In this blog, we discuss our efforts to secure an eIDAS-certified remote qualified signature creation device (QSCD).
We want to let you into a little secret. Since Sep 2017, Ascertia has been actively pursuing a Common Criteria EAL4+ certification of its ADSS Server “Signature Activation Module (SAM)” Appliance.
Let’s start with the basics.
Traditionally, creating a high-trust digital signature required the signer to hold their PKI-based signing key on a smartcard or a secure USB token.
Deploying these hardware devices to a large number of users was very expensive. Another issue was these devices required specialist software to be installed on the client side, which is too complex for normal users. The real killer though is that in today’s world people want to sign documents from mobiles and tablets so trying to connect smartcards / USB tokens on the go is just plain difficult!
So, it is not surprising there has been a huge focus on cloud-based signatures (aka remote signing), which is where the user keys are held centrally on a server and available to the user from any location and any device.
You never know when you might need to prove your identity online or sign a document whether it’s interacting with e-Gov services, e-banking or anything else for that matter. Of course, system security relies on the server being able to authenticate the user and seek their authorisation for each and every signature that is created on their behalf on the server. This is known as the user having “sole control” over their own signing keys.
One of the major features of the new EU eIDAS Regulation (910/2014) is that it allows “remote signing” for the creation of both Advanced Electronic Signatures (AES) and Qualified Electronic Signatures (QES). For remote QES though, eIDAS requires the Trust Service Provider to use a trusted Qualified Signature Creation Device (QSCD) to manage the signing process and user’s signing key protection.
Up to now there were no standards for assessing trustworthiness of remote QSCDs, and vendors conducted ad-hoc audits of their technology to different levels, which caused much confusion in the market. However now there is a specific standard from CEN known as EN 419 241-2 specifically for such remote signing devices. This standard is a Protection Profile, set for use by independent evaluation laboratories to evaluate a remote signing device under the international Common Criteria (CC) scheme. EN 419 241-2 requires remote signing devices to be tested to CC level EAL4+.
So finally, there will be a level playing field to assess the trustworthiness of a remote signing solution.
We started our Common Certification preparation in early 2017, when CEN EN 419 241-2 was still in very much a draft state. We did this by developing a special ADSS Server Signature Activation Module (SAM) appliance. This is a tamper-protected hardware device which contains a special version of our ADSS Server for remote signing.
It also includes an embedded HSM certified against EN 419 221-5. ADSS Server SAM Appliance secures the user keys internally and only releases these for signing after a secure authentication and authorisation process initiated by the user from their mobile device. It supports biometric authentication of the user including TouchID / FaceID techniques.
In September 2017, we initiated the formal evaluation of ADSS Server SAM Appliance with the Italian Common Certification body called OCSI. SAM Appliance will work with Ascertia's SigningHub and any other web-based business application.
We hope to complete this certification process in coming few months....so watch this space!