This site uses „cookies“ to facilitate your browsing. By using the site, you accept “the cookies”. For more information regarding the data we collect and process, as well as the way you can opt out, please, read our "Cookies Management Policy".

Български
Borica logo B-trust B-trust Moble E-faktura
Search icon
Home > Latest > In the media

Latest

In the media

Back
24 December 2018, monday

The Banker newspaper: "The electronic signature goes into the phone"

The Banker newspaper: "The electronic signature goes into the phone"

- Dear Sirs, no matter how familiar the Qualified Electronic Signature (QES) is, let us give a definition for it. What possibilities does it provide?

Krasimir Georchev: After the adoption of Regulation (EU) No 910/2014 the terminology was slightly changed – now the term is a "Qualified Certificate for Qualified Electronic Signature". In Bulgaria, the QES has two main usages. One of them is signing documents and electronic statements, which is legally equal to a handwritten signature on a paper. The other usage is identification of the person who signs with the signature, if the QES certificate includes an identifier such as Personal No for example. This usage will be valid up to one year after the national electronic identity scheme appears under the Electronic Identification Act.

Dimitar Nikolov: According to the Bulgarian legislation, the QES must meet certain requirements. These are: to be uniquely related to the holder, to be able to identify the signature’s holder, to be related to the data that is signed with it in a way that allows any subsequent change to be detected. The last requirement is to be stored on a qualified signature creation device: a smart card or a device that meets certain standards. Complying with these requirements, the legislation makes the QES equal to the handwritten signature - in the sense that the electronic signature allows the holder to identify himself as the author of the electronic document, to agree with the content of the document, and to protect the document from subsequent changes.

- What would happen if someone tries to change the contents of the document after signing?

D.N.: If such attempts have been made, the subsequent verification of the electronic signature on the document will fail, and the document will have an invalid signature.

- What is the legal framework of the cloud QES?

D.N.: Regulation (EU) No 910 appeared in 2014, and although remote electronic signature was offered years ago, it was its first regulation at EU level. This regulation had to become active in the national legislations by 2016, and this was carried out in Bulgaria in the Electronic Document and Electronic Certification Services Act.  

- What is the main difference between the Cloud QES and the QES on a smart card?

D.N.: The main difference between them is that the Cloud QES displaces the QES on a smart card to a remote server platform. From now on, in order to use QES, you need to authenticate yourself through a mobile smartphone. The phone is a means of authentication - a second step in the access. Similar to the normal QES where we should have a smart card and a PIN, the Cloud QES requires a phone and a PIN in order to be used. The remote hardware cryptographic device generates a signature only after the successful two-factor authentication of the electronic signature’s holder. Mobility as a feature of the Cloud QES does not mean that it is generated in the mobile device (smartphone) - it only serves to initiate the QES into a remote server. The goal of the Cloud QES is to facilitate the use of QES and the value-added services, thereby contributing to expand the volume of e-services users, while being a catalyst for the introduction of more e-services on the Internet.

- What are the advantages of using Cloud Qualified Electronic Signature?

D.N.: The main advantages of Cloud QES over card QES - with high level of security, are several. For end clients, the main advantage is the convenience and easy usage - requires only a two-factor authentication mechanism and Internet connection. It is no longer necessary to store and carry the smart card. We shall also not underestimate the cost-effectiveness, because a smart card, smart card reader, and the relevant drivers in the QES set are no longer required, there is no software installation for the client and no software support. The inconveniences recently imposed by browsers, related to the use of active components when operating with smart cards, are also eliminated.

The Cloud QES has several advantages for the relying parties as well. It offers easy integration to added services that improve the quality and functionality of the legally-validated electronic signature by using Qualified Electronic Timestamps, by the use of Online Certificate Status Protocol (OCSP) service, as well as formatting services for electronically signed documents, as per the standards (XAdES, PAdES, CAdES, ASiC) to Regulation (EU) No 910/2014 of European Parliament.

- Please explain at “instruction” level how QES works through the mobile phone?

D.N.: There are two major scenarios for the Cloud QES product - issuance and use in a system. Regarding the first one, up to now has been provided the possibility of issuing a "Cloud QES" to an individual, on the basis of already issued QES on a smart card, (soon will be possible a scenario for Cloud QES issuance in a B-Trust office). Preconditions for the first scenario are the user to have a smart device with B-Trust Mobile application installed, as well as to have a qualified electronic signature from B-Trust or another qualified certification service provider. The issuing procedure then proceeds through the following steps:  

The user opens the BORICA online store, authenticates and signs a request for issuing  Cloud QES and a Certification Services Agreement by their hardware QES. The user downloads, installs, initiates the B-Trust Mobile application, and enters authorization code (OTP), received from the application in the store page, proving ownership of the phone. The user enters a PIN (created by him) for the issued Cloud QES in B-Trust Mobile and after that follows a key pair generation process on the remote cryptographic device and creation of QES certificate. A push notification is sent to the mobile application for a successfully issued Cloud QES. If the push notifications on the phone are turned off, the user can check the status of their requests by themselves. Regarding the scenarios for using Cloud QES in any system, we should say that it can be used both to sign documents generated or uploaded in the system, as well as for entrance in the system itself. The scenarios of usage are numerous - depending on the needs of the relying party.

- What is the security level of the new system?

D.N.: "Cloud QES" is a product which architecture and principles in development meet the highest security requirements typical of other high-risk systems operated by BORICA AD. Hardware devices (HSM and servers) meet the requirements for remote signing service with QES. The algorithms used for two-factor authentication, mobile application protection, and remote signature creation are secure, public and used in a number of EU countries.

- Who and how can issue the cloud signature?

К.G.: Now a cloud electronic signature can be issued on the basis of an existing QES on a smart card with which the client signs the request for issuance. At a later stage will be possible to issue QES at all B-Trust offices, including local registration offices of BORICA’s partners.

- Will we be approved for a loan by the phone from now on?

К.G.: The short answer is "yes" and depends on the proposals and the way of operation of the particular bank or financial institution. There are many possible scenarios where "Cloud QES" is applicable to user identification and submission of loan documents, and all the correspondence in this process can be signed with Cloud QES. Other potential systems using Cloud QES can be those of banks and financial institutions, telecoms, pension insurance companies, state administration, etc.

- At what stage is the development? What are BORICA's plans for marketing?

D.N.: Currently, project tests are carried out in a production environment. We work with several relying parties for integration with their systems. We hope that the service will provoke great interest due to the numerous advantages it provides. As a result, market expansion is expected with the attraction of new clients using QES. Increasing the security and trust of the relying parties will lead to the creation of new electronic services requiring the use of QES, which will contribute to the expansion of the QES market. Due to the nature of different services using QES, clients can both possess a card and a Cloud QES. We expect that the QES market will increase by at least 50%, and in the near future by even more. On the other hand, the volume of the market will only expand when services using Cloud QES appear in the relying parties’ systems - Internet and mobile banking, telecom systems, insurance and leasing companies.

Source: The Banker newspaper

 

Other News

M. Vichev to CAPITAL newspaper: Fintech and innovations will upgrade traditional banking services
23 November 2021, tuesday

M. Vichev to CAPITAL newspaper: Fintech and innovations will upgrade traditional banking services

Regarding the annual conference „Banks and Business”, Capital newspaper has asked the participants in it to comment on the trends in the financial market in Bulgaria. What Mr. Vichev said about regulations ...

More
Daniel Aleksiev to CAPITAL newspaper: The most important condition for open banking is trust between the parties
16 November 2021, tuesday

Daniel Aleksiev to CAPITAL newspaper: The most important condition for open banking is trust between the parties

The InfoPay multibanking platform from BORICA is a response to The European Payment Directive PSD 2 and the new regulations it enforces. Via special web platform…

More
Miroslav Vichev to Manager magazine: Our priority is modernising national payment systems
6 October 2021, wednesday

Miroslav Vichev to Manager magazine: Our priority is modernising national payment systems

Manager magazine asked the 10 finalists from the golden ten to comment on the business environment in the country and to state their predictions for the coming year…

More

Contact us

Headquarters

41 Tsar Boris III Blvd.
1612 Sofia e-mail: office

See all offices



Follow us:

ATMs

ATM map
ATMs near you

Inquiry

Captcha Image
Your inquiry was sent successfully!
You have entered invalid data. Please try again!


* All fields are required