Austrian Trust Authority Provides Fast, Simple eIDAS Digital Signature Security

A-Trust is a qualified trusted service provider based in Austria that issues digital certificates for the country’s citizens and economy to use in a variety of electronic transactions. As one of only three authorized providers in Austria, A-Trust provides certificates for individual users, developers and corporations, as well as consulting services for the development of signature-related applications.

BUSINESS CHALLENGE

Austrian Trust Authority Provides Fast, Simple eIDAS Digital Signature Security

As of April 2017, a regulation known as RKSV (Registrierkassensicherheitsverordnung, or Cash Registers Security Regulation) went into effect in Austria. The regulation requires that receipts originating from businesses in the retail, hospitality and service sectors be digitally signed and stored using a unique private key assigned to each business owner. Merchants also must provide records of sales transactions that conform to specific technical standards.

A-Trust saw an opportunity to support businesses in their efforts to become RKSV compliant by creating cost-effective solutions capable of automatically fulfilling all necessary requirements. To be attractive to its target market, the products had to be fully secure, be simple to use and be offered at consumer-level pricing.

TECHNICAL CHALLENGE

The digital signing requirements of the solutions also subjected it to the European Union’s Electronic Identification and Trust Services (eIDAS) regulation. eIDAS regulates electronic transactions and signatures, with the goal of providing a secure and consistent way for users to conduct business online. Any viable A-Trust solution needed to ensure that end-to-end eIDAS compliance was maintained throughout the entire transaction lifecycle.

SOLUTION

A-Trust and nCipher have a long history of working together in creating solutions for secure digital signatures. The two companies had previously collaborated at the time when A-Trust searched for the optimal back-end solution (HSM) for the mobile phone signature. The so called “Handy-Signature” enables individuals to use a digital signature in place of a conventional handwritten equivalent to complete transactions throughout the European Union. This was an important product as it gave A-Trust a strong eIDAS-compliant solution that they could market across dozens of countries.

The collaboration was so successful that the A-Trust technical team again turned to nCipher to support them with the optimal hardware solution. A-Trust had previously used nCipher nShield Solo hardware security modules (HSMs) as they provided the optimal combination of price, performance and features, and they elected to use this same solution again.

The nShield Solo HSM is a hardened, tamper-resistant platform that supports encryption and digital signing along with key generation and protection. nCipher has earned the Common Criteria (CC) certification which recognizes nShield HSMs as Secure Signature Creation Devices (SSCDs). This means that nShield Solo provides the digital signatures, time stamps and other transactional data necessary to enable A-Trust to comply with RKSV and the crossborder standards mandated by eIDAS.

BENEFITS

Julia Wolkerstorfer, marketing manager at A-Trust, commented, “We’ve used nCipher nShield Solo HSMs in several A-Trust solutions and our engineering staff have always found it to be easy to use and highly flexible in each implementation we’ve undertaken.”

nCipher HSMs are integrated into end-user environments and are also used for the back-end processing in A-Trust’s data center. “The unit cost and performance of nShield HSMs enable us to offer a commodity-priced device that is simple enough for even the most technically-adverse merchant to understand and operate,” commented Wolkerstorfer. “This saves business owners both time and money, and makes our solutions very compelling in the markets we serve.”

While the HSM solution was initially sold particularly in Austria, A-Trust is rapidly expanding to a growing number of other European countries. “The nCipher HSM can effortlessly scale to handle high volumes. The ease of deployment – coupled with the features and functionality – actively support our ambitious growth objectives,” stated Wolkerstorfer.

The growing prominence of A-Trust across Europe has created a huge demand for the company’s products. “For very good reasons, this has been a very intense year for us and nCipher has been wonderful in its support and in responding to our requests,” noted Wolkerstorfer. “We view the relationship as a first-rate partnership and one that is critical to helping A-Trust provide the absolute highest levels of security to our customers.”

She concluded, “Trust, integrity and security are the foundations of our company, and nCipher helps us to achieve those goals.”

SIMPLICITY, SECURITY AND PERFORMANCE

Business need

  • Offer merchants a device (HSM) tosupport certified digital signatures
  • Create a cost-effective, simple-to-use solution
  • Enable scalability to facilitate ambitious growth plans

Technology need

  • Ensure compliance with RKSV and eIDAS standards
  • Easy to deploy

Solution

  • nCipher nShield Solo HSM

Result

  • Breakthrough product that is exceeding expectations
  • Full end-to-end compliance with all applicable regulations
  • Enterprise-grade security delivered in a consumer device

ABOUT NCIPHER SECURITY

nCipher Security, an Entrust Datacard company, is a leader in the general-purpose hardware security module (HSM) market, empowering world-leading organizations by delivering trust, integrity and control to their business critical information and applications. Today’s fast-moving digital environment enhances customer satisfaction, gives competitive advantage and improves operational efficiency – it also multiplies the security risks. Our cryptographic solutions secure emerging technologies such as cloud, IoT,blockchain, and digital payments and help meet new compliance mandates. We do this using our same proven technology that global organizations depend on today to protect against threats to their sensitive data, network communications and enterprise infrastructure. We deliver trust for your business critical applications, ensure the integrity of your data and put you in complete control – today, tomorrow, always visit www.ncipher.com.

Download