Certification of the eIDAS conformity of QSCD

With TÜV NORD to the Qualified Signature and Seal Creation Device

Qualified electronic signature and seal creation devices (QSCDs) must satisfy the requirements of the eIDAS Regulation (Annex II) and be certified in accordance with it. Testing and certification is carried out according to an approved safety assessment procedure by an independent body notified by member states of the EU Commission. Certification by an independent and notified body is a prerequisite for the inclusion of the QSCD in the EU list of certified QSCDs.

As an accredited testing and certification body for Common Criteria and a notified certification body for QSCDs, we support you from the planning process, through assessment and certification to the final step in the publication of your QSCD by the European Commission. Depending on the QSCD type, the assessment is carried out according to Common Criteria or is based on a certification process with an equivalent level of security specifically developed by TÜV NORD for this purpose.

We also offer you customized workshops in order to best prepare you for any upcoming certification or, within the framework of our eIDAS.PROFESSIONAL training, turn you into an expert on eIDAS and ETSI matters.

Our services in the field of qualified signature creation devices (QSCD)

Introduction to the world of eIDAS, relevant CEN and ETSI standards, as well as Common Criteria (CC) and CC protection profiles in the form of training sessions

Services Qualified Signature and Seal Creation Device: Project-specific workshops as preparation for certification

Project-specific workshops as preparation for certification

Services Qualified Signature and Seal Creation Device: Support with the creation of CC-compliant documents

Support with the creation of CC-compliant documents

Services Qualified Signature and Seal Creation Device: Review & certification of QSCDs according to approved safety assessment procedures, in particular CC & relevant protection profiles of CEN

Review & certification of QSCDs according to approved safety assessment procedures, in particular CC & relevant protection profiles of CEN

Standards we use to audit

CID (EU) 2016/650

Standards for the security assessment of qualified signature and seal creation devices pursuant to Articles 30(3) and 39(2) of eIDAS Regulation

eIDAS Regulation

Article 30: Certification of qualified electronic signature creation devices

Article 39: Qualified electronic seal creation devices

EU QSCD list

Notifications of member states about designated bodies, certified qualified electronic signature and seal creation devices according to eIDAS Regulation

ISO/IEC 15408-1
(Common Criteria)

Information technology – Security techniques – Evaluation criteria for IT security – Part 1: Introduction and general model

ISO/IEC 15408-2
(Common Criteria)

Information technology – Security techniques – Evaluation criteria for IT security – Part 2: Security functional requirements

ISO/IEC 15408-3
(Common Criteria)

Information technology – Security techniques – Evaluation criteria for IT security – Part 3: Security assurance requirements

EN 419 221-5
(Common Criteria Protection Profile for Cryptographic Modules)

CEN/EN 419 221-5:2018, Protection profiles for TSP Cryptographic modules - Part 5: Cryptographic Module for Trust Services

EN 419 241-2
(Common Criteria Protection Profile for QSCD for Server Signing)

CEN/EN 419 241-2:2019, Trustworthy Systems Supporting Server Signing - Part 2: Protection Profile for QSCD for Server Signing

Your benefits at a glance

European recognition: The certificate of your QSCD will be included in the official QSCD list of the EU Commission and published on our website.
Objective verification of trusted status: You can provide objective evidence of the IT security of your QSCD to customers and trust service providers.

Entry into the European market: Successful certification of your QSCD will enable you to access the European Single Market.
Efficient certification process: Our security assessment process, which has been approved for QSCDs for server signatures, and support for the creation of Common Criteria-compliant documents saves you time and effort in the certification process.

All about trust services

Events

eIDAS.PROFESSIONAL-Training

Downloads

Certification Process for eIDAS conformant QSCDs of the certification body of TÜV Informationstechnik GmbH V. 1.3

News

REMOTE instead of ON-SITE: Possibilities of auditing in times of Corona
Customer information: Dealing with the Corona virus
TÜVIT specifies cybersecurity architecture for On-board Telematics Platform (OTP)

What are qualified electronic signature and seal creation devices?

A qualified signature or seal creation device (QSCD) is a particular combination of hardware and software that securely administers cryptographic keys and with the help of which qualified electronic signatures/seals (QES) can be created. QSCDs based on crypto modules are used specifically for server signatures. Here, the QSCD makes use of various technical procedures and means in order to ensure, among other things, that signature keys remain confidential and are generated by means of established cryptographic procedures.

In order to be officially classified as a QSCD, a QSCD must satisfy the requirements of Annex II of Regulation (EU) No. 910/2014 (eIDAS). Article 1 [CID (EU) 2016/650] makes a distinction between two types of QSCD:

QSCDs where the electronic signature or seal creation data are located entirely, but not necessarily exclusively, in the user’s environment. Here, the certification is based on Common Criteria protection profiles.
QSCDs where a qualified Trust Service Provider administers the electronic signature or seal creation data on behalf of a signatory or seal creator (remote QSCD or server signature QSCD). As there are no applicable standards for the assessment of remote QSCDs, approved certification procedures with a level of security that is equivalent to Common Criteria certification can be used.

Expertise

Our experienced experts have already successfully completed more than 500 PKI projects of various sizes, some of which were transnational.

Industry experience

Due to many years of experience in different branches of industry we can serve companies from a wide range of industries.

Everything from a single source

We offer an all-round eIDAS package: From training and workshops, planning support and audits all the way to conformity assessment (certification).

Tailor-made for you

We focus on individual services - and solutions - that optimally fit your current company situation and your set goals.

International network of experts

Around the globe: We support you both nationally and internationally. Our global network of experts is ready to help you in word and deed in all IT security issues.

Independence

Our employees are not subject to any conflicts of interest, as they are not committed to any product suppliers, system integrators, stakeholders, interest groups or government agencies.