Do you have any questions or comments? Contact us!
Contact us now!
+49 201 8999-642 Mail Request an offer
- Introduction
- Our services
- Standards we use to audit
- Your benefits
- All about trust services
- What are QSCDs?
- Why TÜVIT?
- Contact us
With TÜVIT to the Qualified Signature and Seal Creation Device
Qualified electronic signature and seal creation devices (QSCDs) must satisfy the requirements of the eIDAS Regulation (Annex II) and be certified in accordance with it. Testing and certification is carried out according to an approved safety assessment procedure by an independent body notified by member states of the EU Commission. Certification by an independent and notified body is a prerequisite for the inclusion of the QSCD in the EU list of certified QSCDs.
As an accredited testing and certification body for Common Criteria and a notified certification body for QSCDs, we support you from the planning process, through assessment and certification to the final step in the publication of your QSCD by the European Commission. Depending on the QSCD type, the assessment is carried out according to Common Criteria or is based on a certification process with an equivalent level of security specifically developed by TÜVIT for this purpose.
We also offer you customized workshops in order to best prepare you for any upcoming certification or, within the framework of our eIDAS.PROFESSIONAL training, turn you into an expert on eIDAS and ETSI matters.
Our services in the field of qualified signature creation devices (QSCD)
Introduction to the world of eIDAS, relevant CEN and ETSI standards, as well as Common Criteria (CC) and CC protection profiles in the form of training sessions
Project-specific workshops as preparation for certification
Support with the creation of CC-compliant documents
Review & certification of QSCDs according to approved safety assessment procedures, in particular CC & relevant protection profiles of CEN
Standards we use to audit
CID (EU) 2016/650
Standards for the security assessment of qualified signature and seal creation devices pursuant to Articles 30(3) and 39(2) of eIDAS Regulation
eIDAS Regulation
Article 30: Certification of qualified electronic signature creation devices Article 39: Qualified electronic seal creation devices
Notifications of member states about designated bodies, certified qualified electronic signature and seal creation devices according to eIDAS Regulation
ISO/IEC 15408-1
(Common Criteria)
Information technology – Security techniques – Evaluation criteria for IT security – Part 1:Introduction and general model
ISO/IEC 15408-2
(Common Criteria)
Information technology – Security techniques – Evaluation criteria for IT security – Part 2:Security functional requirements
ISO/IEC 15408-3
(Common Criteria)
Information technology – Security techniques – Evaluation criteria for IT security – Part 3:Security assurance requirements
EN 419 221-5
(Common Criteria Protection Profilefor Cryptographic Modules)
CEN/EN 419 221-5:2018, Protection profiles for TSP Cryptographic modules - Part 5: Cryptographic Module for Trust Services
EN 419 241-2
(Common Criteria Protection Profile for QSCD for Server Signing)
CEN/EN 419 241-2:2019, Trustworthy Systems Supporting Server Signing - Part 2: Protection Profile for QSCD for Server Signing
Your benefits at a glance
- European recognition: The certificate of your QSCD will be included in the official QSCD list of the EU Commission and published on our website.
- Objective verification of trusted status:You can provide objective evidence of the IT security of your QSCD to customers and trust service providers.
- Entry into the European market:Successful certification of your QSCD will enable you to access the European Single Market.
- Efficient certification process: Our security assessment process, which has been approved for QSCDs for server signatures, and support for the creation of Common Criteria-compliant documents saves you time and effort in the certification process.
All about trust services
Events
- eIDAS.PROFESSIONAL-Training
Downloads
Certification Process for eIDAS conformant QSCDs of the certification body of TÜV Informationstechnik GmbH V. 1.2
News
- REMOTE instead of ON-SITE: Possibilities of auditing in times of Corona
- Customer information: Dealing with the Corona virus
-
TÜVITspecifies cybersecurity architecture for On-board Telematics Platform (OTP)
What are qualified electronic signature and seal creation devices?
A qualified signature or seal creation device (QSCD) is a particular combination of hardware and software that securely administers cryptographic keys and with the help of which qualified electronic signatures/seals (QES) can be created. QSCDs based on crypto modules are used specifically for server signatures. Here, the QSCD makes use of various technical procedures and means in order to ensure, among other things, that signature keys remain confidential and are generated by means of established cryptographic procedures.
In order to be officially classified as a QSCD, a QSCD must satisfy the requirements of Annex II of Regulation (EU) No. 910/2014 (eIDAS). Article 1 [CID (EU) 2016/650] makes a distinction between two types of QSCD:
- QSCDs where the electronic signature or seal creation data are located entirely, but not necessarily exclusively, in the user’s environment. Here, the certification is based on Common Criteria protection profiles.
- QSCDs where a qualified Trust Service Provider administers the electronic signature or seal creation data on behalf of a signatory or seal creator (remote QSCD or server signature QSCD). As there are no applicable standards for the assessment of remote QSCDs, approved certification procedures with a level of security that is equivalent to Common Criteria certification can be used.
Why we are a strong partner for you
Expertise
Our experienced experts have already successfully completed more than 500 PKI projects of various sizes, some of which were transnational.
Industry experience
Due to many years of experience in different branches of industry we can serve companies from a wide range of industries.
Everything from a single source
We offer an all-round eIDAS package: From training and workshops, planning support and audits all the way to conformity assessment (certification).
Tailor-made for you
We focus on individual services - and solutions - that optimally fit your current company situation and your set goals.
International network of experts
Around the globe: We support you both nationally and internationally. Our global network of experts is ready to help you in word and deed in all IT security issues.
Independence
Our employees are not subject to any conflicts of interest, as they are not committed to any product suppliers, system integrators, stakeholders, interest groups or government agencies.
You have questions? We are pleased to help!
Contact Send mail
Joshua RumiAccount Manager Trust Services
IT Infrastructure
Tel.: +49 201 8999-642
j.rumi@tuvit.de
Contact Send mail
Matthias WiedenhorstHead of Certification Division Trust Service Provider
Tel.: +49 201 8999-536
Fax: +49 201 8999-555
m.wiedenhorst@tuvit.de
