With TÜViT to the Qualified Signature and Seal Creation Device
Qualified electronic signature and seal creation devices (QSCDs) must satisfy the requirements of the eIDAS Regulation (Annex II) and be certified in accordance with it. Testing and certification is carried out according to an approved safety assessment procedure by an independent body notified by member states of the EU Commission. Certification by an independent and notified body is a prerequisite for the inclusion of the QSCD in the EU list of certified QSCDs.
As an accredited testing and certification body for Common Criteria and a notified certification body for QSCDs, we support you from the planning process, through assessment and certification to the final step in the publication of your QSCD by the European Commission. Depending on the QSCD type, the assessment is carried out according to Common Criteria or is based on a certification process with an equivalent level of security specifically developed by TÜViT for this purpose.
We also offer you customized workshops in order to best prepare you for any upcoming certification or, within the framework of our eIDAS.PROFESSIONAL training, turn you into an expert on eIDAS and ETSI matters.
Our services in the field of qualified signature creation devices (QSCD)
Introduction to the world of eIDAS, relevant CEN and ETSI standards, as well as Common Criteria (CC) and CC protection profiles in the form of training sessions
Project-specific workshops as preparation for certification
Support with the creation of CC-compliant documents
Review & certification of QSCDs according to approved safety assessment procedures, in particular CC & relevant protection profiles of CEN
Standards we use to audit
CID (EU) 2016/650
Standards for the security assessment of qualified signature and seal creation devices pursuant to Articles 30(3) and 39(2) of eIDAS Regulation
eIDAS Regulation
Article 30: Certification of qualified electronic signature creation devices
Article 39: Qualified electronic seal creation devices
Notifications of member states about designated bodies, certified qualified electronic signature and seal creation devices according to eIDAS Regulation
ISO/IEC 15408-1
(Common Criteria)
Information technology – Security techniques – Evaluation criteria for IT security – Part 1: Introduction and general model
ISO/IEC 15408-2
(Common Criteria)
Information technology – Security techniques – Evaluation criteria for IT security – Part 2: Security functional requirements
ISO/IEC 15408-3
(Common Criteria)
Information technology – Security techniques – Evaluation criteria for IT security – Part 3: Security assurance requirements
EN 419 221-5
(Common Criteria Protection Profile for Cryptographic Modules)
CEN/EN 419 221-5:2018, Protection profiles for TSP Cryptographic modules - Part 5: Cryptographic Module for Trust Services
EN 419 241-2
(Common Criteria Protection Profile for QSCD for Server Signing)
CEN/EN 419 241-2:2019, Trustworthy Systems Supporting Server Signing - Part 2: Protection Profile for QSCD for Server Signing
Your benefits at a glance
- European recognition: The certificate of your QSCD will be included in the official QSCD list of the EU Commission and published on our website.
- Objective verification of trusted status: You can provide objective evidence of the IT security of your QSCD to customers and trust service providers.
- Entry into the European market: Successful certification of your QSCD will enable you to access the European Single Market.
- Efficient certification process: Our security assessment process, which has been approved for QSCDs for server signatures, and support for the creation of Common Criteria-compliant documents saves you time and effort in the certification process.
All about trust services
What are qualified electronic signature and seal creation devices?
A qualified signature or seal creation device (QSCD) is a particular combination of hardware and software that securely administers cryptographic keys and with the help of which qualified electronic signatures/seals (QES) can be created. QSCDs based on crypto modules are used specifically for server signatures. Here, the QSCD makes use of various technical procedures and means in order to ensure, among other things, that signature keys remain confidential and are generated by means of established cryptographic procedures.
In order to be officially classified as a QSCD, a QSCD must satisfy the requirements of Annex II of Regulation (EU) No. 910/2014 (eIDAS). Article 1 [CID (EU) 2016/650] makes a distinction between two types of QSCD:
- QSCDs where the electronic signature or seal creation data are located entirely, but not necessarily exclusively, in the user’s environment. Here, the certification is based on Common Criteria protection profiles.
- QSCDs where a qualified Trust Service Provider administers the electronic signature or seal creation data on behalf of a signatory or seal creator (remote QSCD or server signature QSCD). As there are no applicable standards for the assessment of remote QSCDs, approved certification procedures with a level of security that is equivalent to Common Criteria certification can be used.
Why we are a strong partner for you
You have questions? We are pleased to help!
Karim Marcel Odeh
Matthias Wiedenhorst
Head of Certification Division Trust Service Provider
+49 201 8999-536
Fax
: +49 201 8999-555
Further services
