An Adobe-led industry consortium has developed and pushed through a new cloud-based digital signature standard, which was published today by the European Telecommunications Standards Institute (ETSI) amid a sweeping shakeup of how Europe regulates digital certificates.
The Cloud Signature Consortium said: “Access to legally compliant, cloud-based digital signatures on any device, anywhere is a substantial leap forward in usability compared to traditional approaches – which typically rely on a single device linked to either a smart card reader or a software file on the device.”
The move comes amid a push by European regulators to harmonise digital certificate management across the EU as part of its “Digital Single Market”. It allows digital signature providers to use cloud-based certificates from any EU-certified “Trust Service Provider” (in essence, an approved Certificate Authority).
A new technical standard published in May 2018 set security requirements for banks and service providers under the Second Payment Services Directive (PSD2), including new requirements for “electronic seals” and “qualified website certificates”.
Open Digital Signature Standard Avoids Vendor Lock-In
As Adobe put it today: “When a business process – such as a consumer applying for a new loan, or a researcher gathering data as part of a clinical trial – requires reliable signer identity and authenticity, business users are no longer threatened by complex hardware setup or locked into proprietary technologies. Instead, they can choose the provider that best meets the needs of their sector or jurisdiction.”
“This is an important step forward for security in deploying digital signatures which takes into account the move to cloud-based services and mobile devices. These standards enable a new way of implementing Trust Services which greatly simplifies their use and provides an important toolset to counter growing Internet fraud targeting online business and government”, says Nick Pope, ETSI TC ESI Vice Chair.