With a leadership role in the development and application of PKI, Microsec has signed a cooperation agreement with CrySyS Laboratory, an expert in IT security and cryptographic solutions

Microsec pioneering in developing electronic signature, identification technologies and encryption and CrySyS Data and System Security Laboratory (CrySyS Lab) based at the Network Systems and Services Department of the Budapest University of Technology and Economics, focusing on IT security and employed cryptography, expanded their collaboration at the end of 2017.

The two organizations have been active in recent years, thus Microsec has supported the research of internationally renowned lab work by financial materials and assets, and has also contributed to the participation of CrySyS Lab’s ethical hacker team, !SpamAndHex in competitions abroad.

With this agreement, Microsec aims to focus on PKI R&D activities, to strengthen university relationships and to provide first-hand information on practical issues related to research at the same time.

Furthermore in the future we are releasing publications with CrySys Lab acting partly as a PKI off-site research laboratory of Microsec.

CrySys Lab

Microsec audited to issue certificates based on ECC algorithm, first in Hungary

In Hungary, Microsec was the first to receive the rights for issuing certificates based on ECC (elliptical curve cryptography) algorithm after a strict, conformity assessment audit. The four-day review was carried out by the Essen-based German accreditation body, TÜViT.

The e-Szignó Certification Authority, ahead of the majority of industry players, was certified by the auditor in November 2017 and currently bears a technology that can become widespread in following 5 years.

“In case of the certificates used by our customers, the practical advantage of ECC algorithm -  in addition to the appropriate security features - is the shorter key length, which facilitates the storage of certificates and speeds up electronic administration”– says Dr. Sándor Szőke, deputy director of eIDAS Trust Services, Microsec.

Although the public key coding algorithm based on the elliptical curve (ECC) has been known since 1980, it is still novel in cryptographic applications, as currently RSA algorithms are the most common, that are based on different mathematical logic. To avoid ever-more frequent attacks against IT systems, it is advisable to use longer cryptographic keys to keep the security level from time to time. Moreover using longer RSA keys could influence the speed of electronic administration. From security level point of view, a 3072-bit RSA key corresponds to a 256-bit ECC key resulting significant differences between smart cards and embedded devices during storage and processing. Applying ECC keys enables multiple key usage in the key storage device memory, which also speeds up the operations with electronic certificates.

TÜViT certificates

Microsec is the first domestic service provider to be included on the list of eIDAS certified and qualified trust service providers.

Microsec, a Hungarian-owned company providing a comprehensive range of services based on electronic signature technology, is the largest Hungarian certification provider, and now the first Hungarian registered eIDAS qualified trust service provider. 
A substantial change was introduced in the field of electronic identification, electronic signatures and trust services on July 1 2016, when the eIDAS Regulation came into effect to provide a unified legal background within the EU. Its goal is to promote the spread of cross-border electronic transactions, by supporting the development of the digital single market. Its significance lies in the fact that these types of e-services have legal effects identical to paper-based methods, which can significantly reduce the need for a physical presence, and citizens will be able to manage their official, business, or private affairs with due legal consequences anywhere and at any time. 

„In line with the compliance requirements of the regulation, Microsec successfully obtained the German TÜVIT eIDAS accreditation before 31 December 2016, becoming the only organization in Hungary to comply with this requirement earlier than the originally announced deadline. As a result, Microsec was registered on December 21 2016 as an National Media and Infocommunications Authority (NMHH) qualified trust service provider, and has been the only domestic organization on this list since.

We are proud that Microsec is currently the only Hungarian qualified trust service provider with an eIDAS certification, said Gergely Vanczák, general manager of Microsec e-Szignó Certification Authority.

It is an important milestone in the life of our business that Microsec, an expert in the field of new generation PKI* technology, is capable of providing four different eIDAS qualified trust services: 

 Our eIDAS certified qualified preservation service, which can be used for the long-term authentic retention of electronically signed documents (such as PDF, e-files, ASiC) is unique, not only in Hungary, but in Europe as well,”  Gergely Vanczák stressed.

What do these services offer?

Using qualified and non-qualified (advanced) electronic signatures based on qualified certificates, private or public documents with full probative value can easily be created digitally. The signature created in this way is proof of integrity, authenticity of origin and non-repudiation, and it is equivalent to traditional signatures on paper.

Qualified stamp certificates can be issued to legal persons, enabling the parties concerned to create qualified stamps on behalf of an organisation (e.g. company, institution, association, etc.), ensuring integrity and non-repudiation for the signed documents, even those that require full probative value. 

The documents can be provided with a qualified time stamp, which is an evidence of full probative value issued by a trusted third party proving that a document existed at a specific time. 

Electronic signatures to be preserved for the long-term require regular maintenance, and their authenticity, as well as their compliance with current signature standards, needs to be continuously ensured, which can be achieved using a qualified preservation service. Its advantages include associated legal presumption and NMHH supervision, as well as guarantees of readability and confidentiality. 

NMHH web page
eIDAS regulation
TÜVIT accreditation

Microsec obtained eIDAS conformity assesment certificate by TÜVIT
First in Hungary, Microsec Ltd. qualifed trust services such as e-Szignó Signature, Times-Stamp, Seal and Preservation fulfill all requirements defined in Regulation (EU) No. 910/2014 (eIDAS) according to the result of TÜVIT conformity assessment audit carried out in October, 2016.

TÜVIT web site

e-Szignó qualified signature

e-Szignó qualified time stamp

e-Szignó qualified preservation

e-Szignó qualified seal
OpenSSL - Heartbleed Bug
ITBN – best Hungarian innovation
e-Delivery for Judicial Systems