The ETSI’s revision of the TS 119 431 standard in December 2024 allows for remote signing with only user identification when using one-time certificates, eliminating the need for OTPs. This change enhances accessibility and simplifies the signing process without compromising security. Several regulations and standards, such as eIDAS1 and eIDAS2, support these enhancements for digital signatures. Consequently, this results in a more user-friendly approach for Qualified Trust Service Providers and consumers alike.
In December 2024, the European Telecommunications Standards Institute (ETSI) introduced an update to the TS 119 431 standard, removing the requirement for a one-time password (OTP) in qualified remote signing processes. This change was discussed by Sebastian Elfors from IDnow, who highlights the implications and advantages of a more user-friendly signature process. Remote signing allows users to utilize their private key and certified signature through a Remote Qualified Signature Creation Device (RQSCD), managed by Qualified Trust Service Providers (QTSP). Users can create qualified electronic signatures in the cloud, making the process more accessible via any compatible device, as opposed to utilizing physical smart cards.
Regulations such as eIDAS1 and eIDAS2 mandate that RQSCD functions can operate under specific conditions, with QTSPs needing certification for other trust services like certification authorities. The CEN has established three key standards on remote signing services, focusing on system requirements and protective measures for QSCD functionality. Additionally, ETSI has published complementary standards that outline policy and security requirements specifically regarding remote signing services.
The standards published by CEN and ETSI mainly address operations involving long-term qualified certificates, which have a validity of about 2-3 years, allowing users to repeatedly access their certificates. For frequent signing, e.g., a managing director signing contracts, multiple authentications are beneficial. Conversely, one-time certificates are more practical for individual situations, where a user may only need to authenticate once to sign a document.
To align with these needs, IDnow suggested updates to the CEN and ETSI standards, leading to the revision of ETSI TS 119 431-1 in December 2024. This revised standard acknowledges one-time certificates, permitting user identification for certificate issuance and signature creation as part of a single session. Consequently, QTSPs can streamline remote signing flows without requiring repetitive authentication, enhancing user experience.
The ETSI TS 119 431-1 v1.3.1 update allows QTSPs across Europe to develop their remote signing services based solely on identification for one-time certificate usage. This shift significantly improves user accessibility and simplifies the signing process, aligning with modern user expectations. Furthermore, the Cloud Signature Consortium’s CSC API can incorporate this updated protocol, reinforcing streamlined and secure remote signing practices for users.
The recent update to the ETSI TS 119 431 standard allows for remote signing with simpler identification processes using one-time certificates. This shift enhances user experience by eliminating redundant authentication steps, resulting in a more efficient electronic signing process. The integration of these revised standards facilitates a secure, user-friendly environment for remote signing across Europe, improving accessibility for all users.
Original Source: www.biometricupdate.com
