skip to Main Content

Fundamental questions about Trust Services in general and those offered by LuxTrust.

What does electronic identification mean?

According to eIDAS[1],

  • Electronic identification means the process of using person identification data in electronic form uniquely representing either a natural or legal person, or a natural person representing a legal person.
  • person identification data means a set of data enabling the identity of a natural or legal person, or a natural person representing a legal person to be established.”

LuxTrust identification data for natural persons can include attributes like profession or the name of the legal person the natural person is associated with.

What does electronic identification means mean?

According to eIDAS[1], “electronic identification means means a material and/or immaterial unit containing person identification data and which is used for authentication for an online service.”

The electronic identification means are characterized by their assurance level which can take one of the three following values: low, substantial or high.

Within the context of this web site, electronic identification means are also called electronic identities.

What does authentication mean?

According to eIDAS[1], “Authentication means an electronic process that enables the electronic identification of a natural or legal person, or the origin and integrity of data in electronic form to be confirmed.”

LuxTrust offers multiple authentication processes, each one characterized by a different trade-off between security and ease of use.

What does strong customer authentication mean?

According to PSD2 RTS[2], “Strong customer authentication is an authentication that

  1. is based on the use of two or more elements categorized as
    1. knowledge (something only the user knows),
    2. possession (something only the user possesses), and
    3. inherence (something the user is),
  2. ensures the elements are independent from one another, in that the breach of one does not compromise the reliability of the others, and
  3. is designed in such a way as to protect the confidentiality of the authentication data.”

Within the context of this website, the “something only the user possesses” is also called “user device“.

What is the relationship between electronic identification assurance level and authentication type?

Electronic identification assurance level Identity verification Delivery of user device Authentication means Authentication mechanism
Substantial It is necessary to verify that the person owns the relevant identification element and to authenticate it, unless an authorized source has already done so. Mechanism to assume that it will be exclusively delivered to the bearer. Dual factor and presumably used only under the control of its bearer. Dynamic (anti-replay)
High The validity of the document must be checked by an authorized source, as well as the “physical characteristics” of the bearer. Activation to verify that it was delivered exclusively to the bearer. Idem. Substantial + resistance to “high potential attacker”. Dynamic (robust)

What does dynamic linking means?

According to PSD2 RTS[2], dynamic linking complements strong customer authentication by imposing “security measures that meet each of the following requirements:

  1. the payer is made aware of the amount of the payment transaction and of the payee;
  2. the authentication code [e.g. One Time Password] generated shall be specific to the amount of the payment transaction and the payee agreed to by the payer when initiating the transaction.
  3. the authentication code accepted by the payment service provider corresponds to the original specific amount of the payment transaction and to the payee agreed to by the payer. Any change to the amount or the payee shall result in the invalidation of the authentication code generated.”

The LuxTrust Mobile Application and the LuxTrust Scan are compliant with the PSD2 RTS dynamic linking requirement.

What does electronic signature mean?

According to eIDAS[1], “electronic signature means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.”

Electronic signatures serve as evidence that electronic data (document or transaction) was endorsed and approved by a natural person, ensuring certainty of the data’s origin and integrity.

LuxTrust provides advanced and qualified electronic signatures.

LuxTrust complies with PaDES, XaDES and CaDES ETSI standards.

To accommodate customers’ most stringent confidentiality requirements, LuxTrust provides PaDES signatures without the need to get a copy of the to be signed .pdf document.

By default, LuxTrust electronic signatures include a qualified electronic time stamp, binding them to a particular time, establishing evidence that the data existed at that time.

What does advanced electronic signature mean?

According to eIDAS[1], “Advanced electronic signature means an electronic signature which meets the following requirements :

  1. it is uniquely linked to the signatory;
  2. it is capable of identifying the signatory;
  3. it is created using electronic signature creation data** that the signatory can, with a high level of confidence, use under his sole control; and
  4. it is linked to the data signed therewith in such a way that any subsequent change in the data is detectable.

** electronic signature creation data means unique data which is used by the signatory to create an electronic signature.”

LuxTrust provides advanced and qualified electronic signatures.

What does qualified electronic signature mean?

According to eIDAS[1]:

  • Qualified electronic signature means an advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures.
  • A qualified electronic signature shall have the equivalent legal effect of a handwritten signature.”

LuxTrust provides advanced and qualified electronic signatures.

Qualified signatures offer the following advantages:

  • Equivalent legal effect of a handwritten signature.
  • Low Total Cost of Ownership (TCO).

Compliant with GDPR (EU General Data Protection Regulation) requirements

What do electronic signature creation device and qualified electronic signature creation device (alias QSCD) mean?

According to eIDAS[1]:

  • electronic signature creation device means configured software or hardware used to create an electronic signature;
  • qualified electronic signature creation device means an electronic signature creation device that meets specific certification requirements.”

What does certificate for electronic signature mean?

According to eIDAS[1], “certificate for electronic signature means an electronic attestation which links electronic signature validation data to a natural person and confirms at least the name or the pseudonym of that person.”

What does qualified certificate electronic signature mean?

According to eIDAS[1], “qualified certificate for electronic signature means a certificate for electronic signatures, that is issued by a qualified trust service provider and meets specific certification requirements.”

What does trust service and qualified trust services mean?

According to eIDAS[1]:

  • trust service means an electronic service normally provided for remuneration which consists of:
    1. the creation, verification, and validation of electronic signatures, electronic seals or electronic time stamps, electronic registered delivery services and certificates related to those services, or
    2. the creation, verification and validation of certificates for website authentication; or
    3. the preservation of electronic signatures, seals or certificates related to those services.
  • qualified trust service means a trust service that meets the applicable requirements laid down in this Regulation.”

LuxTrust offers the following Trust Services:

What do trust service provider and qualified trust service provider stand for?

According to eIDAS[1]:

  • trust service provider means a natural or a legal person who provides one or more trust services either as a qualified or as a non-qualified trust service provider.
  • qualified trust service provider means a trust service provider who provides one or more qualified trust services and is granted the qualified status by the supervisory body.”

LuxTrust is a qualified trust service provider (QTSP).

What is the relationship between electronic signature level, electronic identification assurance level and authentication type?

Qualified and advanced electronic signatures and qualified and advanced electronic seals require that the associated electronic identification means are of substantial or high assurance level.

What does electronic seal mean?

According to eIDAS[1], “electronic seal means data in electronic form, which is attached to or logically associated with other data in electronic form to ensure the latter’s origin and integrity.”

Electronic seals serve as evidence that electronic data (document, transaction or code) was issued by a legal person (corporate, institution), ensuring certainty of the data’s origin and integrity.

LuxTrust provides advanced and qualified electronic seals.

The delivery of electronic seals can be triggered by a user (in that case, the seal certificate can be stored on a smart card) or by an application (in that case, the seal certificate must be stored on a secured server managed by LuxTrust).

By default, LuxTrust electronic seals include a qualified electronic time stamp, binding them to a particular time, establishing evidence that the data existed at that time.

What does advanced electronic seal mean?

According to eIDAS[1], “Advanced electronic signature shall meet the following requirements:

  1. it is uniquely linked to the creator of the seal;
  2. it is capable of identifying the creator of the seal;
  3. it is created using electronic seal creation data that the creator of the seal can, with a high level of confidence under its control, use for electronic seal creation; and
  4. it is linked to the data to which it relates in such a way that any subsequent change in the data is detectable.”

What does qualified electronic seal mean?

According to eIDAS[1] “qualified electronic seal means an advanced electronic seal, which is created by a qualified electronic seal creation device, and that is based on a qualified certificate for electronic seal.”

What do electronic seal creation device and qualified electronic seal creation device (alias QSCD) mean?

According to eIDAS[1]:

  • electronic seal creation device means configured software or hardware used to create an electronic seal;
  • qualified electronic seal creation device means an electronic seal creation device that meets specific certification requirements.”

What does certificate for electronic seal mean?

According to eIDAS[1], “certificate for electronic seal means an electronic attestation that links electronic seal validation data to a legal person and confirms the name of that person.”

What does qualified certificate electronic seal mean?

According to eIDAS[1], “qualified certificate for electronic seal means a certificate for electronic seals, that is issued by a qualified trust service provider and meets specific certification requirements.”

What is the difference between an electronic signature and an electronic seal?

An electronic signature is based on a certificate associated to a natural person, while an electronic seal is based on a certificate associated with a legal entity (company, institution, organisation, etc.).

Electronic signatures convey consent, electronic seals don’t.

What does electronic time stamp mean?

According to eIDAS[1], “electronic time stamp means data in electronic form which binds other data in electronic form to a particular time establishing evidence that the latter data existed at that time.”

LuxTrust timestamping service can be used in standalone or in combination with other trust services like electronic signature or electronic seal services.

An electronic time stamp, for example, binds an electronic document, an electronic signature, an electronic seal and / or a picture to a particular time establishing evidence that the latter data existed at that time. It also ensures the formal certainty of the time stamped data integrity.

All LuxTrust the electronic time stamps LuxTrust supplies are qualified electronic time stamps.

[1] Excerpt from « REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC”

[2] Excerpt from EBA/RTS/2017/02 FINAL REPORT ON DRAFT RTS ON SCA AND CSC

Back To Top