwarz Cybersecurity GmbH Real security d.o.o. Primekey Solutions AB Nexus - Utimaco Hardware Security Modules Partner EUROPEAN DYNAMICS SA. Cogito Group Pty Ltd ESYSCO Sp. z o.o. MALKOM D.Malińska i Wspólnicy s.j. VAR Group SpA - Utimaco Hardware Security Modules Partner Thomas-Krenn.AG Perceptus-sp.-z-o.-o. Utimaco HSM - PTESA_profesionales en transacciones electronicas Utimaco HSM - QuintessenceLabs Abrantix AG Astel (UK) Ltd. - Utimaco Hardware Security Modules Partner CREA plus d.o.o. Cryptomathic A/S Cryptomathic GmbH Clearkey Consulting - Utimaco Hardware Security Modules Partner Altacom UAB AKEA S.A. - Utimaco Hardware Security Modules Partner Versasec Nexus - Utimaco Hardware Security Modules Partner CEGA Security Ascertia - Utimaco Hardware Security Modules Partner cv cryptovision GmbH Skytech Computing Solutions Limited. - Utimaco Hardware Security Modules Partner Nexus Technology GmbH Encryption Consulting LLC Baas Control s.r.o. CewTec S.A. Envoy Data Corporation - Utimaco Hardware Security Modules Partner PETA (Thailand) Co., Ltd. Microexpert Limited Compumatica secure networks GmbH Compumatica secure networks B.V. PKI Solutions Inc. Throughwave (Thailand) Co.,Ltd - Utimaco Hardware Security Modules Partner PrimeKey Labs GmbH IQuantics Corp Fornetix - Utimaco Hardware Security Modules Partner CertiSur S.A. intarsys AG Fortiedge Pte Ltd. SecureMetric Technology Sdn. Bhd. MIcrosec MTG - Utimaco Hardware Security Modules Partner Cyber Armor Pte Ltd CREAplus Italia S.r.l Komar Consulting Inc. - Utimaco Hardware Security Modules Partner Macroseguridad
Find a partner

Share this page

EMEA

Utimaco IS GmbH
Germanusstraße 4
52080 Aachen
Germany
Phone: + 49 241 1696 200

Americas

Utimaco Inc.
900 E Hamilton Ave., Suite 400
Campbell, CA 95008
USA
Phone: +1 844 UTIMACO

APAC

Utimaco IS Pte Limited
80 Raffles Place,
#32-01, UOB Plaza
Singapore 048624
Phone: +65 6622 5347

Utimaco

  • support
  • corporate
  • careers
  • legal
  • terms & conditions
  • privacy
  • cookie-policy
© 2021
to top
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research