Trust an internationally certified provider
In terms of Information Systems security, cryptography is just a tool. And like all tools, it must be used wisely with regard to the security objective set. Certifications (or qualifications in some contexts) are there to ensure that a security technology or service provider complies with a certain number of legal, regulatory or normative requirements. In other words, being certified for a product or service means that the development or hosting conditions, the availability level, the security rules, the privacy practices, and the technical and organizational processes have been scrupulously audited by an official independent certification organization.
Certifications allow us to offer our clients the best assurances in terms of security and compliance with standards. They usually involve :
- A reference database (RGS, ETSI, Common Criteria), which is an international, European or national document describing all the requirements with which the product or service must comply
- An accredited and independent certification organization, which evaluates the conformity of the product to this reference database by means of regular audits. If it conforms, the organization issues a certification (or qualification).
Obtaining certification may, in certain cases, confer a legal dimension to the product or service that has been evaluated. Documents signed or timestamped with it will then have high probative value.
That is why, for several years now, Cryptolog has been highly committed to obtaining certifications confirming the quality of its products and services.
To date, the Cryptolog Universign platform is the only French Timestamping Authority certified in accordance with the RGS (Réferentiel Général de Sécurité) Decree of February 2, 2010, by the French Network and Information Security Agency (ANSSI). The Certification Authority operated within the platform and managing stamps is also RGS certified*. The use of a certified timestamping service such as Universign is a requirement for public services under the RGS decree for inter-public service exchanges and for exchanges with their users.
ETSI 102 023 and ETSI 102 042 Certification
To date, the Cryptolog Universign platform is the only French Timestamping Authority certified as conforming to European Standard ETSI TS 102 023. The Certification Authority operated within the platform and managing stamps is also ETSI 102 042 certified.
EAL3+ Common Criteria
An EAL3+ Common Criteria evaluation of CUTE, our Electronic Signature Applet, is in progress. This evaluation aims at being compliant with the French standard level qualification. Common criteria is an international standard targeting security products. This norm contains sets of security requirements covering the full life cycle of a product, including, but not limited to, its design, development, delivery to customer and validation. Within this certification scheme, CUTE claims to be compliant with the Electronic Signature Protection Profile (DCSSI-PP-2008/05.), that defines specific requirements for Electronic Signature applications.
The AATL program lets millions of users around the world create electronic signatures for PDF documents that are automatically verified and approved whenever the signed documents are opened in Adobe® Acrobat® and Reader ®. By referencing, on a worldwide-scale, the organizations that issue certificates enabling the creation of trusted electronic signatures, the AATL program provides the level of security that is essential for the widespread adoption of electronic signatures.