The eIDAS Opportunity

Driving transparence, interoperability and innovation across the European Union with eIDAS.

Delivering on the eIDAS vision

eIDAS (electronic IDentification, Authentication and trust Services) is an EU regulation (EU N°910/2014) on electronic identification and trust services for electronic transactions across the European Union. It was adopted in 2014, took effect in 2016 and provides a predictable regulatory environment to enable secure and seamless electronic interactions between businesses, citizens and public authorities across the digital European single market.

The aim of eIDAS is to spur digital growth within the EU. By creating standards for electronic signatures, qualified digital certificates, electronic seals, timestamps and other proof for authentication mechanisms, eIDAS enable electronic transactions with the same legal standing as transactions performed on paper.

The benefits of eIDAS include:

  • Cutting out paperwork and hassle when carrying out cross-border transactions between agencies, business and private citizens.
  • Making cross-border electronic transactions more secure and trustworthy, while reducing privacy concerns.
  • Decreasing red tape for businesses, meaning overheads can be reduced and profits increased.
  • Increasing flexibility and convenience of government services, while at the same time enabling government agencies to digitize and automate processes.
  • Enabling citizens and enterprises accessing online tax service cross Europe by use of her national eID.

Two core concepts

The eIDAS vision centers around two core concepts, the first one being interoperability; member states are required under eIDAS to create a common framework that will recognize eIDs from other member states, while ensuring its authenticity and security. This is key in allowing citizens and companies to easily do business across borders. The second is transparency; eIDAS provides a clear and accessible list of trusted services that may be used within the centralized signing framework. This allows security stakeholders the ability to engage in dialogue about the best technologies and tools for securing digital signatures for the whole European single market.

The eIDAS regulation has created an internal market area for trust services within Europe. Trust service providers (TSPs) are the companies or organization, that provides third-party trust services in the form of cert issuance, signatures and authentication. The eIDAS regulation specifies the requirements that any public TSP operating within the EU must meet, ensuring the entire EU is operating using the same set of standards for certificate trustworthiness. eIDAS also introduces the concept of qualification for TSPs, where all TSPs across the EU must adhere to some basic requirements which are audited periodically at least every 24 month.

Becoming a Trust Service Provider

As of today, not all standards regarding eIDAS compliance for TSPs are finalized. However, the European Telecommunications Standards Institute (ETSI) has established a set of standards for certificate generation and time-stamping services. While compliance with these standards are not mandated under eIDAS, the supervisory bodies of many EU countries recommend them and eIDAS recognize them as best practices for TSPs.

The ETSI standards come a long way in defining what is needed to become a TSP. However, there are currently no vendors providing complete and validated technical solutions for TSPs. The road to becoming a TSP can be long and complex, driving significant costs and prolonging time to market. In addition, the periodic auditing mandated by eIDAS put further requirements on the solution to ensure compliance over time.

PrimeKey’s Public Key Infrastructure and Certificate Management solutions goes a long way in reducing the complexity of becoming an eIDAS compliant TSP. Specifically the PrimeKey PKI Appliance – providing issuance, registration and validation services within the eIDAS context – is a proven solution to cost-efficiently establish core TSP capabilities.

Benefits of PrimeKey PKI Appliance for eIDAS Trust Service Providers

PrimeKey is one of the world’s leading companies for PKI solutions, having developed successful technologies such as EJBCA Enterprise, SignServer Enterprise and PrimeKey PKI Appliance. The PrimeKey PKI Appliance offers an easy and secure way of establishing the core capabilities of an eIDAS compliant TSP. The capabilities provided include:

  • Certificate Issuance
  • Registration Point
  • Validation Service
  • High availability clustering
  • Integrated Hardware Security Module (HSM)

The PrimeKey PKI Appliance offers an easy and secure way of establishing an enterprise PKI system, without the hassles of elaborate installation procedures. For an eIDAS TSP, the benefits include reduced solution complexity, reducing costs of maintenance and strong integration capabilities, based on open standards.

The core features of the PrimeKey PKI Appliance relevant to eIDAS requirements include:

Segregation of duties and access control

  • Registration authority with role-based access control and approval mechanisms
  • Support for smart card protected crypto token activation
  • Cryptographically protected audit log, recording all security events

Cryptographic controls

  • Built in FIPS 140-2 level 3 certified HSM
  • Reset-to-factory defaults mechanism including secure key zeroization
  • Common criteria EAL 4+ certified components

Physical and environmental security, operational security

  • Built in backup and restore functionality
  • SNMP monitoring
  • Support for 2 and 3 node cluster setups offering fail-over or high-availability
  • Dual Gigabit Ethernet ports with separation of management and application networks
  • Redundant, field-replaceable power supply
  • Easy to use update mechanism for firmware and application software

Network Security

  • SNMP monitoring
  • Dual Gigabit Ethernet ports with separation of management and application networks

Incident Management

  • Cryptographically protected audit log, recording all security events

Compliance

  • Registration Authority with role-based access control and approval mechanisms
  • Support for operating multiple, independent PKI hierarchies within one installation
  • Built in backup and restore functionality

PrimeKey’s role in the eIDAS community

Enabling a broad adoption of digital signatures in Europe will take more than regulation. Delivering on the eIDAS vision requires a community of different actors, including trust service providers and technology providers, working together to support the eIDAS requirements.

As one of the world’s leading companies for PKI solutions, PrimeKey is committed to working together with customers, technology partners and regulatory bodies in driving the adoption of digital signatures across Europe.

Get in touch with us

Fill in your contact information below and we will get in touch with you.