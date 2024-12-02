The paper calls for the new EU security standards to ensure that cloud-based central signing services, which allow users to remotely generate legally binding Qualified Electronic Signatures (QES) in dedicated tamper resistant hardware, are referenced within the eIDAS Framework and can be certified, according to Common Criteria, as Qualified Electronic Signature Creation Devices (QSCD).

The company points out the use of such central signing schemes by over ten million users across several European countries including Denmark, Norway, Luxembourg and Austria and urges the eIDAS regulation to formally recognise these. Cryptomathic also mentions that centralised signing systems leave secure logs during the signature generation process, which can be used in dispute cases, giving cloud-based server signing a considerable security advantage over alternative methods.

Furthermore, the paper states that the introduction of a secure element for end-user and data authentication prior to the generation of e-signatures through a remote signature would be at odds with the objectives of the regulation, which is to increase the use of e-signatures through lower costs and easier access and by leveraging existing successful implementations.

Cryptomathic provides security solutions to businesses across a wide range of industry sectors, including finance, smart card, digital rights management and government. The company has assisted customers by providing systems for e-banking, PKI initiatives, card personalization, e-passport, card issuing and key management through security software and services. Cryptomathic has a global customer base of more than 300 companies and governments, including multinationals, such as card payment processors and payment schemes.

