The provision of a signature or the creation of a company seal are security-critical processes, the manipulation of which can have unpleasant consequences for all parties involved, may be accompanied by a high loss in monetary value or cause significant damage to the reputation of a provider. For products for generating the technical counterparts of signatures and seals, qualified electronic signatures and qualified electronic seals, the legislator has therefore specified an approval procedure with correspondingly high security requirements in the eIDAS Regulation.
The “eIDAS Certification Body” of SRC is able to certify a product in combination with or based on an existing evaluation according to Common Criteria as a qualified electronic signature creation device or seal creation device (QSCD) according to Art. 30 para. 3 of the eIDAS Regulation.
The safety requirements (Protection Profiles) to be applied to products are set out in Commission Implementing Decision (EU) 2016/650 of 25 April 2016 laying down standards for the safety assessment of qualified signature and seal-creation devices in accordance with Article 30(3) and Article 39(2) of Regulation (EU) No. 910/2014 of the European Parliament and of the Council on electronic identification and electronic trust services for electronic transactions in the internal market” (Article 30(3)(a)).
Alternatively, the eIDAS Regulation allows the application of other test methods provided that equivalent safety levels are applied and the test method has been notified to the EU Commission (Art. 30 para. 3 (b)). Since the above mentioned implementing decision (EU) 2016/650 does not yet list any PPs containing security requirements for QSCDs for use by a trusted service provider, SRC has developed a test procedure “Certification of the conformity of QSCDs for server-signing with the requirements laid down in Annex II of Regulation (EU) No. 910/2014” for the certification of QSCDs for use in remote signatures which was notified to the EU Commission.
SRC Security Research & Consulting GmbH has been designated by the Federal Network Agency for Electricity, Gas, Telecommunications, Post and Railways as “eIDAS Certification Body” in accordance with Art. 30 para. 1 of the eIDAS Regulation.
We are pleased to offer you the opportunity to use the expertise and extensive experience of our independent experts for the certification of your product as a qualified signature and/or seal creation device.
The EU Commission publishes and updates lists of notified “eIDAS Certification Bodies” and QSCDs as well as all currently notified alternative testing procedures.