This document specifies security requirements and recommendations for Signature Creation Applications that generate advanced electronic signatures by means of a hardware signature-creation device. It is not required that they are based on a qualified certificate.
The signature-creation device (SCDev) addressed by this document must be implemented in a separate piece of physical hardware, with its own processing capabilities for PIN code verification and for performing cryptographic functions. Unless otherwise specified, this SCDev needs not be a secure-signature-creation device (SSCD), i.e. an SCDev that has been assessed as compliant with the requirements set in the Annex III of the EU Directive [Dir. 1999/93/EC].
Therefore advanced electronic signatures which are created by a signature creation application compliant with the requirements of this document fall under the provisions of Art 5.2 of the EU Directive [Dir. 1999/93/EC].
If, instead, an advanced electronic signature, that is produced with a Signature Creation Application conformant with the security requirements and recommendations specified in this document, is also based on a qualified certificate and is created by a secure-signature-creation device, that electronic signature is a Qualified Electronic Signature that complies with the provision of Art. 5.1 of the EU Directive [Dir. 1999/93/EC].
Required fields are indicated with *