Jurnalist, Adevarul LIVE: What does Trust Service Provider mean?
Camelia Ivan, CEO: A Trusted Service Provider (TSP) is an entity that provides and maintains digital certificates for creating and validating electronic signatures and for authenticating their users. Providers of trust services (TSP) are certification authorities qualified according to European Regulation 910/2014, eIDAS, in compliance with ETSI standards, in the case of Trans Sped and NIST standards, required by the US.
TSP has the responsibility to ensure the integrity of electronic identification for users and services; through powerful authentication mechanisms, electronic signatures and digital certificates. eIDAS defines standards for how trusted service providers perform their authentication and non-repudiation services. The Regulation provides guidance to EU Member States on how to regulate and recognize Trusted Service Providers (TSPs).
A trusted service is an electronic service that involves one of the following three actions:
- creation, verification and validation of electronic signatures, as well as timestamps or electronic seals.
- creation, verification and validation of certificates used for authenticating websites.
- preservation of electronic signatures, seals and related certificates.
In order to be promoted to the level of qualified trusted service, the service must meet the requirements set out in the eIDAS Regulation.
Jurnalist, Adevarul LIVE: What are qualified digital certificates?
Camelia Ivan, CEO: According to Regulation (EU) no. 910/2014 (eIDAS), a qualified digital certificate is a digital certificate consisting of a private key, known only by the user and a public key issued by a qualified TSP that ensures the authenticity and integrity of the data of an electronic signature.
With the help of qualified digital certificates are created qualified electronic signatures that have the same legal value as the holographic signature and are non-repudiable. Basically, a document signed with a qualified electronic signature cannot be challenged in the court.
A qualified digital certificate can only be issued by a qualified TSP, which has received certification from the supervisory body of the Member State following an audit of the European Commission, to provide qualified reliable services for the creation of qualified electronic signatures. The provider must be on the EU Trusted List; otherwise, they are not allowed to provide qualified digital certificates or other qualified trusted services. TSP is required to comply with the rules set out in eIDAS for the creation of a qualified digital certificate.
Jurnalist, Adevarul LIVE: What are digital signatures in cloud and what is the difference from the conventional ones?
Camelia Ivan, CEO: Qualified digital certificates in cloud represent qualified certificates with cryptographic keys kept on HSM in the Cloud. This gives users an added advantage compared to digital certificates whose cryptographic keys are stored on a USB device (token) because they allow signing on any device, be it smartphone, tablet, computer or laptop - new generations of latop no longer have USB port. Moreover, the price of qualified digital certificates with cryptographic keys stored in the cloud is lower because the cost of the token device is no longer paid. Trans Sped is the only TSP in Romania that issues qualified digital certificates in the cloud according to the DAS Regulations and North American Standards.
Jurnalist, Adevarul LIVE: Why it is impossible to forge such a signature?
Camelia Ivan, CEO: First of all, for the issuance of a qualified digital certificate, according to the provisions of eIDAS, the TSP is obliged to identify the user's face-to-face - this can happen both by physical and remote meeting, by an eIDAS certified video identification solution. In this way the TSP ensures that the holder of the certificate is indeed the respective person.
Secondly, the creation of a qualified electronic signature implies the strongest authentication mechanism, through 2 authentication factors. The first is the user's private key, which is made up of a username and password known only to the user and which is not stored anywhere. For example, if the user forgets the password, it is necessary to revoke the qualified digital certificate and issue a new certificate. And the second authenticated factor is an OTP code sent by the Certification Authority (TSP) at the time of signature creation, which is only valid for a few seconds and each time there will be another OTP.
Moreover, the two authentication factors are transmitted on different devices. For example, if we use a laptop to sign a document where we enter the password (the first authentication factor), we receive the second authentication factor either by sms or by an application with push notification..
Jurnalist, Adevarul LIVE: From how long the digital certificates / electronic signature are globally used?
Camelia Ivan, CEO: The concept of electronic signature is not a novelty globally. Common law jurisdictions had telegraphic signatures recognized since the mid-nineteenth century and fax signatures starting in the 1980s.
Long before the American Civil War began in 1861, the Morse code was used to send telegraph electronic messages. Some of these messages were agreements with terms that were intended as enforceable contracts. A first acceptance of the applicability of telegraphic messages in the form of electronic signatures came from the New Hampshire Supreme Court (Hamsha) in 1869.
Jurnalist, Adevarul LIVE: Who can use digital certificates in cloud? To whom such a product is addressed?
Camelia Ivan, CEO: Anyone over the age of 18 can use a qualified digital certificate in cloud. We live in the century of speed and we never have the time to solve everything we want. This is this is exactly what Qualified digital certificates in cloud do, helps us save the most important resources - time and money.
We all have a smartphone or a computer, with the help of which we keep in touch with loved ones, business partners, check and write emails, order food or taxi. With this smartphone we can also sign contracts with business partners, open a bank account, access a credit or submit statements to the Authority.
Who is this product for? - anyone who wants to save time and money.
Jurnalist, Adevarul LIVE: How easy is it to sign electronically? Why it's simpler than the holographic?
Camelia Ivan, CEO: Very simple. For example, to sign a PDF document with a qualified digital certificate issued by Trans Sped, it is sufficient to open the document, give 2 clicks, enter the password and OTP code and it is signed. It lasts 30 seconds.
If you should holographic sign the document, you must have a printer, to list the document, sign it, scan it to send it by email and then send it with the courier and archive the document. Which lasts at least a few days.
Jurnalist, Adevarul LIVE: What is the price of a qualified digital certificate?
Camelia Ivan, CEO: The price of a qualified digital certificate depends on the validity period of the certificate, can be validly certified 1 year, 2 years, 3 years, and during this period can be created unlimited qualified electronic signatures. Or we have Enterprise solutions for companies, a qualified digital certificates can be valid for 1 day, 1 month, 3 months, 3 years and price per signature. We can customize the certificates according to the client's need.
Standard prices start at 22.5 euros for cloud certificates and 30 euros for tokens certificates.
Jurnalist, Adevarul LIVE: Examples where the electronic signature is cheaper than the classic one.
Camelia Ivan, CEO : If we think about the price of paper, which is rising, the price of the printer, the toner, the courier, the cost of the archive versus the cost of an electronic signature, the differences are clearly seen.
For example, with our clients, we start the analysis of the digitization through a business case, where we pass the costs with the paper flow vs. the cost of the digitization and I can tell you that by digitizing the costs decrease by 50-80%, and the time in which a digital format flow happens decreases by over 80% versus in classic format, on paper.
Jurnalist, Adevarul LIVE: How can companies integrate their digital certificates into the workflow?
Camelia Ivan, CEO: Our digital certificates are natively integrated into AdobeSign and DocuSign, and for other solutions we expose APIs that can be easily integrated into any workflow. We are CSC partners, and our APIs are based on CSC standards.
Jurnalist, Adevarul LIVE: Examples of companies that have done this.
Camelia Ivan, CEO: There are many companies that have chosen to digitize their workflows and integrate the qualified digital certificates for the qualified electronic signature, and the trend is positive.
An example of a company with whom we collaborate with for several years and that has embraced this type of signature is UniCredit, which digitized the relationship with both individuals and legal entities.
Jurnalist, Adevarul LIVE: Since when it works on the market (possibly major milestones in recent years)?
Camelia Ivan, CEO: Trans Sped is the first TSP to issue digital certificates that have been issued on Romanian market since 2004. Since 2008 digital certificates issued by Trans Sped have been recognized by the US and we have started issuing qualified digital certificates in Cloud. With the application of the eIDAS Regulation, we started to provide qualified digital certificates on the Romanian market, being the only TSP in Romania that issues qualified digital certificates in cloud. A big advantage for us is that we have over 10 years experience in issuing qualified digital certificates in cloud, and we have all the equipment in Romania, where the Internet speed is much higher than other states, even in the EU.
Trans Sped provides end-to-end solutions for digitizing workflows, from issuing digital certificates for electronic signature, to DMS solution for workflow automation, at qualified timestamps and long term archiving solutions for documents..
Jurnalist, Adevarul LIVE: How many certificates were issued by Trans Sped and how many documents were signed with them?
Camelia Ivan, CEO: In the over 15 years of activity Trans Sped has issued over 2 million digital certificates in multiple industries, from the pharmaceutical industry, doctors, accountants, public authorities, to the banking industry and other industries.
Jurnalist, Adevarul LIVE: What additionaly brings to Romanian market??
Camelia Ivan, CEO: First of all, an experience of over 10 years in the international markets, such as USA, Japan, China, where the standards in the field are more advanced and also first and foremost innovative solutions, such as the LTA service - long-term archiving of documents and video qualified identification solutions according to eIDAS.
Jurnalist, Adevarul LIVE: What customers use Trans Sped certificates?
Camelia Ivan, CEO: We have over 2 million customers from multiple industries. There are accountants, doctors, pharmacists, banking area, commerce, manufacturing, public authorities and simple citizens for whom time is important and no longer want to stand in line at a counter to sign or submit a document.