Since May this year, certSIGN is the first company in Romania and one of the few at European level to provide qualified remote signature certified as QSCD in accordance with the eIDAS Regulation.
Following a successful audit conducted by the Secure Information Technology Center in Austria, the certSIGN "Paperless" Remote Qualified Electronic Signature and Remote Electronic Signature system has been certified as Qualified Signature and Seal Creation Device.
In short? Any document can be electronically signed remotely, legally, token-free, without installing special drivers, from any device (including smartphone or tablet), anywhere, anytime. And the QSCD certification ensures secure data processing / storage and a high degree of protection against cyber attacks.
Why does the QSCD certification matter?
This question was answered by Adrian Floarea (certSIGN CEO) at the #gopaperless: Unlock the full digital customer experience event, discussing the issues raised by the concept of remote signature within the eIDAS Regulation in 2016.
In essence, by storing the private keys of the signer on cryptographic devices (HSMs) at the qualified trust service provider, beyond the hardware security, there is a need for a software component to implement the roles segregation process – so as the HSM administrator not to have access to the keys, but only the signatory.
Having already developed such a solution, certSIGN has decided to accredit it in relation to the European standards and regulations in force, in the absence of specific standards at national level, Adrian Floarea pointing out the point that "… under the eIDAS Regulation, if you accredit, certify a product in another Member State, it appears on a unique list at the level of the European Union and is practically recognized throughout the European Union. "
At that time, Austria being the only EU state where there were national schemes for accreditation of remote electronic signature products, certSIGN started the audit process – successfully completed in May 2019: "We succeeded after one year to obtain the certification attesting that the product developed by certSIGN , in Romania, is and can be used as a Qualified Remote Signature Device. So not only that HSM itself, but also the software that we developed in conjunction with the HSM, can be used for the remote qualified electronic signature. Moreover, pride is even greater because at the moment there there is a limited number of such QSCDs at European level, including our company.", said certSIGN CEO.
By certifying the certSIGN "Paperless" remote qualified electronic signature and remote electronic seal system as QSCD, it is guaranteed that it complies with the eIDAS requirements as regards:
• the components and procedures for generating remote signatures and electronic seals that give them the same level of legal recognition that electronic signatures are enjoying on the token;
• safe processing and storage of the data necessary to generate them;
• the high degree of protection against cyber attacks of the supplier's infrastructure.
Why remote electronic signature?
Mobility and accessibility. If the standard electronic signature is conditioned by the use of a token and a PC / laptop, the remote signature can be used anywhere, anytime and on any device (laptop, smartphone, tablet). In addition, by storing the digital certificate on certSIGN servers, there is no need to download and install special token drivers.
Security. The remote electronic signature service assures the secure storage of the digital certificate on certSIGN systems, with access only to the signatory. Specifically, certSIGN RSS (Remote Signature Service) is based on Qualified Digital Certificates and Certified Cryptographic Devices (HSM). The latter provide controlled access to the user's private keys through secure procedures.
Legal value. Through the specific security procedures applied by trusted service providers, in the case of remote signature is ensured the same level of legal recognition as for the classic electronic signature with token. In addition, all documents signed with certSIGN remote electronic signature will be recognized as lawful anywhere in the European Union.