TryTRY
BuyBUY
  • newsletter
  • contact
  • corporate
  • careers
Utimaco
TRYour free HSM simulator
BUYget a quote
  • home
  • solutions
  • products
  • services
  • blog
  • downloads
  • partners
  • company

Utimaco Portal

Here you will find everything you need as a partner and customerLogin required

  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research

Home / Blogs / Qualified Signature Creation Devices (QSCD) under eIDAS – The example of the Bank-Verlag Signature Activation Module (SAM)

Qualified Signature Creation Devices (QSCD) under eIDAS – The example of the Bank-Verlag Signature Activation Module (SAM)

November 09, 2020

In our recent blog post series about the eIDAS regulation, we have addressed local signing and the difference with remote signing (or server signing), which relies on a Trust Service Provider (TSP) to remotely generate and manage the signing keys on the signatory’s behalf.

eIDAS requires a Qualified Signature (or Seal) Creation Devices (QSCD) for issuing and using qualified certificates for the generation of electronic signatures and seals. Today we would like to look into how the CC-certified and eIDAS-compliant Utimaco HSM integrates with the Bank-Verlag Signature Activation Module (SAM) and helps Bank-Verlag become a TSP.

Bank-Verlag and Utimaco HSMs

As a service provider for banks in Germany, Bank-Verlag has always been confronted with strict regulatory requirements. Their infrastructure and the products and services they offer to their customers, the banks, need to be highly secure and compliant with all current requirements. Hardware Security Modules (HSMs) are the cryptographic device of choice to manage the generation of qualified signatures and securely generate and store the related qualified certificates and cryptographic keys. Utimaco HSMs for this purpose are easy to implement and operate, provide all needed functionality and certifications and most importantly – work reliably to protect the crypto keys!

Listen to Alexander Eßer from Bank-Verlag speak about Bank-Verlag as a Trust Service Provider (TSP), regulatory requirements set forward by eIDAS to offer qualified signatures and the role of cryptography and Utimaco HSMs.

A Trust Service Provider offering remote signing services

New call-to-actionBank-Verlag is currently in the process of becoming a TSP. The aim, among others, is to provide end-customers with the possibility to apply qualified signatures remotely. Today, a lot of processes still involve media discontinuity, and there is no end-to-end digital processing flow. E.g. the signing of a contract often still involves printing, manually signing, then scanning and electronically sending it over for the next process step. For end-customers, remote signing means a service to apply a secure and legally valid digital signature without the need to own a card reader or other physical infrastructure on their side. Identification and authentication to remotely sign with a qualified digital signature at best involve strong customer authentication mechanisms.

The same applies to documents provided by a company, a bank e.g., which today often still requires a paper version that is signed and stamped to be valid.

The services offered by Bank-Verlag support numerous use cases, e.g. the signing or sealing of a document, one time sign (creation of qualified certificate and signing in one process step) and the PSD2-compliant certificates that Third Party Providers (TPPs) use to be able to access the bank customer’s accounts.

In detail – A look at Qualified Electronic Signatures (QES) with the Bank-Verlag QSCD

Let’s take a closer look at how a QES is applied, e.g. for a bank customer to sign a credit application form on his online banking platform. The bank customer confirms his identity by filling in the log-in form, then reviews the credit details which include an online form to sign at the end. For the signing process, the customer needs to use his/her qualified certificate, which – if not yet available – can be created directly during the signing process within the same front-end interface. The customer then needs to perform two-factor authentication (e.g. mTAN or token based on existing 2FA means available in the online banking platform) to proceed with the signing. In a banking environment, two advantages include the availability of complete customer data – which is required by the Anti-Money Laundering Directive (AML4) – and 2FA mechanisms in compliance with PSD2 already implemented for regular access to banking portals. For other companies (e.g. insurance companies), implementing these two crucial elements can be a challenge where Bank-Verlag can also help with their PSD2 compliant services.

In technical terms, this signing process requires:

  • the Utimaco CryptoServer CP5 HSM certified according to eIDAS PP EN 419 221-5 “Cryptographic Module for Trust Services”, which is equipped with
  • the Bank-Verlag SAM certified according to eIDAS Protection Profile EN 419 241-2 “QSCD for Server Signing” to enable fast, scalable & flexible registration (certificate creation) and signing,
  • the signer (e.g. bank customer) to be registered and identified,
  • his/her signing keys to have a qualified certificate attached,
  • the signer to authorize a signature or operation (via the SAM) and
  • the SAM to then activate the signing key stored in the HSM

The SAM module and integrated HSM ensure that the signer has the sole control of authorizing a signing process, initiating a transaction or an operation. All communication to the HSM goes through the SAM for authorization first, and then activation of the signing keys.

New call-to-action

Back to overview

Stay on top of our news
Don’t miss out on any Utimaco updates

Subscribe to Utimaco Newsletter

We will keep you posted with news from Utimaco and the industries we protect, as well as information on upcoming events and webinars.

Subscribe now

Partners

CREAplus Italia S.r.l Cyber Armor Pte Ltd PETA (Thailand) Co., Ltd. Envoy Data Corporation - Utimaco Hardware Security Modules Partner AKEA S.A. - Utimaco Hardware Security Modules Partner Fortiedge Pte Ltd. Nexus Technology GmbH Utimaco HSM - InfoGuard Swiss Cyber Security Baas Control s.r.o. Telegrupp AS CewTec S.A. CertiSur S.A. PrimeKey Labs GmbH Ascertia - Utimaco Hardware Security Modules Partner Nexus - Utimaco Hardware Security Modules Partner IQuantics Corp Utimaco HSM - QuintessenceLabs PKI Solutions Inc. Compumatica secure networks B.V. Safesoft Kft. Skytech Computing Solutions Limited. - Utimaco Hardware Security Modules Partner Fornetix - Utimaco Hardware Security Modules Partner Microexpert Limited Encryption Consulting LLC Cryptomathic GmbH Cryptomathic Inc. Perceptus-sp.-z-o.-o. MTG - Utimaco Hardware Security Modules Partner E-Sign S.A. Nexus - Utimaco Hardware Security Modules Partner Real security d.o.o. Komar Consulting Inc. - Utimaco Hardware Security Modules Partner Throughwave (Thailand) Co.,Ltd - Utimaco Hardware Security Modules Partner intarsys AG JJNet International Co., Limited - Utimaco Hardware Security Modules Partner Rohde & Schwarz Cybersecurity GmbH Astel (UK) Ltd. - Utimaco Hardware Security Modules Partner Softline Solutions GmbH Thomas-Krenn.AG Abrantix AG ESYSCO Sp. z o.o. CREA plus d.o.o. Clearkey Consulting - Utimaco Hardware Security Modules Partner VAR Group SpA - Utimaco Hardware Security Modules Partner MIcrosec Cogito Group Pty Ltd SecureMetric Technology Sdn. Bhd. EUROPEAN DYNAMICS SA. Primekey Solutions AB CEGA Security Cryptomathic A/S Compumatica secure networks GmbH Macroseguridad Secure Source Distribution (M) Sdn Bhd - Utimaco Hardware Security Modules Partner Versasec Synergy Computers (Pvt.) Ltd. - Utimaco Hardware Security Modules Partner Altacom UAB cv cryptovision GmbH MALKOM D.Malińska i Wspólnicy s.j. Utimaco HSM - PTESA_profesionales en transacciones electronicas
Find a partner

Share this page

EMEA

Utimaco IS GmbH
Germanusstraße 4
52080 Aachen
Germany
Phone: + 49 241 1696 200

Americas

Utimaco Inc.
900 E Hamilton Ave., Suite 400
Campbell, CA 95008
USA
Phone: +1 844 UTIMACO

APAC

Utimaco IS Pte Limited
80 Raffles Place,
#32-01, UOB Plaza
Singapore 048624
Phone: +65 6622 5347

Utimaco

  • support
  • corporate
  • careers
  • legal
  • terms & conditions
  • privacy
  • cookie-policy
© 2021
to top
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research