Thales eSecurity Blog

Fuel your digital eIDAS transformation

Francesco Perrotta More About This Author >

eidas logo

In July last year EU Regulation N. 910/2014, also known as eIDAS, came into force – designed to harmonize national regulations around electronic signatures and digital identity and ensure the legal and technological interoperability of electronic identification systems. Its enforcement will drive the domestic market towards the digitization of document-based processes, and will therefore increase the use of electronic signature systems, long-term signature and document preservation systems, and strong authentication mechanisms, all of which will, ultimately, lead to an increase in the circulation of digital documents recognised as legally valid across Europe.

eIDAS introduces some important changes regarding electronic signatures, for example:

  • Defines three signature types: electronic, advanced electronic, and qualified electronic
  • Establishes the security requirements for electronic identification devices
  • Gives a definition of the term ‘electronic seals’ in its various forms
  • Describes who are considered trusted services providers

Here are some of the many ways in which electronic signatures solutions developed by AliasLab can be implemented:

  • Qualified electronic signature with token and/or smartcard: The user signs the digital document using a token or smart card connected to a PC.
  • Remote qualified electronic signature: The user unlocks their qualified certificate, which is stored in an HSM in a remote server within the TSP/CA, using their mobile phone to insert the appropriate OTP/PIN, which will then be used to sign the digital document.
  • Biometric electronic signature: The user undergoes an enrollment phase which uniquely links a set of biometric data such as graphometric signature or fingerprint, to their qualified certificate. At the time of signing, the user will provide his or her biometric data, which will then be verified against the template stored in the enrolment phase. In the case of a match, this will unlock the qualified certificate, stored in an HSM in a remote server within the TSP/CA, and use it to sign the digital document.
  • Remote advanced electronic signature: The user is able to electronically sign a digital document through a strong authentication process using their mobile phone as a secure token. The identifying data resulting from this process is uniquely linked to the document, providing a proof of signature.
  • Graphometric advanced electronic signature: The user signs a digital document by applying their handwritten signature on a pad or tablet, which collects the graphometric characteristics such as speed, pressure, and acceleration of each signature. This allows the signer to be recognized with a high degree of confidence, and this set of information is uniquely linked to the digital document, providing proof-of-signature.

At AliasLab we offer cutting-edge solutions to help prepare companies for the eIDAS digital transformation. In partnership with Thales, we offer solutions that meet the following requirements defined by eIDAS:

  • Security of data used in creating an electronic signature
  • Unique connection between the data used in creating an electronic signature creation and the signature itself
  • Protect the signature data against forgery
  • Protect the data used in creating an electronic signature against illegitimate use by others

Thales HSMs act as the root of trust for AliasLab’s IDSign Signature engine, allowing the creation and management of the cryptographic keys used to create electronic signatures. This enables us to provide secure products and services that meet the new eIDAS cross-border standards.

The digital transformation brought about by eIDAS is well underway, and many kinds of companies, public and private, in all sectors.

IDSign’s Signature Engine, in conjunction with the use of Thales’ HSM as a cryptographic module for the generation and protection of the data used in creating a signature, comprise a compliant QSCD according to the A-SIT-VI-16-048 Conformity Certificate as a SSCD -Secure Signature Creation Device according to Art. 51 E-IDAS Regulation UE Nr. 910/2014 – Art. 3, Par.4 -Annex III D.E. 1993/93 / EC.

Guest blog from Francesco Perrotta, Alias Lab.

Click here to find out more about how AliasLab works with Thales to provide eIDAS solutions.