We’ve done everything possible to ensure that the technical side of Smart-ID is completely secure. As a result, Smart-ID is eIDAS certified as a qualified signature creation device (QSCD). In ‘human language’ this means that Smart-ID meets the highest security standards set in European Union and that digital signatures given using Smart-ID have the same legal standing as handwritten ones.
Standards for electronic signatures are established by the Council of Europe and the European Parliament in the regulations for electronic IDentification, Authentication and trust Services (eIDAS).
Achieving the QSCD (Qualified Signature Creation Device) certification demonstrates that both the actual ‘signature creation device’ (in our case, the Smart-ID app) and the organisation ‘operating’ it, which is the trust service provider (in our case it’s SK ID Solutions as the creator and owner of Smart-ID) meet the requirements set by eIDAS. There are a lot of electronic signing solutions available, but very few of them meet the criteria set for legally binding digital signatures!
Did you know that electronic signatures and digital signatures have a different meaning? An electronic signature is the term used to refer to all signatures given electronically, while the term “digital signature” can only be used to distinguish those electronic signatures that meet the ‘qualified electronic signatures’ standards set by eIDAS and are fully legally binding.
In addition to Smart-ID, you can also use your mobile-ID and ID-card to provide digital signatures.
Achieving an international recognition like QSCD level means that the solution has to be hacker proof: we had to be able to guarantee that someone else would not be able to give your digital signature without your knowledge. One of the main safety mechanisms in Smart-ID are your PINs. We do not store your PIN-codes anywhere – not in our servers nor on your phone. Without PIN-codes, Smart-ID is unusable.
Even if someone steals your phone and is able to get into the app, your data will remain protected as long as they do not have access to the PIN-codes. For someone to ‘hack’ in, they’d not only need to access your app – they’d also have to be able to, simultaneously, hack into the super secure servers of Smart-ID and break the private key stored there. Private keys are very long and seemingly random numeric sequences created using complicated cryptographic methods. They can’t be “guessed” either by humans nor with the help of any tools available today.
Keep your PIN-codes secret and do NOT authorise any requests that you have not initiated, and your accounts will remain protected!
QES (Qualified Electronic Signature). The highest level of e-signatures, equal to handwritten signatures. The backgrounds have been checked both of the owner of the signature and the issuer of the certificate and the signature has been given by approved means (qualified signature creation device).
AdES/QC (Advanced Electronic Signature with a Qualified Certificate). The backgrounds have been checked both of the owner of the signature and the issuer of the certificate.
AdES (Advanced Electronic Signature). The signature meets the technological requirements, but the backgrounds of the certificate holder or the issuer of the certificate may be unknown.
Other electronic signatures – all other electronic signatures that do not meet valid standards.
PIN-codes keep your personal data protected: as long as you do not make your PIN-codes accessible, they can’t be used against you.
Scams and viruses
Internet scammers are cleverer than ever: they’ll use any means possible to gain access to your accounts. Learn to spot the warning signs!