The ETSI technical committee on Electronic Signature Infrastructure (TC ESI) has just released a set of three Technical Specifications for cloud-based digital signatures supporting mobile devices.
This new set of standards supports the creation of digital signatures in the cloud, facilitating digital signature deployment by avoiding the need for specialized user software and secure devices.
The signer relies on a third-party trust service to manage its signing key and digitally sign documents under its control. To guarantee that the cloud-based signature creation environment is reliable and that the signing key is used under the control of the signer, the provider of the remote digital signature service has to apply specific management and administrative security procedures and use trustworthy systems and products, including secure electronic communication channels.
This specification establishes a protocol for secure communication between the different components needed to create a secure digital signature in the cloud, in line with the security standards laid down in the eIDAS Regulation.
Nick Pope, ETSI TC ESI Vice Chair
These standards enable a new way of implementing Trust Services which greatly simplifies their use and provides an important toolset to counter growing Internet fraud targeting online business and government.