Certification of the eIDAS conformity of QSCD

With TÜViT to the Qualified Signature and Seal Creation Device

Qualified electronic signature and seal creation devices (QSCDs) must satisfy the requirements of the eIDAS Regulation (Annex II) and be certified in accordance with it. Testing and certification is carried out according to an approved safety assessment procedure by an independent body notified by member states of the EU Commission. Certification by an independent and notified body is a prerequisite for the inclusion of the QSCD in the EU list of certified QSCDs.

As an accredited testing and certification body for Common Criteria and a notified certification body for QSCDs, we support you from the planning process, through assessment and certification to the final step in the publication of your QSCD by the European Commission. Depending on the QSCD type, the assessment is carried out according to Common Criteria or is based on a certification process with an equivalent level of security specifically developed by TÜViT for this purpose.

We also offer you customized workshops in order to best prepare you for any upcoming certification or, within the framework of our eIDAS.PROFESSIONAL training, turn you into an expert on eIDAS and ETSI matters.

Our services in the field of qualified signature creation devices (QSCD)

Introduction to the world of eIDAS, relevant CEN and ETSI standards, as well as Common Criteria (CC) and CC protection profiles in the form of training sessions

Services Qualified Signature and Seal Creation Device: Project-specific workshops as preparation for certification

Project-specific workshops as preparation for certification

Services Qualified Signature and Seal Creation Device: Support with the creation of CC-compliant documents

Support with the creation of CC-compliant documents

Services Qualified Signature and Seal Creation Device: Review & certification of QSCDs according to approved safety assessment procedures, in particular CC & relevant protection profiles of CEN

Review & certification of QSCDs according to approved safety assessment procedures, in particular CC & relevant protection profiles of CEN

Standards we use to audit

CID (EU) 2016/650

Standards for the security assessment of qualified signature and seal creation devices pursuant to Articles 30(3) and 39(2) of eIDAS Regulation

eIDAS Regulation

Article 30: Certification of qualified electronic signature creation devices

Article 39: Qualified electronic seal creation devices

EU QSCD list

Notifications of member states about designated bodies, certified qualified electronic signature and seal creation devices according to eIDAS Regulation

ISO/IEC 15408-1
(Common Criteria)

Information technology – Security techniques – Evaluation criteria for IT security – Part 1: Introduction and general model

ISO/IEC 15408-2
(Common Criteria)

Information technology – Security techniques – Evaluation criteria for IT security – Part 2: Security functional requirements

ISO/IEC 15408-3
(Common Criteria)

Information technology – Security techniques – Evaluation criteria for IT security – Part 3: Security assurance requirements

EN 419 221-5
(Common Criteria Protection Profile for Cryptographic Modules)

CEN/EN 419 221-5:2018, Protection profiles for TSP Cryptographic modules - Part 5: Cryptographic Module for Trust Services

EN 419 241-2
(Common Criteria Protection Profile for QSCD for Server Signing)

CEN/EN 419 241-2:2019, Trustworthy Systems Supporting Server Signing - Part 2: Protection Profile for QSCD for Server Signing

Your benefits at a glance

European recognition: The certificate of your QSCD will be included in the official QSCD list of the EU Commission and published on our website.
Objective verification of trusted status: You can provide objective evidence of the IT security of your QSCD to customers and trust service providers.

Entry into the European market: Successful certification of your QSCD will enable you to access the European Single Market.
Efficient certification process: Our security assessment process, which has been approved for QSCDs for server signatures, and support for the creation of Common Criteria-compliant documents saves you time and effort in the certification process.

All about trust services

Events

eIDAS.PROFESSIONAL-Training

Downloads

Certification Process for eIDAS conformant QSCDs of the certification body of TÜV Informationstechnik GmbH V. 1.0

Certification Process for eIDAS conformant QSCDs of the certification body of TÜV Informationstechnik GmbH V. 1.1

Certification Process for eIDAS conformant QSCDs of the certification body of TÜV Informationstechnik GmbH V. 1.2

News

What are qualified electronic signature and seal creation devices?

A qualified signature or seal creation device (QSCD) is a particular combination of hardware and software that securely administers cryptographic keys and with the help of which qualified electronic signatures/seals (QES) can be created. QSCDs based on crypto modules are used specifically for server signatures. Here, the QSCD makes use of various technical procedures and means in order to ensure, among other things, that signature keys remain confidential and are generated by means of established cryptographic procedures.

In order to be officially classified as a QSCD, a QSCD must satisfy the requirements of Annex II of Regulation (EU) No. 910/2014 (eIDAS). Article 1 [CID (EU) 2016/650] makes a distinction between two types of QSCD:

QSCDs where the electronic signature or seal creation data are located entirely, but not necessarily exclusively, in the user’s environment. Here, the certification is based on Common Criteria protection profiles.
QSCDs where a qualified Trust Service Provider administers the electronic signature or seal creation data on behalf of a signatory or seal creator (remote QSCD or server signature QSCD). As there are no applicable standards for the assessment of remote QSCDs, approved certification procedures with a level of security that is equivalent to Common Criteria certification can be used.

Expertise

Our experienced experts have already successfully completed more than 500 PKI projects of various sizes, some of which were transnational.

Industry experience

Due to many years of experience in different branches of industry we can serve companies from a wide range of industries.

Everything from a single source

We offer an all-round eIDAS package: From training and workshops, planning support and audits all the way to conformity assessment (certification).

Tailor-made for you

We focus on individual services - and solutions - that optimally fit your current company situation and your set goals.

International network of experts

Around the globe: We consult and support you both nationally and internationally. Our global network of experts is ready to help you in word and deed in all IT security issues.

Independence

Our employees are not subject to any conflicts of interest, as they are not committed to any product suppliers, system integrators, stakeholders, interest groups or government agencies.

You have questions? We are pleased to help!

Mario Henn

Auditor & Account Manager
eID & Trust Services

+49 201 8999-535
Fax : +49 201 8999-555

m.henn@tuvit.de

Send email

Contact Form

Matthias Wiedenhorst

Head of Certification Division Trust Service Provider

+49 201 8999-536
Fax : +49 201 8999-555

m.wiedenhorst@tuvit.de

Send email

Contact Form

Electronic Signatures

We accompany trust service providers for electronic signatures on the way to their qualification status: from the planning of their services to the required tests up to the conformity assessment / re-certification.

Electronic Seals

Become a qualified trust service provider (VDA) for electronic seals: We support you in planning your service(s), perform audits according to eIDAS & ETSI and accompany you on your way to conformity assessment.

Website Authentication

Servers and websites available on the internet must be clearly attributed to their operators if users are to trust them. The secure identification of websites and server systems on the internet takes place using electronic certificates.

Validation Services for Electronic Signatures, Seals and Timestamps

Validation services are indispensable for assessing the correctness and integrity of electronically signed, sealed and timestamped documents. They review certificates in real time and ensure transparency.

Electronic Archives and Archiving Services

Documents that are electronically signed or marked with a timestamp are subject to ageing, just like their hard copy counterparts. If the certificates or mathematical algorithms used there are no longer up to date, this results in them losing their value as evidence.

Electronic Identification (eID)

Electronic identification systems have the great advantage that they save companies time and expense, and significantly simplify communication for customers – provided that the systems work securely and that they are trustworthy.

Electronic Registered Delivery Services

Electronic registered delivery services transmit electronic data such as emails between third parties and provide evidence relating to sending and receiving the transmitted data at a certain date and time.

Cooperative Intelligent Transport Systems (C-ITS)

We support you on your way to an IT-secure C-ITS solution: from planning or further development, through testing, to successful certification according to the security requirements of the European Commission.

Certification of the eIDAS conformity of qualified signature and seal creation devices

With TÜViT to the Qualified Signature and Seal Creation Device

Our services in the field of qualified signature creation devices (QSCD)

Standards we use to audit

Your benefits at a glance

All about trust services

What are qualified electronic signature and seal creation devices?

Why we are a strong partner for you

You have questions? We are pleased to help!

Mario Henn

Matthias Wiedenhorst

Further services