Hackathon proof of concept: Business Vendor On-boarding Platform with verified digital identity

Together with our customer and partner Anva, we participated in the recent hackathon from B-Hive. The challenge was to “Know your Vendor” and, well, we’re pretty proud of our result.

What we built:

We created an easy-to-use platform for vendors to register once, and then being able to submit to multiple RFPs/RFIs using the same registration data. To verify the correctness, eligibility and validity of the submitting party, the vendor representative had to connect the account to LinkedIn as well as Belgium’s Itsme Electronic Identity. Based on this data, we then implemented company information lookup into Dun & Bradstreet APIs, and finally the end user could upload certificates (eg: ISO27001) and additional documents.

Furthermore, we also integrated the portal with ANVA Safebay platform for confidential messaging, and we had an AI chatbot that would automatically generate an NDA based on the ongoing conversation. Once signed by both parties (and verified using eIDs), these NDAs would then be Signicat sealed and put into our archive.

Here’s a more detailed video from our own Peter Feijen:

 

Press Release: Signicat joins ETSI team guiding digital signature standards

Trondheim, Norway, 27 September 2018Signicat, a leader in trusted digital identity, has joined the European Telecommunications Standards Institute (ETSI), the recognised standards body for electronic communications. As part of the technical committee on Electronic Signatures and Infrastructure (ESI), Signicat will help create and shape the standards for digital signatures and trust services.

ETSI is officially recognised by the EU as one of three European Standards Organisations (ESO), with a focus on broadcasting, telecommunications and other electronic communications networks and services. ETSI produces “harmonised standards” that support European regulation and enable manufacturers and suppliers to prove that their products and services meet these regulations.

ESI is the technical committee responsible for the standardisation of European digital signature and trust services. The standards produced by ESI are designed to meet the demands of eIDAS regulation, ensuring interoperability across borders, and be applicable beyond Europe.

Signicat—already standards-compliant—will be able to share its experience and knowledge of electronic signatures and digital identity to help guide the development of these standards. Currently in development are standards for signature validation services, which specify how a signed document will be sent to a trusted service, returning a signature validation report.

“The work of ETSI, ESI and eIDAS is solving the fragmentation that currently exists across Europe, and will make using digital trust services across the continent simple,” said John Erik Setsaas, VP of Identity and Innovation, Signicat. “Our membership of the technical committee that drives the creation of these standards gives us an opportunity to influence their development, bringing our first-hand experience of creating trust services that work across borders.”

For more detail on the ongoing work of the technical committee and its roadmap, read Signicat’s blog post: https://www.signicat.com/blog/signicat-joins-etsi-for-standardisation-of-digital-signatures-and-trust-services/

About Signicat
Based in Trondheim, Norway, and founded in 2007, Signicat operates the largest Digital Identity Hub in the world, offering the only complete identity platform in the market and trusted to reduce the burden of compliance in highly regulated markets.

With Signicat, service providers can build and leverage existing customer credentials to connect users, devices and even ‘things’ across channels, services and markets transforming identity into an asset rather than a burden. By ditching manual, paper-based processes and replacing them with digital identity assurance, customer on-boarding is accelerated and access to services is made simple and secure. Signicat’s Identity Hub is a complete solution to that offers compliance and a route to better customer engagement.

Signicat has over 400 financial services organisations as clients, connects to more than 20 schemes globally and verifies more than 10m identities per month.

For more information, visit: https://www.signicat.com/contact/

Media Contacts:

CCgroup for Signicat:

Alan Miller, Alice Pedder

Signicat@ccgrouppr.com

Hotels: Do you really Know Your Customer?

The regulation known as Know Your Customer (KYC) is as important as ever before for the prevention of identity theft and financial fraud, including money laundering and terrorist financing and is a widely used acronym in banking and FinTech. But why would a hotel need to KYC? More and more countries demand that the hotel has a copy of a guest’s passport. and this of course leads to increased time per check-in and a lower Revenue Per Available Room (RevPAR).

The KYC is the process of verifying the user’s identity, and is typically done by a number of mechanisms such as passport or ID paper upload, electronic ID verification, face recognition etc.

As hotels move towards online and kiosk check-ins, it makes this process more difficult. Wouldn’t it be great for customers to provide their passport and ID information ahead of time, including a scan of the passport and a picture of the guest? This information can be stored in the hotel’s Property Management Software (PMS) before the guest arrives?

Financial institutions in the Nordic region, Spain and Germany are reporting huge savings and increased attractiveness of their services since implementing an Electronic ID (eID)-based KYC process became available three years ago.

Here at Signicat we are able to provide secure guest on-boarding, as well as authentication and electronic signing services. We make it easy for hotels and others in the hospitality industry to use electronic IDs (a full list of supported eIDs here), as well as passport and ID card scanning services. We’re able to receive necessary information from passports, copy the documents, and securely store and preserve documents and signed agreements in our preservation archive.

What is an electronic ID? Electronic identification is electronic systems for legitimizing users on the Internet or other computer systems. Using an electronic identity, users can identify, sign in and sign contracts and approve transactions on different websites, such as banks and public portals.

Once onboarded, guests can then quickly access their loyalty program information as well. If an eID is used, there is no need to worry about remembering a username and login as authentication is provided by the eID.

Signicat has more than 10 years’ history of working with companies dealing with both complex regulatory compliance issues, as well as ensuring seamless user experiences to on-board and keep customers. Our APIs provide everything a hotel or PMS provider needs to quickly get up and running.

Afterall, for the hospitality industry wouldn’t it be great to Know Your Guest?

Have you replaced TUPAS? Time is running out.

Finland’s TUPAS digital authentication method is being replaced. Signicat can help.

The TUPAS protocol no longer meets the criteria for strong authentication in EU legislation. According to the Finnish Communications Regulatory Authority, e-services will have to replace old TUPAS integration interface by 30 September 2019.

Finnish Trust Network:
The Finnish Trust Network is a combination of identity service providers (e.g. TUPAS banks and Mobiilivarmenne operators) and brokers. With agreement with a member of Finnish Trust Network, companies can continue to engage with customers online in a verified, trusted manner.

Signicat has been helping Finnish businesses meet these new requirements by providing an approved, strong authentication solution and providing access to the Finnish Trust Network. We act as a broker for Finnish businesses, meaning that instead of having to sign up 10 separate agreements with the 10 active banks in Finland and then implement 10 separate technical integrations, we act as a one-stop shop, providing a single point of integration and a single agreement.

Additionally, due to the bulk eID pricing we have negotiated, the average customer can save up to 70% on these connection fees in addition.

Contact us if you require more information or help with your TUPAS migration.

Technical Support Specialist, Finland

About the Position

Signicat is continuing to attract an increasing number of new, local and international business customers, many of which are large enterprises with wide reach. In addition, our existing customers are broadening their expectations of our products and services, and we are passionate and focused on delivering a consistent quality to all.

Due to this expansion, to strengthen our service organization and our business in Finland, we are looking for persons with excellent troubleshooting skills, experience with B2B customer support or premier services, energy and passion for helping others, and focused on the customers receiving significant value from our services. If you have these skills, then this might be the right job for you.

The role includes responsibilities for activities like:

Reactive and proactive technical and product support for Signicat’s Finnish customers
A key role in onboarding of new Signicat customers, sometimes as a leader of virtual teams
Provide pre-sales assistance to the Finnish Sales team
Contribute to get the highest possible adoption of the products sold
Be the link between Signicat’s Operations department, Finnish Sales team and the customers’ technical and business teams
Participate in further development of Signicat’s service product in Finland

Essential qualifications:

– Have a minimum bachelor’s degree within IT
– Have a service oriented mindset and can represent Signicat in a professional manner
– Enjoy challenges and can solve them
– Excellent communication and interviewing skills
– Speaks and writes Finnish fluently
– High proficiency in spoken and written English

Desirable qualifications:

– Have knowledge of ITIL or ISO27001
– Have experience with IT-related customer service tasks
– Have competence in programming, front-end or back-end
– Written and oral skills in a Scandinavian language (Norwegian, Swedish and Danish)

The position will be located at our Finnish office in Leppävaara, Espoo. The position will require occasional travelling, especially to the Signicat headquarters in Trondheim, where the rest of the service and support organization is located.

You will report to the Head of Operations.

About Signicat

Signicat is a Digital Identity Service Provider (DISP) and is one of the leading providers of electronic identity and signature solutions in Europe/globally. Our security solutions are used at all financial levels from government and big banks to small business—and everywhere in between.

We continue to be leaders in innovative security solutions, reducing risk while providing a smart and intuitive user experience. Signicat has earned the trust of institutions and businesses by providing user authentication, electronic signing, identity proofing and document preservation. We are innovators in fingerprint authentication, two-step verification and other generated one-time passwords.

We are a fast-growing company that has track record of success as one of the most complete providers of electronic identification services for the Nordic and European markets. While enjoying continued growth we have kept the best of our ‘startup’ ethos, encouraging creativity, initiative and independence to get things done. We value the well-being of each employee and all work together to create a supportive and inspiring work environment.

Signicat has more than 100 employees at offices in Trondheim (headquarters), Oslo, Copenhagen, Helsinki, Stockholm, Amsterdam, Lisbon, London and Frankfurt. Our focus is security and professionalism and we are constantly working to improve our product and ourselves. If you want to be part of our highly talented, professional and creative team then we want to hear from you!

Signicat is one of the leading providers of electronic identity and signature solutions in Europe.

We reduce risk in smart ways making it easy for companies to offer online authentication, identification and electronic signatures. Our teams are passionate about our mission to create the safest solutions for tomorrow’s challenges.

We are proud to provide identity assurance and authentication to over 450 European businesses and institutions in sectors such as government, banking, finance, insurance and eCommerce.

Contact person:

Hallvard Olaisen
COO
+47 951 36 561
hallvard.olaisen@signicat.com

EEMA Identity Blog: The problem of self-sovereign identity: We can’t trust people

10th August 2018: Link to EEMA Identity Blog

Two buzzwords often heard in identity today are self-sovereign identity and distributed identity. The reason for considering new models for identity is, among other things, to avoid a single point of dependency and to put the user is in control of his or her identity and decide how much information to share with whom.

It’s a compelling story. Who wouldn’t like more control over who has access to their data? Unfortunately, while the story is easy to sell, implementing self-sovereign identity is a much harder problem. What are the implications of this model of identity, and where will the responsibilities lie?

A digital identity gives a person access to their email, bank account, property, digital money and more. The hard part is binding a physical person to a digital identity. Identity professionals spend a lot of time trying to figure out secure ways of doing this.

In his blog The characteristics of Blockchain can be very valuable to identity, Kim Cameron said that “you should not lose your identity if a country has a political melt-down”. I completely agree. But it can take much less than revolution and anarchy for something to go wrong—neither should someone lose their identity if they fail to backup or forget a private key.

Human beings are not reliable

Anyone who has ever known a human being for any length of time knows this. They forget passwords and credentials and do not create backups. New technology that relies on fallible people to keep credentials safe comes with undeniable risks. A good example of this are the 23% of all bitcoins that are now lost, thanks to lost passwords and hard drives that now lie in landfill.

It’s unwise to create an infrastructure where ownership of possessions depends solely on people’s memory. Raise your hand if you have NEVER used the “I forgot my password” function. Raise your hand if you have NEVER lost a car key or a house key or needed help to access a locked space. Not a lot of hands, right?

In these situations, we can call a locksmith or demand a new password. Whether physical or digital, we can depend on somebody being there to assist if we get locked out. Unless we implement recovery mechanisms, self-sovereign identity means that there is no one that can help.

With self-sovereign identity, each user has a private key, designed in such a way that a brute force attack is close to impossible. This is clearly a good thing, as it prevents others taking over your digital identity. But putting the only possible key to access the digital identity in the hands—and forgetful brains—of the users invites disaster. There is no back-door. There is nobody to call.

It’s not just forgetfulness we need to worry about, as people have accidents or illnesses which can affect their memory. And when they die, and assets are to be passed on, the private key needed to access your digital identity is lost forever. We need to consider a worst-case scenario, such as someone’s house burning down, traumatizing them into losing their memory—and the recovery codes, carefully noted down and put in a sealed envelope, are also gone.

We need identity custodians

Clearly, we need identity custodians: an entity we can trust and call upon if we have a problem. Somebody who is able to give a key back when it’s lost. Ideally, we should be able to choose which identity custodian to use and switch as often as wanted. We also need different custodians for holding identity data and holding a key in escrow, to ensure segregation of responsibilities, and to reduce risk of exposure.
However, there are several fundamental challenges with using custodians:

– First is access to a user’s private key, which must be high-friction. It should not be possible for a rogue employee of an identity custodian to get access to your private key. But it must be possible, with your involvement, to recover the key. High friction and convenience do not go hand-in-hand.

– How do you prove who you are… when you cannot prove who you are? The key recovery must handle the situation that you have forgotten the key entirely and have no possessions that can help.

– The third challenge is building a key recovery system in such a way that it is secure, cost-efficient and usable. No system will be 100% secure, but due to the importance of keeping private keys private, a high level of security is a must.

One way to build such a system would be to split the key into several parts and have these parts stored physically (for example as a printed document), to make it more resistant to digital attacks. The physical presence of the user would be required to ensure a biometric match. The correct key would be handed to the user after all the parts have been collected. Procedures on the part of the identity custodian are important here to ensure that only the user and not the custodian gets the parts needed to reconstruct the private key.

Clearly, creating a secure, cost-efficient and usable management of identities is not simple. Self-sovereign identity, often discussed as a straightforward identity system, actually requires clunky solutions and multiple custodians to support it. It’s important to keep this in mind when these buzzwords are thrown around.

Author: John Erik Setsaas is Identity Architect at Signicat and a member of the EEMA Board of Management

Technical Support Specialist, The Netherlands

Signicat is one of the leading providers of electronic identity and signature solutions in Europe. We deliver online trust-based services to the public and private sector globally.

We reduce risk in smart ways making it easy for companies to offer online authentication, identification and electronic signatures. Our teams are passionate about our mission to create the safest solutions for tomorrow’s challenges. We are proud to provide identity assurance and authentication to over 430 European businesses and institutions in sectors such as government, banking, finance, insurance and eCommerce.

About the Position
Signicat is continuing to attract an increasing number of new, local and international business customers, many of which are large enterprises with wide reach. In addition, our existing customers are broadening their expectations of our products and services, and we are passionate and focused on delivering a consistent quality to all.

Due to this expansion, to strengthen our service organization and our business in The Netherlands, we are looking for persons with excellent troubleshooting skills, experience with B2B customer support or premier services, energy and passion for helping others, and focused on the customers receiving significant value from our services. If you have these skills, then this might be the right job for you.

The role includes responsibilities for activities like:
• Reactive and proactive technical and product support for Signicat’s customers from the BeNeLux area
• A key role in onboarding of new Signicat customers, sometimes as a leader of virtual teams
• Provide assistance to the Dutch Sales & pre-Sales team
• Contribute to get the highest possible adoption of the products sold
• Be the link between Signicat’s Operations department, Dutch Sales team and the customers’ technical and business teams
• Participate in further development of Signicat’s service product in the Netherlands

Essential qualifications:
• Have a minimum bachelor’s degree within IT
• Have a service-oriented mindset and can represent Signicat in a professional manner
• Enjoy challenges and can solve them
• Excellent communication and interviewing skills
• Speaks and writes Dutch fluently
• High proficiency in spoken and written English

Desirable qualifications:
• Have knowledge of ITIL or ISO27001
• Have experience with IT-related customer service tasks
• Have competence in programming, front-end or back-end

The position will be located to our Dutch office, in The Hague. The position will require some travelling, especially to the Signicat headquarters in Trondheim, where the rest of the service and support organization is located.

You will report to the Head of Operations.

About Signicat
Signicat is a Digital Identity Service Provider (DISP) and is one of the leading providers of electronic identity and signature solutions in Europe/globally. Our security solutions are used at all financial levels from government and big banks to small business—and everywhere in between.

We continue to be leaders in innovative security solutions, reducing risk while providing a smart and intuitive user experience. Signicat has earned the trust of institutions and businesses by providing user authentication, electronic signing, identity proofing and document preservation. We are innovators in fingerprint authentication, two-step verification and other generated one-time passwords.

We are a fast-growing company that has track record of success as one of the most complete providers of electronic identification services for the Nordic and European markets. While enjoying continued growth we have kept the best of our ‘startup’ ethos, encouraging creativity, initiative and independence to get things done. We value the well-being of each employee and all work together to create a supportive and inspiring work environment.
Signicat has more than 100 employees at offices in Trondheim (headquarters), Oslo, Copenhagen, Helsinki, Stockholm, Amsterdam, Lisbon, London and Frankfurt. Our focus is security and professionalism and we are constantly working to improve our product and ourselves. If you want to be part of our highly talented, professional and creative team then we want to hear from you!

About the Signicat’s Dutch office
The Dutch team exists out of team of commercial experts with a broad Industry knowledge and is conveniently situated a stone’s throw from Centraal Station, on the cusp of the city centre. This unique red brick building designed in the Amsterdam School architectural style is an iconic landmark on the city’s skyline and well known throughout the Hague. Formerly the Esso headquarters, this is a building with history and presence. Spaces Rode Olifant is easily accessible by car and has excellent transport links located only eight minutes walking distance from Central Station. Set up your work spot, plug into our energy and start accelerating together while overlooking beautiful Malieveld

Signicat offers a full-suite of benefits and competitive compensation. If you are looking for a new opportunity, we look forward to hearing from you. Please submit your resume to:

Marco Gouw
Director of Sales
Marco.gouw@signicat.com
+31 (0)657001483

Pre-Sales Engineer BeNeLux

Job description

This is a terrific opportunity to join a fast paced organization and immediately make an impact.

Signicat is one of the leading providers of electronic identity and electronic signature solutions in Europe. The company, founded in 2007, delivers online trust based services to the public and private sector globally. The solutions fulfill operational capabilities in line with international standards and requirements, such as Privacy, Anti-Money Laundering (AML) and Anti-Terrorist legislation and regulations, as well as Know Your Customer (KYC) requirements for onboarding of new users. Signicat offers some of the most advanced solutions for electronic identity and electronic signatures.

The goal is to enable customers to do business more effectively by delivering great user experiences for the end users and at the same time reduce the risk by using advanced security technology. The Signicat solutions are used by banks and financial institutions, insurance companies, government agencies and large corporations as well as small and medium sized businesses. Customers trust Signicat with the responsibility of authenticating users, providing electronic signing, identity proofing and document preservation. Banking grade SLAs are offered, matching customers need for scalability and reliability.

We work with hundreds of innovative companies from startups to Fortune 100 organizations.
In this role you will be responsible for all technical aspects of the sales cycle, as well as helping to ensure customer satisfaction. You will be an essential part of the sales organization at Signicat, and will be a key player of the pre-sales organization. As an early member of the Benelux team, the Pre-Sales Engineer will have the ability to help define the pre-sales process for signicat!

Responsibilities
You will and work with other members of the Sales and Services teams. Primary responsibilities will include:

– Conduct Sales Presentations
– Develop Sales Proposals
– Provide Technical Sales Support Prepare and present product demonstrations
– Identify, evaluate, and recommend proof of concept opportunities
– Prepare and provide input for technical sections of RFPs/ RFQs
– Communicate with Engineering on issues identified from field observations and customer feedback Continue reading

Sourcing Manager, Trondheim Norway

Signicat is one of the leading providers of electronic identity and signature solutions in Europe.

We reduce risk in smart ways making it easy for companies to offer online authentication, identification and electronic signatures. Our teams are passionate about our mission to create the safest solutions for tomorrow’s challenges.

We are proud to provide identity assurance and authentication to over 425 European businesses and institutions in sectors such as government, banking, finance, insurance and eCommerce.

About the Position

Signicat is continuing to attract a growing number of new, local and international business customers, many of which are large enterprises with wide reach. In addition, our existing customers are broadening their expectations of our products and services, and we are passionate and focused on delivering a consistent quality to all.

In order to realise our growth strategies and establish business in several new markets, we are recruiting a Sourcing Manager with energy and passion for sourcing and for capturing the value throughout the supply chain.

You will have excellent commercial, analytical and communication skills, experience in the field and a sharp focus on our customers´ need for the highest possible value from our services. Signicat is passionate about delivering a high-quality customer experience. You will share this goal and will help ensure exceptional customer experience through your role in bringing our products to new markets.

The Sourcing Manager is a new role in Signicat, and you will take part in building a new function within the organization. Frequent travel will be required between our headquarters in Trondheim, Norway and other European markets.

Job Description

You will have a range of tasks and responsibilities, including:

  • Participate in developing and implementing the sourcing process and function in Signicat
  • Participate in developing and executing the sourcing strategies in Signicat
  • Develop vendor intelligence across markets.
  • Perform analysis, plan and execute sourcing processes with providers of eID methods, verification methods and attribute providers for natural and legal persons in the selected countries.
  • Working alongside internal stakeholders to identify process improvements and implementing corresponding changes.
  • Ensuring process and strategy alignment across the organization, through collaboration and effective communication with colleagues at all levels.

Qualifications, Experience & Skills

As the ideal candidate, you will have:

Essential

  • Working experience from sourcing processes in general, and sourcing of software in particular.
  • Excellent commercial and analytical skills.
  • Ability to quickly understand and analyze complex issues.
  • Excellent communication and negotiation skills.
  • Experience from drafting of contracts.
  • High proficiency in spoken and written English, and preferably also other European languages.
  • Master’s degree or similar education (in Engineering, Finance or Legal)

Desirable

  • Experience from project management
  • Experience from software development
  • Written and oral skills in a Scandinavian language (Norwegian, Swedish and Danish)

Our Benefits

  • Competitive salary
  • Good Insurance and pension plan
  • 5 weeks paid vacation (following one year’s service)
  • Family friendly policies
  • Employee social activities (music, sports, board games)
  • For international moves to Norway, immigration assistance and relocation services provided

About Signicat

Signicat is a Digital Identity Service Provider (DISP)and is one of the leading providers of electronic identity and signature solutions in Europe/globally. Our security solutions are used at all financiallevels from government and big banks to small business—and everywhere in between.

We continue to be leaders in innovative security solutions, reducing risk while providing a smart and intuitive user experience. Signicat has earned the trust of institutions and businesses by providing user authentication, electronic signing, identity proofing and document preservation. We are innovators in fingerprint authentication, two-step verification and other generated one-time passwords.

We are a fast-growing company that has track record of success as one of the most complete providers of electronic identification services for the Nordic and European markets. While enjoying continued growth we have kept the best of our ‘startup’ ethos, encouraging creativity, initiative and independence to get things done. We value the well-being of each employee and all work together to create a supportive and inspiring work environment.

Signicat has more than 100 employees at offices in Trondheim (headquarters), Oslo, Copenhagen, Helsinki, Stockholm, Amsterdam and London.Our focus is security and professionalism and we are constantly working to improve our product and ourselves. If you want to be part of our highly talented, professional and creative team then we want to hear from you!

About Trondheim

Signicat’s headquarters are located in Trondheim, Norway’s technology and start-up capital. Set on one of the countries famous fjordsit has fast become a European tech hub—a space where exciting innovation and ideas not only start but develop and succeed. The city has established itself as a career destination for the tech world leading the way in advanced technology for the finance, energy and software sectors.

With close access to nature for hiking and skiing–or just to clear your head and think of that next great idea, Trondheim blends the benefits of city living with an adventurous outdoor spirit. The city hosts reliable infrastructure and public transport making it simple to get around as well as offering a vibrant cultural, artistic and music scene.

Trondheim continues to attract ambitious and creative workers by offering an appealing mix stimulating working conditions, innovation and way of life.

 

Contact Information

Gisle Aasgaard

Project Team Manager, Signicat

T: +47 91107849

gisle.aasgaard@signicat.com

 

Signicat joins ETSI for standardisation of digital signatures and trust services

Signicat is pleased to announce we have formally become a member of ETSI (European Telecommunications Standards Institute) joining their technical committee on Electronic Signatures and Infrastructure (ESI). ESI is the standardisation body responsible for most European standards on digital signature and trust services; CEN TC 224 additionally produces some standards, notably on security evaluation.

Signicat’s electronic signature services are designed to be standards-compliant, and with Signicat becoming a qualified trust service provider according to the EU eIDAS Regulation, standards-compliance is increasingly important for us. The decision to join ETSI/ESI is a strategic move to not only use standards, but to also get first-hand knowledge of and influence on their development.

European standards on digital signature and trust services are grouped in six areas as shown in the figure below. The green ticks show standards that are done (only maintenance activities) while the rest are in progress. When completed, standards will cover all trust services defined by eIDAS. CEN (the European Committee for Standardization) covers area 2 while the rest of the standards are produced by ETSI.

Formally, standards are not mandatory to fulfil eIDAS requirements for qualified trust services. However, when interoperability is a goal, in practice the ETSI and CEN standards must be used. Currently, Signicat uses standards from area 1 for the Signicat Sign service, from area 4 for the qualified time-stamp service, and of course the recommendations on cryptography from area 2. As the service offering expands, more standards will come into play.

While the eIDAS Regulation sets the scope of the standards work, ETSI’s strategy is to produce technical standards that are globally applicable and not targeted at a specific legal environment. Notably, ETSI uses the technical term “digital signature”, a signature created by use of public key cryptography and PKI certificates, to distinguish from the in-principle technology neutral, legal terms “electronic signature” and “electronic seal” used by eIDAS. ETSI standards, together with a few core specifications on which ETSI has built the work, are referenced internationally as the state of the art standards in the area.

Of the ongoing work, standards to enable server-based (remote) creation of qualified and other signatures are especially important. CEN is about to publish Common Criteria (CC) security evaluation profiles for the equipment needed for such a service, such as “remote QSCD” (Qualified Signature Creation Device). ETSI will publish standards for the signing protocol towards the service and policy and security requirements to be applied by the service provider operating the signing service.

Standards for signature validation services is underway from ETSI, specifying how a signed document (or pairs of signatures and hash values) can be sent to a trusted service, returning a signature validation report that is also being standardised.

Registered delivery, i.e. transmission of documents and other message between parties in a reliable and secure way, is a trust service in eIDAS. A new ETSI standard in this area is about to be sent for national ballot, meaning that the national standardisation bodies of the ETSI member states will vote on its acceptance. In addition to the base standard, ETSI has revised the old Registered Electronic Mail (REM) specification for email-based registered delivery; the new REM version is also under national ballot.

Standards are being produced for long-term preservation of both signed and unsigned documents, using digital signature techniques to produce evidences of existence.

When qualified trust services are audited by a Conformity Assessment Body (CAB), the CAB must be nationally accredited for the job according to an ETSI standard.

Of miscellaneous other work, ETSI recently published standards for issuing of qualified web-site certificates and qualified electronic seal certificates to actors that are accredited for payment service provider roles according to the EU PSD2 directive.

All in all, as ETSI standards are the foundation of many of the services that Signicat provides or will provide in the future, keeping track of and influencing the development of standards is necessary to ensure that Signicat continues to deliver world-class signature and trust services.

More on these links: ETSI and CEN.