The dreaded visit to a government office to renew a driver’s license can now be done in many countries comfortably from home, while wearing pajamas! Having to submit two forms of identification to open bank accounts and pick up parcels is also becoming a thing of the past in many countries. We can thank trusted digital signatures for these advances.
Governments and enterprises around the globe are adopting digital technologies to provide citizens more convenient access to services, increase efficiency, and reduce costs. However, transformational online models like these require reliable, foolproof validation of individuals’ identities, especially when legal recognition of signatures is required to perform formal transactions. For example, services, such as transfers of ownership, require validated signatures for legal recognition.
In this and the accompanying blog written by our partner Walter Suárez from Neodata, we discuss how governments and private enterprises are using innovative technologies to enable large populations to gain ready access to digital credentials to use across a wide range of public and private services.
Digital signatures for the masses
It is no simple task, but many governments, as they modernized their business models, are endeavoring to issue and validate digital identity certificates across their countries’ populations. Ubiquitous smart phones have become platforms to electronically sign transactions. However, storing credentials in these devices can be risky, as they can be lost or stolen, and vulnerabilities can be exploited to extract critical cryptographic key material.
New generation digital certificates
The cloud offers a mechanism to centrally store credentials as digital certificates in a secure manner. Cloud signing solutions maintain custody of users’ credentials in secure centralized locations, available from anywhere users can go online with a mobile device. Each digital certificate, issued by a Certificate Authority, is based on a pair of cryptographic keys that form a high-strength unique credential that is tightly associated with the user, and that is used to perform secure operations such as encryption or signing. Accessing their private keys in the cloud enables users to sign transactions from anywhere they can access the Internet.
Root of trust
You may ask, how is storing keys in the cloud any safer than storing them on a mobile device? Don’t mobile devices have secure cryptographic modules now days? Cloud services can have the luxury of safeguarding and managing underpinning signing keys using robust and certified hardware security modules (HSMs) such as the Entrust nShield, which can enable legal recognition of transactions as a qualified signature creation device (QSCD). Embedded modules on smart phones do not offer this level of security.
The European regulation setting the standard for electronic identity and trust services, commonly referred to as eIDAS, established the concept of a qualified electronic signature. This identity and trust service model, which is being adopted well beyond the European Union, enables legal recognition of transactions performed using qualified centralized services called trusted service providers (TSPs), irrespective of the mobile device used to perform the transaction. Using HSMs, TSPs offer a tamper-resistant protected environment for critical signing keys. HSMs like Entrust’s nShield play a critical role in safeguarding and managing these keys used to sign digital certificates. Their use as QSCDs enable centralized services to comply with the eIDAS standard.
Neodata, a provider of applied cryptographic solutions, through system integrator Interfase, and together with Safelayer and Entrust technology, enable governments and enterprises to modernize and transform their operations with confidence. The combined solution being deployed by Antel, the Uruguayan telecommunications company, allows the government, citizens, and private organizations to securely manage their digital identities through a cloud-based service. To download this new case study, click here. To learn how digital signature services can enable subscribers to download an application to reach their digital certificates in the cloud, read Walter’s blog “Secure and User-Friendly Digital Transactions.”
For more detailed information on this innovative technology designed to unleash the power of digital signatures with trust, integrity, control, and compliance with data security regulations, download the eIDAS Regulation for Dummies eBook.