Remote signatures with qualified seals have hardly been an issue so far. Companies used large card readers that allowed seal cards to be inserted in shifts and confirmed with a personal PIN. Each shift removed these cards again, and the new change introduced new seal cards.
With the solution from SecCommerce and Swisscom Trust Services, it is now possible for the first time to issue qualified remote seals by eIDAS and ZertES. For this purpose, onboarding designated company representatives who want to seal in the future occurs. These are identified; they sign their application for remote signature with a qualified personal signature. A permanent secure two-factor authentication between the company seal application and Swisscom Trust Services is established. SecCommerce uses its own PKI, which secures the communication channel with bidirectional TLS certificates. The operation of seal card readers and the associated "shift operation" is no longer necessary. Documents, e.g., outgoing mail or invoices, are automatically fed into a seal, or individual documents can be sealed. Since no cards are used, the previous throughput limits per card are also no longer applicable. As with the personal signature, Swisscom Trust Services only receives a document hash and cannot view it.