Utimaco CP5 Certified and Listed as Approved QSCD
– Get ready for Qualified and Local Mass Sealing

The HSM (Hardware Security Module) model „CryptoServer CP5“ by Utimaco has been successfully certified at the end of May 2020 by TÜV-Rheinland Nederland B.V against the eIDAS Protection Profile (PP) EN 419 221-5 “Cryptographic Module for Trust Services”.

On 4 June 2020, the European Commission entered it on the List of Secure Signature Creation Devices profiting from the Set of Transitional Measures pursuant to Article 51(1) of the Regulation (EU) no. 910/2014 (eIDAS). The Utimaco CP5 was approved as a QSCD in which data for creating qualified electronic signatures or electronic seals „are saved in an environment that is completely, but not necessarily exclusively, administered by the user.“ This provides companies with legal and technical methods to electronically sign digital documents with legally binding qualified seals (and/or signatures) in their own data centres. This means that the sealing and signing processes can be conducted locally and independently of Qualified Trust Service Providers (QTSPs) or any other remote services, so that the documents or document hashes remain within the organisation throughout the signing operation.

CEN / TS 419221-6 & Qualified Local Mass Sealing (QLMS) with ESYSCO

The encryption and eIDAS experts from ESYSCO have foreseen this development and therefore have the necessary know-how and established long-term partnerships with reputable manufacturers and QTSPs to implement all components of qualified local mass seals in existing IT structures.

As partial or complete solution, the service provided by ESYSCO includes the supply and configuration of certified QSCD (Utimaco CP5), the issuance and installation of multiple qualified e-seals in cooperation with a qualified Trust Service Provider, the supply and integration of server software for sealing the documents, including verification and archiving of seals, signatures and time stamps of documents, and – last but not least – introductory training, maintenance and support.

The publication of the technical specification of March 1, 2019 (CEN / TS 419221-6) specifies conditions for the local use of EN 419221-5 certified devices as a qualified electronic signature or seal creation device, in the event that the signer or seal creator has direct local control about the cryptographic module. The aim is for the units to be recognized as qualified seal creation units and/or signature creation units (QSealCD / QSignatureCD) according to Regulation (EU) 910/2014. A prerequisite for the mass sealing within the organisation is a corresponding certification of the HSM / QSCD used and its accommodation in a secure server room or data center secure by physical access control.

Qualified Sealing of more than 11 Million Documents per hour

Qualified Local Mass Sealing (QLMS) is the complete solution that enables signing over 11 million documents per hour on your premises and in conformity with eIDAS using Qualified Seals. The solution is perfect for mass document processing or highest data throughput and with high degree of automation.

QLMS allows companies and organisations from financial, administrative and health sectors to implement highly efficient eIDAS-compliant e-seal processes, e.g. for digital account statements, official certificates, hospital patients’ records, digital invoices etc. as well as for authenticating account access with FinTechs according to PSD2 (Payment Services Directive 2). So far, it has been and is common to save qualified e-seals either for use by card readers on smart cards with a crypto chip or for remote processes as a cloud seal.

Only since the CEN / TS 419221-6 regulation was amended on 1 March 2019, it has become legally admissible to use Hardware Security Modules (HSMs) as QSCD for internal digital sealing of documents, which is no longer preserved to QTSPs only. In cooperation with its technology partners, ESYSCO has technically implemented this now legally compliant, efficient and high-volume alternative for e-seal cards and remote processes.

Overview of the QLMS Process