PkBox: the Qualified Remote Digital Signature Device secure and compliant to the European Directive 1993/93/EC

PkBox has been certified as a Secure Signature Device (SSCD - Secure Signature Creation Device) and can therefore be used for the realization of Qualified Remote Digital Signature solution with full legal validity, according to the Italian and European legislation.
PkBox in compliance with the requirements of a Secure Signature Device in reference to Annex III of the European Directive 1993/93/EC was issued by the Austrian authority A-SIT (Austria - Secure Information Technology Center) and the certificate granted, available here, is valid in all States of the European Union and is therefore compliant with the Italian legislation.

The European Directive 1993/93/EC is implemented by the Italian Codice dell'Amministrazione Digitale (CAD) paragraph 35 (Secure devices and procedures for the generation of the signature) paragraphs 5 and 6:

  • Paragraph 5: Compliance with the security requirements of devices for the creation of a qualified signature prescribed in Annex III of Directive 1999/93/EC is established, in Italy, by the Body of information security certification [...]
  • Paragraph 6: The compliance referred to in paragraph 5 is also recognized if proved by an agency appointed by another Member State and notified in accordance with Article 11, paragraph 1, letter b) of Directive 1999/93/CE.

According to paragraph 6 of Article 35 of CAD the conformity of a Secure Device is recognized if proved by any of the notified bodies.

The Certificate issued by A-SIT ensures that PkBox complies with the requirements of Annex III of Directive 1999/93/EC, as required by Paragraph 6 Article 35 of Italian Codice dell’Amministrazione Digitale (CAD) .

The validity of A-SIT certification comes from European Directive 99/93/EC Article 3 (Market Access) paragraph 4: "The conformity of devices to create a secure signature to the requirements of Annex III is determined by appropriate public or private bodies designated by Member States. In accordance with the procedure referred to in Article 9, the Commission shall establish the criteria under which they shall determine whether a body should be designated".

Both the European Directive and the law transposing it into national legal order, state that A-SIT, notified body in accordance with Article 11, paragraph 1, letter b) of Directive 1999/93/EC is fully entitled to certify conformity of a Secure Signature Device. The list of the notified bodies is available here.

The European Regulation #910/2014, that from July 1, 2016 will repeal Directive 99/93/EC and replace national laws, expressly provides in Article 51 the continuity of the validity of the certificates issued pursuant to the Directive even after July 1, 2016.

Finally, on 02.09.2015, AGID – Italian surveillance authority for the application of the legislation - considered appropriate to proceed to inform the main players of the market (Certification Authority firstly) of the availability of PkBox 3.0 as signature system certified and fully usable in Italy.

The Remote Digital Signature by Intesi Group is the first solution in the world to have obtained the IdenTrust certification.

Strong Authentication

The Italian law does not indicate exactly the authentication technologies to realize remote signature solutions. Should be taken in a safe and reliable solution, possibly considering the authoritative opinion of the qualified entities to validate and "self-certify" compliance of signature infrastructure to regulatory requirements, the Certification Authority.
Read more

Configurations

PkBox is a highly flexible product and can be configured in order to fully satisfy the customers’ requirements, both in terms of load capacity and credentials, both as regards the overall architecture of the system.
Read more

Registration Authority and Enrollment of certificates

Regardless of the cryptographic device adopted, in case you want the signatures have legal value, it is necessary that the process of certificates issuing respect the law and follow the rules established by the qualified Certification Authority which require certificates.
Read more

In House Configuration

Combining the options shown, the standard configuration for the management of remote signatures is as follows.
Leggi tutto

In Service Configuration

The three-tier architecture can be profitably exploited to develop remote signature solutions which provides a storage service of credentials and remote signature to companies that want to use applications with signature functionalities without buying and managing complex HSM systems.
Read more

Locale Configuration

For the completion of a configuration of remote signature service at the customer site, itís necessary to install one or more Remote PkBox who are responsible for receiving requests from applications, to treat the data to be signed and to send to the PkBox HSM digests and data authentication for performing signature operations.
Read more


Copyright © 2018 INTESI GROUP S.p.A
|
|
|
Via Torino, 48 - 20123 Milano - Italia
P.IVA 02780480964
|
Capitale soc.: Euro 600.000,00 i.v. - REA: Milano - 1562415
|