Conformity assessment for eIDAS | Bank-Verlag GmbH | BVsign

Certificate SRC.00049.TSP.04.2022 Certificate SRC.00049.TSP.04.2022 // Amendment 1 Certificate SRC.00049.TSP.04.2022 // Amendment 2 Certificate SRC.00049.TSP.04.2022 // Amendment 3 Certificate SRC.00049.TSP.04.2022 // Amendment 4 Certificate SRC.00049.TSP.04.2022 // Amendment 5

Type of certificationConformity Assessment (eIDAS)
SRC certificate registration numberSRC.00049.TSP.04.2022
Valid fromApril 9, 2022
Valid untilApril 8, 2024
Certificate holderBank-Verlag GmbH
Certified productBVsign
The audit includesthe conformity assessment of the trust service BVsign for the issuance of qualified certificates for qualified electronic remote signatures according to Regulation (EU) No. 910 / 2014 by the ISO 17065 accredited conformity assessment body of SRC and the following amendments for the conformity assessment:

  • Amendment 1: Remediation of non-conformities by the end provider Nect GmbH.
  • Amendment 2: Integration of the end provider SCHUFA Holding AG with the identity provider Widas ID GmbH.
  • Amendment 3: Remediation of non-conformities detected during the re-certification assessment.
  • Amendment 4: Integration of the end provider Deutsche Kreditbank AG.
  • Amendment 5: Integration of the end provider Deutsche Bank AG (who substitutes the end provider Postbank AG).

DescriptionThe Bank-Verlag GmbH offers the trust service BVsign for the issuance of qualified certificates for qualified electronic remote signatures according to Regulation (EU) No. 910 / 2014.

The service can be used by natural persons, who were previously identified by a cooperation partner of Bank-Verlag or via a notified electronic identification scheme in an eIDAS-compliant manner, in order to digitally and legally sign contracts.

The private key, which is used for the signature, is generated and hold within a qualified electronic signature creation device (QSCD). For legally signing a document, the signer has to activate this key.

The corresponding public keys, which can be used to verify the validity of a given signature, are certified by a Certification Authority (CA) operated by the Bank-Verlag GmbH.

The Bank-Verlag GmbH operates two CAs for issuance and administration of qualified certificates for qualified electronic remote signatures: One CA for RSA keys with a length of 4096 bits and one CA for ECDSA keys with a length of 521 bits.

Status and revocation information for the qualified certificates can be retrieved from the OCSP responder of Bank-Verlag GmbH.

Identification and authentication of the subscribers are performed by end providers. End providers are legal entities whose systems are connected to BVsign for this purpose. These include both commissioned third parties (e.g. banks and credit institutions) as well as Bank-Verlag GmbH itself, which operates its in-house signature service with the aid of which identifications can be carried out using notified electronic identification means with the security level “substantial” or higher (e.g. German identity card).

SRC confirms that the “BVsign” trust service for issuing qualified certificates for qualified electronic remote signatures is operated in accordance with the requirements of Regulation (EU) No. 910 / 2014 by Bank-Verlag GmbH.