Qualified Signature Creation Devices (QSCD) under eIDAS – The example of the Bank-Verlag Signature Activation Module (SAM)

In our recent blog post series about the eIDAS regulation, we have addressed local signing and the difference with remote signing (or server signing), which relies on a Trust Service Provider (TSP) to remotely generate and manage the signing keys on the signatory’s behalf. eIDAS requires a Qualified Signature (or Seal) Creation Devices (QSCD) for issuing and using qualified certificates for the generation of electronic signatures and seals. Today we would like to look into how the CC-certified and eIDAS-compliant Utimaco HSM integrates with the Bank-Verlag Signature Activation Module (SAM) and helps Bank-Verlag become a TSP.

Read more

Auditing Blockchain and eIDAS

The anonymity provided by some blockchains is one of the largest attractions about this technology. For business adoption though identity on and off the chain is crucial, legally and logistically. On an entirely distributed, decentralized blockchain such as Bitcoin or Ethereum, this anonymity serves a purpose and encourages individual use. For business adoption however it poses problems.

Read more

how eIDAS is related to PSD2 & AML4 and relevant for banking & financial services

In the context of a Digital Single Market in Europe, the need for secure electronic transactions across member states is a big topic for banking and financial services players. Electronic ID and trust services are key compliance factors for identification and authentication after recent regulatory updates such as PSD2 or AMLD4.

Read more

eIDAS regulation: do not make the wrong choice when you are picking your HSM

In this blog post, I want to limit myself to the essential basis of eIDAS, the HSM (Hardware Security Module). If you want more information about eIDAS, please visit the websites mentioned at the end of this article.

Read more

the higher purpose of eIDAS: supporting the european digital single market

While it still presents a challenge to many businesses and government institutions, the greater idea behind eIDAS is to strive towards a true digital single market in Europe. It’s meant to make life easier and more secure when it comes to electronic identification, authentication and digital “transactions” in the broadest sense!

Read more

local vs. remote signing and sealing according to eIDAS

One of the eIDAS objectives is the creation of a European market for electronic trust services with the same legal status and validity as paper-based processes – consistently applied across all member states. Two of these trust services we would like to highlight in this blog post are qualified / advanced electronic signatures and seals.

Read more

sole control of one’s signing keys under eIDAS

Digital signatures are based on public/private keys and are only as secure as the signer’s private key. Sole control is the principle that ensures the signer – and no one else but the signer – has access to her/his signing key and can initiate a digital signature. This blog post takes a look at the details of sole control.

Read more

Ready to take off?

Download our HSM simulator!

Register for free