After five years, some certificates of the signature and seal creation units used within the framework of the Cash Register Security Ordinance (RKSV) in Austria are now expiring. The signature or seal creation unit is part of the technical security device with which every cash register must be equipped since 1 April 2017. The three Austrian trust service vendors (TSV) that issue RKSV signature creation devices (a-trust, Globaltrust and PrimeSign) have each given their RKSV products different certificate validities. While PrimeSign and a-trust certificates are issued for a period of 5 years, Globaltrust offers its RKSV signature smart cards with a validity period of 3, 5 or 10 years.
Continued use of expired certificates
Expired certificates may continue to be used regularly in normal cashiering operations according to § 15 para. 3, provided that the signature algorithm in the certificate is considered secure. Currently, there is no information that the algorithm would be considered unsafe.
Commissioning of new cash registers
However, if a cash register is to be put into operation for the first time, a new signature or seal creation unit with an unexpired certificate must be used. Otherwise, the registration will be rejected by FinanzOnline.
HSM / Remote Signing
In addition to the signature smart cards, the a-trust signature service of the 1st generation is also affected by the certificate expiry. The online certificates were issued with a validity of 5 years at the time of introduction and are no longer renewed. a-trust discontinues its old signature service (a.sign RK Online). As an alternative, a-trust offers the signature service (2nd generation) a.sign RK HSM. RemoteSigning certificates from PrimeSign are not affected. The provider always automatically extends the validity of the HSM certificates by one year.
What to do?
If the certificates of your signature or seal creation units expire in the coming year, we will be happy to advise you on an exchange. Contact us via our contact form, or via email at office at retailforce dot cloud.