Trust services and more: the easy way to create a secure place for working from home
The issue of remote working is still a stumbling block in administrations and many sectors of the economy. Yet many business processes, including signing, have long since been fully digitalized. This ultimately boosts not only efficiency, but also trust. D-Trust Managing Director Dr. Kim Nguyen explains how the trust services under eIDAS Regulation in particular are making working from home more secure.
There aren't many reasons to look back wistfully to April 2020. The effects of the pandemic and the uncertainty about the future weighed too heavily. But there were also encouraging signs. Take, for instance, the number of employees working from home: 30 percent worked ‘predominantly’ or ‘exclusively’ on their home PCs. But really that shouldn't mark the end of the line. With the right tools, we could achieve so much more.
Thanks to the EU’s eIDAS Regulation, in particular, many of these tools have long been available. We are in fact talking about trust services – electronic signatures, electronic seals and website certificates. To say that these tools will make online communications more secure and efficient is not enough. After all, they have put many digital processes on a par with analogue processes in legal terms, making it possible for some people to work from home for the first time ever.
Trusted Services: four important tools
Tool 1: Electronic signatures prevent changes in media format
This becomes particularly clear when we look at the example of the electronic signature which closes a gap that has long prevented end-to-end digital workflows. Although documents are quickly created on a PC, they only become legally binding with a handwritten signature – or in other words, with a complete change in media format. This difficulty can be avoided with an electronic signature in accordance with the eIDAS Regulation. In this case, the signature is purely digital and makes documents forgery-proof thanks to sophisticated encryption processes. In terms of legal effectiveness, the qualified electronic signature (QES) is the strongest digital signature. Fully replacing the ink signature, it is recognised throughout the EU as equivalent to the written form requirement laid down in section 126 of the German Civil Code.
Electronic signatures are generally bound to individual employees. This also applies to signature cards that are read using a small terminal. An even more convenient option is sign-me, Germany’s first eIDAS-compliant remote signature service that can be used without a card reader. This cloud-based web application enables users to sign documents in a 100 percent legally secure manner on the device of their choice – even on their smartphone.
Tool 2: QSeal as a digital stamp
If the organization in its entirety wishes to prove its identity, so-called Q seals are used. These seals have considerable potential, especially in eGovernment where official certifications are often required. Seal cards can be used to issue all kinds of certificates or notices. It is hardly surprising that, according to the IT Planning Council, the Federal Ministry of the Interior is planning to increasingly establish QSeal in the administration. The financial sector is another area of application. Under the EU Payment Services Directive PSD2, for instance, banks can demand the electronic stamp as proof of identity from third-party providers wishing to access account information.
Tool 3: TLS certificates for greater trust on websites
PSD2 also drew attention for the first time to another eIDAS trust service: qualified website certificates (QWACs). Both the bank and the payment service provider must use these certificates to encrypt their communications and prove their identity to each other. In technical terms, QWACs correspond to the Extended Validation (EV) certificates used in the financial sector – the highest quality class among TLS certificates, so to speak. They also provide an enormous boost in trust to those who – perhaps due to the pandemic – are increasingly offering their services online. TLS certificates indicate that the website in question provides a safe haven for sensitive customer data.
Tool 4: Personal certificates for secure access and e‑mails
Personal certificates may be rather inconspicuous, but they are certainly crucial for security when working from home. Although they are not directly part of eIDAS trust services, they do form the basis for signatures and seals. High-quality personal certificates not only protect e‑mail communications thanks to end‑to‑end encryption, they also protect remote access to the systems of organizations or public authorities. Only those who can identify themselves with their personal certificate can access an employer’s network, server or cloud. D-TRUST even supplies personal certificates for organizations with ‘RESTRICTED’ (VS-NfD) security classification level, so that they too can rest assured when they allow their employees to work from home. Putting it in a nutshell: Thirty percent is not the limit when it comes to working from home.