Qualified local mass sealing
for legal entities

White paper
A Qalified Electronic Seal is an EU-approved tool used for signing
documents by legal entities such as join-stock companies,
limited-liability companies and public institutions.
It is a solution based on trust, which guarantees integrity
and authenticity of the data sources it is connected with.

Finance and insurances

  • The highest level of assurance: the origin of the document is digitally confirmed

  • Guarantee of the documents’ integrity

  • Support of documents’ digitalisation processes: scanning and archiving

  • Acts as a durable medium for future reference

  • PSD2 requires the use of QSeal in order to confirm and guarantee the integrity of data

Business

  • Automated processes in the DMS and EPR systems for more efficient business accounting, sales, customer service and HR

  • Automated and legally binding B2B and B2C electronic communication

  • Lowering the costs and saving time when processing documents and files

  • Managing e-invoices

Public administration

  • Improving the circulation of documents

  • Electronic documents are becoming legally binding and valid

  • Signing and timestamping tax declarations

  • Electronic confirmation that various applications and documents have been received

  • Notarial services

Health care

  • Improvement of processes for higher efficiency

  • Reliability and integrity of medical documentation

  • Safe document exchange with internal, as well as external operators

  • Long-term security of the stored documents

  • Easier administrative flow due to improved workflow

Key business goals and benefits

Improved and efficient
automatization processes

Reduction of time and costs
connected with document

Higher level of legal certainty for organizations which implement innovative solutions

Legally binding transactions

Efficient, quick and flexible
organisation

Highest level of security
in B2B and B2 communication

Usage options of qualified electronic seal

  • Mass documentation e.g. notifications, bank statements, policies etc.

  • Official notifications and certificates

  • Patients’ hospital records and discharge papers

  • Legal documents (e.g. legal acts)

  • Authentication when gaining the access to financial services in accordance with the new EU regulation regarding PSD2 payment services

  • Official company documents (financial reports, fiats, statutes)

  • Contracts and commercial offers

  • Electronic invoices, bills, order and delivery confirmations

  • Electronic correspondence (smart scanning with document integrity confirmation)

Solution description

Qualified Seal can be integrated with any system managing electronic documents (DMS, ERP) or any other application using a shared disc resource. Integration using API is also possible.

Supported standards

PKCS#7, PDF & PDF/A, XAdES, EDI, LTA, ERS, timestamp

Long-term document archiving

  • Binding power and integrity of signed documents

  • Supporting popular standards such as LTANS / ERS

  • Re-signing and timestamping

  • Securing algorithms

  • Full audit and access log

QSeal for SmartCard and QSCD

Sealing individual or multiple documents using the local software,
both desktop- and server-based. The process includes the use
of a single cryptographic card with a reader.
Mass document sealing in B2B and B2C transactions: for sealing
multiple documents (mass sealing) server-based software can be used.
This software uses hardware security module (HSM) as QSCD.

Local QSeal with QSCD

  • Seal qualified on a cryptographic card (SmartCard) or on a high efficiency QSCD

  • The seal is stored by the legal entity being its owner in a specially secured server room

Remote QSeal with QSCD

  • Qualified seal delivered as a service in a public or corporate cloud

  • Qualified seal remains under the sole control of the document signee

Application for creating the electronic seal

Supporting shared standards,
algorithms and protocols

Documenting the achievements

Flexible integration

Mass sealing of millions of documents
per hour

High efficiency

Mass sealing of hundreds of documents
in a single step

EU law and the electronic seal

eIDAS – the EU regulation (1999/93/WE) regulates electronic identification and trust services in regard to online transactions, standardises norms of the security of electronic interactions between citizens, enterprises and public institutions all over the European Union.

Thanks to the eIDAS regulation, electronic documents signed with qualified seal are treated equally as documents signed by hand.

ENISA

In November 2018, ENISA, the European Union Agency for Cybersecurity, has published and Assessment of Standards related to eIDAS Recommendations to support the technical implementation of the eIDAS Regulation. §4.3.2 states clearly that “This Protection Profile can be perfectly applied for devices that are not managed by a TSP.

A device certified against this PP may be used by users that wish to store they signing keys remotely, as it would be the case e.g. for a legal person implementing a QSCD to issue qualified seals.“

CEN/TS

In March 2019, CEN TS 419 221-6 which specifies “Conditions for use of EN 419221-5 as a qualified electronic signature or seal creation device“ was published.

This technical specification provides a clear basis for acceptance of EN 419221-5 certified devices for use as a qualified signature creation device or a qualified electronic seal creation device under Regulation 910/2014 even if not operated by a qualified TSP. In other words, the legal owner of a qualified seal can use a QSCD locally, usually on premise, for high performant local sealing of documents.

Legal aspects and certification

eIDAS requires a certified Qualified Signature (or Seal) Creation Devices (QSCD) using qualified certificates for the generation of electronic signatures and seals. Our solution is based on Utimaco’s CP5 Common Criteria Protection Profile PP EN 419 221-5 certified QSCD.

Standardisation

Apart from introducing electronic signatures and timestamps, the eIDAS regulation also introduced the procedure of electronic sealing, registering of electronic receptions/deliveries, as well as validation and conservation seals and signatures.

Legal validity and binding

The aim of all the solutions mentioned above is providing maximum security of electronic transactions carried out online, as well as giving them the same binding legal power as if they were signed on paper.

Why is the QSeal
in accordance with eIDAS?

  • A Qualified Electronic Seal guarantees authenticity and integrity of documents in B2B and B2C transactions.

  • A Qualified Electronic Seal is assigned to a specific legal entity, it is the digital confirmation. It works as a digital version of a traditional company seal stamp.

  • Thanks to proper certification of Qualified Signature Creation Devices (QSCD) a Qualified Electronic Seal for mass and local sealing can be stored either by the seal owner or certified Trust Services Provider.

Get in touch