Austrian Trust Authority Provides Fast, Simple eIDAS Digital Signature Security

A-Trust is a qualified trusted service provider based in Austria that issues digital certificates for the country’s citizens and economy to use in a variety of electronic transactions. As one of only three authorized providers in Austria, A-Trust provides certificates for individual users, developers and corporations, as well as consulting services for the development of signature-related applications.

Business Challenge

As of April 2017, a regulation known as RKSV (Registrierkassensicherheitsverordnung, or Cash Registers Security Regulation) went into effect in Austria. The regulation requires that receipts originating from businesses in the retail, hospitality and service sectors be digitally signed and stored using a unique private key assigned to each business owner. Merchants also must provide records of sales transactions that conform to specific technical standards.

A-Trust saw an opportunity to support businesses in their efforts to become RKSV compliant by creating cost-effective solutions capable of automatically fulfilling all necessary requirements. To be attractive to its target market, the products had to be fully secure, be simple to use and be offered at consumer-level pricing.

Technical Challenge

The digital signing requirements of the solutions also subjected it to the European Union’s Electronic Identification and Trust Services (eIDAS) regulation. eIDAS regulates electronic transactions and signatures, with the goal of providing a secure and consistent way for users to conduct business online. Any viable A-Trust solution needed to ensure that end-to-end eIDAS compliance was maintained throughout the entire transaction lifecycle.

Austrian Trust Authority Provides Fast, Simple eIDAS Digital Signature Security

Solution

A-Trust and Thales have a long history of working together in creating solutions for secure digital signatures. The two companies had previously collaborated at the time when A-Trust searched for the optimal back-end solution (HSM) for the mobile phone signature. The so called “Handy-Signature” enables individuals to use a digital signature in place of a conventional handwritten equivalent to complete transactions throughout the European Union. This was an important product as it gave A-Trust a strong eIDAS-compliant solution that they could market across dozens of countries.

The collaboration was so successful that the A-Trust technical team again turned to Thales to support them with the optimal hardware solution. A-Trust had previously used Thales nShield Solo hardware security modules (HSMs) as they provided the optimal combination of price, performance and features, and they elected to use this same solution again.

The nShield Solo HSM is a hardened, tamper-resistant platform that supports encryption and digital signing along with key generation and protection. Thales has earned the Common Criteria (CC) certification which recognizes nShield HSMs as Secure Signature Creation Devices (SSCDs). This means that nShield Solo provides the digital signatures, time stamps and other transactional data necessary to enable A-Trust to comply with RKSV and the cross-border standards mandated by eIDAS.

Benefits

Julia Wolkerstorfer, marketing manager at A-Trust, commented, “We’ve used Thales nShield Solo HSMs in several A-Trust solutions and our engineering staff have always found it to be easy to use and highly flexible in each implementation we’ve undertaken.”

Thales HSMs are integrated into end-user environments and are also used for the back-end processing in A-Trust’s data center. “The unit cost and performance of nShield HSMs enable us to offer a commodity-priced device that is simple enough for even the most technically-adverse merchant to understand and operate,” commented Wolkerstorfer. “This saves business owners both time and money, and makes our solutions very compelling in the markets we serve.”

While the HSM solution was initially sold particularly in Austria, A-Trust is rapidly expanding to a growing number of other European countries. “The Thales HSM can effortlessly scale to handle high volumes. The ease of deployment – coupled with the features and functionality – actively support our ambitious growth objectives,” stated Wolkerstorfer.

The growing prominence of A-Trust across Europe has created a huge demand for the company’s products. “For very good reasons, this has been a very intense year for us and Thales has been wonderful in its support and in responding to our requests,” noted Wolkerstorfer. “We view the relationship as a first-rate partnership and one that is critical to helping A-Trust provide the absolute highest levels of security to our customers.”

She concluded, “Trust, integrity and security are the foundations of our company, and Thales helps us to achieve those goals.”

About Thales eSecurity

Thales eSecurity is a leader in advanced data security solutions and services that deliver trust wherever information is created, shared or stored. We ensure that the data belonging to companies and government entities is both secure and trusted in any environment – on-premises, in the cloud, in data centers or big data environments – without sacrificing business agility. Security doesn’t just reduce risk, it’s an enabler of the digital initiatives that now permeate our daily lives – digital money, e-identities, healthcare, connected cars and with the internet of things (IoT) even household devices. Thales provides everything an organization needs to protect and manage its data, identities and intellectual property and meet regulatory compliance – through encryption, advanced key management, tokenization, privileged user control and high assurance solutions. Security professionals around the globe rely on Thales to confidently accelerate their organization’s digital transformation. Thales eSecurity is part of Thales Group.

Download