Cryptomathic and UTIMACO have unveiled a joint Qualified Electronic Signature (QES) solution with an advanced security model designed to accelerate digital transformation in banks, governments and other trusted service providers.
The solution enables such providers, whose processes must comply with mandates for strong authentication, to extend the functionality of their existing user authorisation solutions to allow customers to sign transactions, documents and data online at the highest possible level of legal assurance, from anywhere and at any time.
Cryptomathic’s Signer platform is one of an elite few remote Qualified Signature Creation Devices (QSCDs) to be certified against the latest eIDAS protection profile. It is also the first to place its Signature Activation Module (SAM) firmware inside UTIMACO’s eIDAS certified Hardware Security Module (HSM). This consolidated security model ensures the signing payload can only be executed from inside UTIMACO’s protected cryptographic environment, making it significantly more resistant to attack, including from insiders.
Signer’s What You See Is What You Sign (WYSIWYS) functionality also provides strong non-repudiation and addresses long term validation signature profiles for XML and PDF documents, while being able to leverage existing IT infrastructure. The combination of these factors, together with the vendor agnostic nature of the solution, means that providers can now seamlessly introduce highest assurance level remote e-signature services as a function of their existing authentication systems, without disrupting either their customer experience or back-end operations.
Guillaume Forget, Managing Director, Cryptomathic GmbH, comments: “Both Cryptomathic and UTIMACO have been fast to market with eIDAS certified products. By offering a joint solution integrated with an eIDAS TSP, we are truly helping banks and other providers accelerate their delivery of online e-signature services with the maximum security. The ease of deployment makes this solution very attractive. Many providers, including banks, have already been required by law to deploy strong authentication systems. Now, these providers can deploy this solution as part of those systems, slotting it into their existing digital experiences and using it flexibly, to enable non-repudiable user authorisation across a rapidly growing number of digitised use-cases.”
Stefan Auerbach, CEO, UTIMACO, comments: “We are delighted that Cryptomathic and UTIMACO continue to deliver fully approved eIDAS solutions to our clients. Cryptomathic and UTIMACO were founding contributors to the initial eIDAS regulation working groups that were formed to deliver the eIDAS regulation on electronic identification and trust services for electronic transactions. This regulation has now become so successful that a number of countries outside of Europe are also now adopting this as their security standard, enabling businesses, citizens and public authorities to carry out secure and seamless electronic interactions.
“This latest solution offered by Cryptomathic and UTIMACO offers the highest level of certification which is EAL4+ AVA_VAN.5. Together we are affording our joint clients the highest level of assurance and authenticity available for electronic signatures.”
The joint solution is available immediately via a choice of deployment options ranging from on premise to a fully outsourced managed service. Customers across Europe and beyond are already implementing and going live with the solution at the AdES or QES level.