eIDAS permet de sécuriser les signatures électroniques et de renforcer la confiance sur le marché européen

eIDAS qualification

This summer, CDC Arkhineo has obtained the European eIDAS qualification for the validation and preservation of qualified electronic signature and seal. 

 

eIDAS Qualification

CDC Arkhineo becomes the first French company (and so far, the only one) to have this double qualification and therefor is recognised as a Qualified Trust Service Provider (QTSP)

 

What is this double qualification? 

Validation of qualified electronic signature and seal

As a QSTP, CDC Arkhineo makes the signatures validation associated to the archived document to ensure, ahead the uploading, that the electronic signature (or seal) is valid. 

CDC Arkhineo will: 

  • Check the presence of the signature and the integrity of the send document
  • Verify that the certificate used was valid (non-expired and non-revoked) at the time of the signature
  • Identity the signatory
  • perform checks with the necessary external services (European Trusted list, Time Stamp tokens and OCSP responses, lists of revokes certificates etc.) 

 

Once these checks have been made, a validation report is generated in XAdES (signed XML) format and added to the elements in the archive, along with the archived object (the signed and archived document) and the metadata file. This report is placed under seal in the archive. This procedure will subsequently provide proof that the signature was valid when the document to be archived was provided, and will bolster the evidential record. Ultimately, when an organisation wants to consult its document, it will also be able to view the validation report and have access to all the necessary elements. 

 

With this service, we alert you when a document containing a non-valid signature has been archived. For the valid signatures you have in your possession all the element of proof related to the signature.  

 

Preservation of qualified electronic signature and seal

 

Electronic signatures are associated with the use of crytographic algorithms. These algorithms might evolve depending on the risks of hacking or technological obsolescence. For clarity on this issue, the eIDAS regulation introduced a trust service dedicated to the preservation of electronic signatures. If the information system security authorities (in the UK, the ICO, in France, the ANSSI) issue an alert concerning the possible compromising of the algorithm used, this preservation service will "over-sign" the document using a new, more recent and stronger algorithm. This will prevent any modification of the signature algorithm and potentially any “appropriation” of the signature by a malicious person/organisation.

 

This protection allows organisations that use an electronic archiving service with probative value to preserve electronically signed documents are thus protected: they have legally admissible documents in the event of disputes, but they can also guard against cyberattacks, data theft and the technological obsolescence or compromising of the algorithms used for signature.