This document defines the tScheme criteria against which organisations must be successfully assessed in order to be eligible for a Grant of Approval for the provision of services that enable subscribers to trust services to create digital signatures.
The criteria given in this Approval Profile are related to the provision of Key Management Services that enable subscribers to Trust Services to create digital signatures. Specific aspects of these Services include:
- Generation of (or provision of the means of generating) private signing and public signature-verification key pairs (each key of which is from now on referred to respectively as: Signing Key and Verification Key);
- Provision of Signing keys, either unassigned or to their rightful subscribers, and their protection and control;
- Provision of Verification keys, either unassigned or to their rightful subscribers, and/or to a certificate generation service;
- Provision to subscribers of the means of creating signatures using the Signing keys;
- Signing capability revocation, i.e. the disablement of Signing keys under the subscriber or TSP’s instructions.
EU regulation 910/2014 on electronic identification and trust services for electronic transactions [eIDAS]
Where the TSP is claiming compliance to support the creation of advanced electronic signatures as defined in Article 26 of [eIDAS] and/or the creation of advanced electronic seals as defined in Article 36 of [eIDAS], then this shall be explicitly defined and documented. Appropriate processes, standards and hardware should be used to demonstrate that the generation and use of key pairs are fit for the purposes of Qualified Certificates.
The full Profile is available as a PDF document free of charge for non-commercial use. To track access, you must register (free of charge) – this entitles you to access the restricted Approvals Profiles page. To register for access to the Profiles please click here. Already registered? Login, then access the files here.