SIGNER AND EUDI WALLET SECURITY FOR TRUST SERVICE PROVIDERS

A robust remote signing solution that simplifies compliance with eIDAS and other regulations while ensuring top-tier security and scalability.

polygon-1
 

CRYPTOMATHIC SUPPORTS TRUST SERVICE PROVIDERS DO BUSINESS

Cryptomathic has a long history of supporting trust service providers (TSPs) worldwide, including qualified trust service providers (QTSPs) in the EU.

Whether you're looking to create a remote signing or sealing service, provide a remotely managed in-app security service for protecting ID Wallets, or establish a global trust center offering HSM-as-a-service or data protection-as-a-service, Cryptomathic has you covered.

However, our best-known offering in the trust services space is Signer, our remote signing and sealing suite with the core being a CC certified remote QSCD.

Signer is a modular product suite that enables (Q)TSPs to design an optimal architecture or enhance an existing infrastructure to support new use cases or evolving requirements.

Frame 3

THE VALUE OF INTEROPERABILITY IN SIGNING AND SEALING

Developing trust services in a complex ecosystem demands a well-designed approach with a strong emphasis on technical interoperability, streamlined compliance, simplified maintenance, and rapid use-case expansion.

Untitled design (19)-1

Technical Interoperability

6-1

Ease of Compliance

7-1

Simple Maintenance

8-1

Rapid use case extension

With eIDAS 2.0, this is more relevant than ever for qualified trust service providers, who must now be able to switch providers and modify or expand their modules to meet evolving compliance and market demands. This is what Cryptomathic enables: a standardized, cost-efficient way to facilitate interaction with all components of your architecture.

4-Mar-21-2025-12-27-26-9667-PM

Adding or changing Identity provider

2-Mar-21-2025-12-27-27-2730-PM

Adding or changing certificate authority

1-Mar-21-2025-12-27-26-9529-PM

Adding or changing time stamping authority

3-Mar-21-2025-12-27-26-9471-PM

Adding a local provider due to regulation or customer requirement

 

FULLY CSC-COMPLIANT SIGNING AND SEALING

We leverage Cloud Signature Consortium (CSC) standards to simplify integration, replacement, and expansion of your platform. CSC is the standard referenced in eIDAS and the standard interface to integrate signing into any customer flow, mobile wallet or business system.

Cryptomathic is an executive member of the Cloud Signature Consortium, and we take a very active role in shaping the CSC specifications and help advance a truly global interoperability standard for signing and sealing.

noun-compliance-7431117-8F3C97
 

THE RISKS OF PROPRIETARY LOCK-IN

Insufficient attention to architecture, interoperability, and security design can lead to:

· Cost explosions due to unnecessary development of custom modules

· Difficulties in passing compliance audits

· Challenges in making changes or adding a new identity provider

· Complications when modifying elements of the architecture

· Unnecessary complexity (e.g., signature flows with more than 40 steps)

noun-cyber-risk-management-6944472-8F3C97

SELECTED CLIENT REFERENCES WITHIN TRUST SERVICES

LUXTRUST SWISSCOM BENEFIT BOSA DEUTSCHE POST KIR
 

SIGNER – OUR QUALIFIED ELECTRONIC SIGNING AND SEALING SUITE

Our signing and sealing technology is the underlying architecture for many qualified trust service providers across the EU. We offer modules to create a remote qualified signing or sealing service for private and public customers, and we are often brought in to consult and optimize existing solutions with our certified technology and expertise—without disrupting workflows for existing customers.

We provide guidance and products that are compliant by design, reducing the ever-increasing compliance burden for qualified trust service providers. Additionally, we support the CSC API,

the standard method for integrating with EUDI wallets to add signing features to any electronic ID wallet.

Cryptomathic Signer facilitates interaction with all components of the architecture

EXPLORE SIGNER  

.

Identity Providers (1)
 

MASC – REMOTELY MANAGED IN-APP PROTECTION FOR MOBILE ID WALLETS

EUDI wallets and other eID mobile apps manage highly sensitive personal data and require the best security to earn user trust and drive widespread adoption.

MASC is our EUDI security suite and consists of two separate modules:

1. The in-app protection module – An independent cryptographic layer that protects both sensitive data and the app itself.

2. A separate backend service – Enables real-time remote threat response management.

Together, these modules create a robust and resilient solution with the flexibility needed to adapt as both regulatory requirements and the threat landscape evolve.

The independent layering of app and security enables wallet issuers to centralize control over app security and updates across iOS and Android, reducing reliance on mobile manufacturers' hardware protections.

We partnered with the Belgian government to secure one of the EU’s pioneering EUDI wallets, setting a benchmark for digital identity security. MASC supports a secure digital identity infrastructure designed to meet and exceed anticipated standards and can scale to accommodate millions of citizens while ensuring consistent security and performance.

EXPLORE MASC  
Picture17

LATEST WEBINAR

 

CUSTOMER STORIES

 

 

LIKE WHAT YOU SEE?

We would love to hear from you to see how we can support and help scale your business.