ETSI standard to secure digital signatures solves issue for banks
ETSI has unveiled ETSI TS 119 182-1, a specification for digital signatures supported by PKI and public key certificates which authenticates the origin of transactions ensuring that the originator can be held accountable and access to sensitive resources can be controlled.
This standard is a major achievement for interoperability of digital signatures for a range of applications in today's digital economy including the banking and financial world where so far, some 4,000 banks were using various signing algorithms for their APIs to secure their online transactions.
Called JAdES, ETSI TS 119 182-1 comes in support of secure communications fulfilling the requirements of the European Union eIDAS Regulation (No 910/2014) for advanced electronic signatures and seals and regulatory requirements for services such as open banking.
This JAdES digital signature specification is based onJSON Web Signature andcontains the features already defined in the related ETSI standards for AdES (advanced electronic signature/seal) applied to other data formats including XML, PDF and binary. The standard was developed with contributions from a number of stakeholders including representatives from the banking sector who, through Open Banking Europe, have brought their operational requirements to align European APIs onto one security model.
Nick Pope, Vice-Chair of the ETSI technical committee on Electronic Signatures and Infrastructures (ESI) commented: “The ETSI JAdES standard builds on ETSI’s decades of experience in defining standards for applying digital signatures to a variety of document formats to provide evidence of their authenticity supported by European Regulations. Working with Open Banking Europe, ETSI has developed a solution which matches the requirements of Open Banking APIs whilst assuring the authenticity of financial transactions.”
ETSI TS 119 182-1 can be used for any transaction between an individual and a company, between two companies, between an individual and a governmental body, etc. applicable to any electronic communications. The technical features of the specification can therefore be applied to the use of PKI based digital signature technology and in both regulated and general commercial environments.
“As PSD2 and open banking move towards Open Finance standard, APIs are essential not just in Europe but globally. Open Banking Europe is proud to be part of the ETSI ongoing standardisation work and bring its operational requirements to solve practical problems,” added John Broxis, Managing Director, Open Banking Europe.
Electronic commerce has emerged as a frequent way of doing business between companies across local, wide area and global networks. Trust in this way of doing business is essential for the success and continued development of electronic commerce. It is therefore important that companies using this electronic means of doing business have suitable security controls and mechanisms in place to protect their transactions and to ensure trust and confidence with their business partners.
In this respect digital signatures are an important security component that can be used to protect information, provide trust in electronic business and prevent tampering.
With this new standard ETSI meets the general requirements of the international community to provide trust and confidence in electronic transactions.