Академический Документы
Профессиональный Документы
Культура Документы
eIDAS Regulation
Using Gemalto Smart Cards for eIDAS compliance
What is eIDAS?
eIDAS is the European Regulation aimed at creating a framework for cross-border electronic identification and
transactions across EU member countries.
eIDAS Timeline
*Adoption of 6 implementing acts on:
MS cooperation
September 2014 1st July 2016 Interoperability framework
Entry into force eIDAS Regulation replaces eID levels of assurance
Formats of advanced electronic signature & seals
of the Regulation eSignature Directive **
Technical specifications of the national trusted lists
EU Trust mark
2014 2015 2016 2017 2018 2019 **Certificates issued to natural persons
under the eSignature Directive remain
valid until expiry and Certification Service
Providers are allowed a 1 year time
September 2015 September 2018 frame to submit a conformity
Voluntary recognition Mandatory cross border assessment report and as consequence
are considered as qualified Trust Service
of eIDs* ecognition of eIDs Providers under the new eIDAS
regulation.
©Gemalto 2016. All rights reserved. Gemalto, the Gemalto logo, are trademarks and service marks of Gemalto and are registered in certain countries.FS (EN)-Aug.11.2016 - Design: FR
>> Only QTSPs have a standard level of security in Europe
accredited and supervised by authorities designated by EU and comply with the requirements defined in the eIDAS
Member States. Qualified certificates must also be stored Regulation.
on a qualified signature creation device (QSCD), such
as a USB token, smart card or a cloud-based hardware What are the steps to become a QTSP?
security module (HSM). In order to provide qualified 1. Business needs to get an assessment report issued by an
eSignature services, a trust service provider must be accredited conformity assessment body. This assessment
granted qualified status will verify the business and the services it provides meet
the requirements to be qualified.
How to Prove Digital Signature Compliance with
2. Trust Service Provider sends the report with letter of
eIDAS
intent to the national supervisory body in the Member
Common Criteria is an international set of guidelines and State where the business is located. Supervisory body has
specifications for evaluating information security products, three weeks to determine if the report proves compliance.
specifically to ensure they meet an agreed-upon security
3. If qualified status is granted, the Trust Service Provider,
standard for government deployments. Common Criteria
together with the qualified trust services it provides are
(CC) certification is a pre-requisite for qualified digital
added to the Trusted List. These Lists are established,
signatures under the eIDAS Regulation.
published and maintained by the Member States.
Gemalto’s IDPrime MD 840 and IDPrime MD 3840 smart 4. After the Trust Service Provider is deemed Qualified, the
cards are both CC EAL5+ / PP Java Card certified for the Trust Mark is provided and clearly differentiates them
Java platform and CC EAL5+ / PP QSCD certified for the from other trust services.
combination of Java platform plus PKI applet. The CC EAL5+
/ PP QSCD certification is based on the Protection Profiles
EN 419211 part 1 to 6, as mandated by eIDAS Regulation.
Contact Us: For all office locations and contact information, please visit safenet.gemalto.com
Follow Us: blog.gemalto.com/security
GEMALTO.COM