LuxTrust users (representing over 95% of Luxembourg’s active population) will benefit from the highest possible level of e-signature security in the EU when they remotely sign documents and transactions during their day to day use of the country’s wide range of digital services. This highest-assurance level for Luxembourgers has been made possible by LuxTrust, the pioneer European qualified Trust Service Provider and certification authority that supports Luxembourg’s public and private sector digital services and by Cryptomathic, technology provider and pioneer in remote signature and non-repudiation. Digital signature solution This significant step forward follows the completion of LuxTrust’s technical migration to an eIDAS-certified QSCD version of Signer, Cryptomathic’s remote qualified digital signature solution, which has enabled LuxTrust to upgrade all of its clients (citizens and businesses) to the highest eIDAS-qualified level, according to the EU regulation’s requirements. “Luxembourg’s digital economy already provides businesses and individuals with an unusually high number of government, institutional and private sector digital services,” comments Pascal Rogiest, CEO, LuxTrust. Electronic signature services This achievement puts the Luxembourg digital ecosystem at the forefront in Europe “Our partnership with Cryptomathic has enabled us to upgrade our electronic signature services and to ensure that all users can now benefit from the highest level of legal protection when remotely authenticating and signing transactions and legally binding electronic documents. This achievement puts the Luxembourg digital ecosystem at the forefront in Europe; it is the only nationwide digital identity system to reach qualified level.” Guillaume Forget, Managing Director, Cryptomathic GmbH, comments: “This is a significant milestone in Luxembourg’s digitalisation journey. The global need to support social distancing measures has dramatically accelerated every country’s use of digital services and heightened the need for gold standard security in remote transaction and document signing.” Long-standing cooperation “With this project now complete, citizens, businesses and institutions in Luxembourg can perform e-signatures carrying the same legal value as those performed face-to-face, by hand. Luxembourg is now setting the pace here. Cryptomathic is delighted to be playing such a meaningful and sustainable role in the country’s digital development.” LuxTrust’s complete transition to the eIDAS-qualified level was made possible thanks a long-standing cooperation with Cryptomathic, a pioneer in the field of remote signing and ‘What You See Is What You Sign’. Its flagship product, Cryptomathic Signer, was first rolled out by LuxTrust 15 years ago, and has since been developed and enhanced to be certified and approved as an eIDAS Qualified Signature Creation Device (QSCD).
Remote electronic signature specialist, Cryptomathic, announces that its popular e-signature solution, Signer, has been recognised as providing the highest possible level of security following its Common Criteria certification to the new eIDAS protection profile 419241-2 for remote Qualified Electronic Signatures. Signer’s Common Criteria certification significantly raises the bar. Not only does Signer join an elite few remote Qualified Signature Creation Devices (QSCDs) to be certified against the new eIDAS protection profile, it is the first solution to place the Signature Activation Module (SAM) inside the Hardware Security Module (HSM). This means the signing payload can only be executed from inside the protected cryptographic environment, making it significantly more resistant to attack, including from insiders. Protected cryptographic environment Common Criteria certification is expected to become a mandatory requirement under the eIDAS regulation Signer also offers What You See Is What You Sign (WYSIWYS) functionality, which provides strong non-repudiation and addresses long term validation signature profiles for XML or PDF documents. The combination of these factors elevates Signer to a high-assurance level that is unmatched anywhere else in the e-signature industry. “Common Criteria certification to this new protection profile is widely expected to become a mandatory requirement under the terms of the eIDAS regulation, so we’re delighted to be this far ahead of the game,” comments Guillaume Forget, Managing Director, Cryptomathic GmbH. High security software “The governments, banks and other entities that use Signer rely on Cryptomathic to provide the highest possible assurance level in its remote qualified e-signature services. To meet these expectations, we have set up and enforced a secure development environment and procedures that meet the highest levels within Common Criteria." "Cryptomathic has demonstrated the ability to document and meet security properties, again, at the highest level. The certification has shown that our development team in Denmark is in full control of all tools and processes related to the complete product life cycle. It’s a terrific achievement and cements our position at the bleeding edge of high security software.” Electronically sign documents Cryptomathic is provider of e-signature technology and assists multiple trust services providers and banks to enable their customers to electronically sign documents and transactions at the highest assurance level.
Deutsche Post has entered the era of end-to-end digitalisation by extending its Postident digital identity management services with Qualified Electronic Signatures (QES), enabling their clients to conduct all their business entirely online, with enhanced security and privacy and in full compliance with the eIDAS regulation. Guillaume Forget, Managing Director at Cryptomathic GmbH comments: “We are very proud to have been selected by Deutsche Post as a primary partner to enhance Postident with eSigning capacity. This truly mobile solution is the first of its kind to achieve the qualified level, which provides the same probative value as paper-signed documents. With such legal certainty, it is no surprise that the financial industry has picked up the service already, to digitalise contract signing.” Remote server signing QES solution offers an excellent, end-to-end digital user experience integrated into the business workflow to ensure a high customer conversion rate Deployed as a cost-effective managed service, the QES solution offers an excellent, end-to-end digital user experience integrated into the business workflow to ensure a high customer conversion rate. It meets the highest standards in terms of data protection, security and non-repudiation, thanks to Cryptomathic's continuous innovation in remote server signing and ‘What You See Is What What You Sign’ technology. One of the primary objectives of the QES service was to improve usability and mobility, to ensure unrivalled levels of user adoption. Achieve digital transformation All the end-user needs is a mobile phone, a connected device and an official ID document to go through the following process: To start the signing process, the end-user and the documents to be signed are rerouted from the business application to the POSTID-Portal. Initial registration can be completed via a video chat session established from a browser or mobile app. During this step, a Deutsche Post agent will remotely verify the authenticity of the user’s ID document and check the identity of the signatory. For signature authorisation, the end-user is required to read the document to be signed through a trusted viewer. Strong authentication is used to provide consent and sign the document in a legally binding way. The signed document(s) are automatically transferred to the business application and are available for download for the signatory. Cryptomathic partners with Trust Service Providers to deliver tailored and fully managed Qualified Electronic Signature services, which are used across Europe for the banking sector and organisations aiming to achieve digital transformation with the highest security and assurance levels.