ETSI has published TS 119 431 parts 1 and 2 to define policy and security requirements for certifying cloud-based digital signature creation services, ensuring signing keys remain under signer control within a trusted environment. These standards complement existing CEN publications to support the eIDAS Regulation by establishing best practices for server signing and qualified electronic signature creation devices. Additionally, ETSI TS 119 432 specifies a secure protocol for client applications to request signatures from servers, offering XML and JSON bindings developed in collaboration with OASIS and the Cloud Signature Consortium. This framework aims to simplify the deployment of trust services and enhance security against online fraud in mobile and cloud contexts.
Keywords: digital signatures, cloud-based services, trust service providers, eIDAS Regulation, secure communication protocols