QSCD service – product with vision for Bank-Verlag

SRC, a certified trust service provider, partnered with achelos to deliver a strategically vital project for Bank-Verlag. The Bank-Verlag ‘Signature Activation Module’ (BV-SAM) facilitates legal digitisation of critical processes for customers, substituting handwritten signatures with qualified remote signatures. These are issued using Qualified Signature/Seal Creation Devices (QSCD). The joint SRC and achelos project’s noteworthy feature is its enduring compliance: implemented in 2018, it continues to satisfy all regulatory and technical requirements in 2024 without modifications.

“This module’s development epitomises our visionary approach”, says Alexander Eßer, Head of Markets Security & Trusted Services at Bank-Verlag. The QSCD solution, created by the three partners in 2018, complied with the new eIDAS Regulation requirements. Its future-proof design continues to ensure smooth operation today: “We’re highly impressed by the quality and performance”, concludes Alexander Eßer.

The module has garnered considerable market traction

eIDAS compliance necessitates a Signature Activation Module for qualified remote signatures and seals. Bank-Verlag’s BV-SAM solution (Signature Activation Module) combines the advantages of a qualified electronic signature with those of a seal service. This unique value proposition has allowed Bank-Verlag to attract and retain numerous customers. 

“The QSCD service, much like Bank-Verlag’s other trust services, isn’t confined to specific use cases. Instead, it’s engineered to address various industries and operational needs. This enables Bank-Verlag to provide the service to any company aiming to digitise signatures in their customer and business workflows.” Eßer stresses the broad market potential for his product range.

SAM acts as the cornerstone for a suite of products

The Signature Activation Module and its related new service have been instrumental in developing various Bank-Verlag digitisation solutions, including securing its status as an eIDAS trusted service provider. Bank-Verlag tasked achelos, an IT security-focused system house, with creating the module. However, achelos needed an external validator and expert to establish and guarantee eIDAS standard compliance. The division of labour was clear: Ultimaco provided the hardware; achelos adapted the software with supplementary functions to complement the hardware; and SRC, serving as the Common Criteria testing body, evaluated the SAM and certified the entire solution as a private certification body for QSCDs recognised by the German Federal Network Agency.

In-depth evaluation

The evaluation delves into technical details, examining development environments, inspecting hardware and software, simulating attacks, conducting functional tests, performing cryptographic operations and assessing the technical design with respect to its life cycle, for example. This meticulous approach yields intensive and optimal inspection quality.

 "All involved delivered exceptional quality and expertise. The small team worked together in a highly constructive and practical manner." Alexander Eßer, Head of Markets Security & Trusted Services, Bank-Verlag

 Results

“A very efficient project”

The early involvement of all three partners resulted in a high-calibre project execution. Holger Volke, Technical Director at achelos, notes that SRC’s timely identification of issues prevented unnecessary expenditures. Volke adds, “This significantly enhanced development quality. We collaborated closely as partners. Excellent communication and teamwork made this a very efficient project.” 

“High quality and expertise”

The client, too, is pleased with how the project went. Project manager Alexander Eßer commends the ‘exceptional quality and expertise’ displayed by all involved. He particularly appreciated the frequent interim deliveries, functional testing in bespoke environments and SRC’s thorough source code analyses. “The small team worked together in a highly constructive and practical manner”, says Eßer.

Executed with a far-sighted vision

This approach laid a solid foundation for a future-proof product, conceived with a far-sighted vision and consistently successful since its inception.