Remote electronic signature specialist, Cryptomathic, announces that its popular e-signature solution, Signer, has been recognised as providing the highest possible level of security following its Common Criteria certification to the new eIDAS protection profile 419241-2 for remote Qualified Electronic Signatures. Signer’s Common Criteria certification significantly raises the bar. Not only does Signer join an elite few remote Qualified Signature Creation Devices (QSCDs) to be certified against the new eIDAS protection profile, it is the first solution to place the Signature Activation Module (SAM) inside the Hardware Security Module (HSM). This means the signing payload can only be executed from inside the protected cryptographic environment, making it significantly more resistant to attack, including from insiders. Protected cryptographic environment Common Criteria certification is expected to become a mandatory requirement under the eIDAS regulation Signer also offers What You See Is What You Sign (WYSIWYS) functionality, which provides strong non-repudiation and addresses long term validation signature profiles for XML or PDF documents. The combination of these factors elevates Signer to a high-assurance level that is unmatched anywhere else in the e-signature industry. “Common Criteria certification to this new protection profile is widely expected to become a mandatory requirement under the terms of the eIDAS regulation, so we’re delighted to be this far ahead of the game,” comments Guillaume Forget, Managing Director, Cryptomathic GmbH. High security software “The governments, banks and other entities that use Signer rely on Cryptomathic to provide the highest possible assurance level in its remote qualified e-signature services. To meet these expectations, we have set up and enforced a secure development environment and procedures that meet the highest levels within Common Criteria." "Cryptomathic has demonstrated the ability to document and meet security properties, again, at the highest level. The certification has shown that our development team in Denmark is in full control of all tools and processes related to the complete product life cycle. It’s a terrific achievement and cements our position at the bleeding edge of high security software.” Electronically sign documents Cryptomathic is provider of e-signature technology and assists multiple trust services providers and banks to enable their customers to electronically sign documents and transactions at the highest assurance level.
Deutsche Post has entered the era of end-to-end digitalisation by extending its Postident digital identity management services with Qualified Electronic Signatures (QES), enabling their clients to conduct all their business entirely online, with enhanced security and privacy and in full compliance with the eIDAS regulation. Guillaume Forget, Managing Director at Cryptomathic GmbH comments: “We are very proud to have been selected by Deutsche Post as a primary partner to enhance Postident with eSigning capacity. This truly mobile solution is the first of its kind to achieve the qualified level, which provides the same probative value as paper-signed documents. With such legal certainty, it is no surprise that the financial industry has picked up the service already, to digitalise contract signing.” Remote server signing QES solution offers an excellent, end-to-end digital user experience integrated into the business workflow to ensure a high customer conversion rate Deployed as a cost-effective managed service, the QES solution offers an excellent, end-to-end digital user experience integrated into the business workflow to ensure a high customer conversion rate. It meets the highest standards in terms of data protection, security and non-repudiation, thanks to Cryptomathic's continuous innovation in remote server signing and ‘What You See Is What What You Sign’ technology. One of the primary objectives of the QES service was to improve usability and mobility, to ensure unrivalled levels of user adoption. Achieve digital transformation All the end-user needs is a mobile phone, a connected device and an official ID document to go through the following process: To start the signing process, the end-user and the documents to be signed are rerouted from the business application to the POSTID-Portal. Initial registration can be completed via a video chat session established from a browser or mobile app. During this step, a Deutsche Post agent will remotely verify the authenticity of the user’s ID document and check the identity of the signatory. For signature authorisation, the end-user is required to read the document to be signed through a trusted viewer. Strong authentication is used to provide consent and sign the document in a legally binding way. The signed document(s) are automatically transferred to the business application and are available for download for the signatory. Cryptomathic partners with Trust Service Providers to deliver tailored and fully managed Qualified Electronic Signature services, which are used across Europe for the banking sector and organisations aiming to achieve digital transformation with the highest security and assurance levels.
3 reasons to migrate to a new access control systemDownload
Schooling the market on education securityDownload
Lawrence, Massachusetts deploys FLIR video system for safetyDownload