Skip to main content

CMS strong authentication

CMS strong authentication

In case the potential provider does not propose a physical device (smart cart or USB stick) for your Authentication certificate, you can try with another provider located in a different country ( but always part of the Trusted Providers list. Please refer to the following list on the EU Trust Services portal 

Many providers supply the physical devices to EU citizen as well as to non-EU citizen.
In order to get a secure device (Smart Card or USB stick) with the necessary certificates to access to the CMS system, you need to contact one of the providers that can be found on the list on the EU Trust Services portal.

Although the list of providers states only EU member states, several providers listed in this list have in place procedures of recognition for both EU citizens and non-EU citizens and for foreign citizens  when they generate the personal certificates.

Please refer to the selected provider to have the detailed information.

Some providers listed in the trusted list authorized to perform the “on-line” identification via video conferencing but for a limited choice of qualified signature creation device. 

Please refer to the selected provider to have the detailed information.

The suitable provider needs to provide a secure physical device (smart card or a USB stick) containing one Authentication Certificate.
Regarding the electronic signature, the required certificate must be QCert for Esig (Qualified certificate for electronic signature) meaning that the user can sign with a valid qualified electronic signature according to eIDAS. 
Once you have selected a provider, you need to contact it and ask for:

  • An Authentication Certificate: where the “Key usage” extension is “Digital Signature” and this certificate must be delivered on physical device,
  • An electronic Signature Certificate: where ”key usage” extension  is “Non-Repudiation” and this one is not necessary to be on a physical device.

The qualified certificate is used to identify the user of the CMS and it is linked to him/her, so it must be an individual certificate.

The Smart Card or (USB Stick) with valid Authentication certificate, delivered by a provider that can be found EU Trust Services portal.

To get your certificate and a device you need to: 

1.    Visit the Website to check the Authorized and compliant EU Trust Services providers.

2.    Select the desired country
3.    Select the desired provider

Once you have selected a provider, you need to contact it and ask for:

An Authentication Certificate: where the “Key usage” extension is “Digital Signature” and this certificate must be delivered on physical device.

As for all client authentication certificates needed to access a website via strong authentication, certificates need to be installed in the certificate store of the machine, so that they are visible from the browser from which the CMS is accessed. 

Instructions and tools are provided by the supplier for Windows and Mac.

Only the tool(s) or driver(s) required by the Authentication Device provider (smartcard reader, usb stick) will be installed. 
For more details, please consult the supplier’s documentation or website

The UPC Case Management System (CMS) is an entirely new system which is tailor-made to the UPC’s requirements, including its Rules of Procedure.
We would not be able to use existing Smart Card systems such as the EPO (for example) use; instead the UPC would need to roll out its own system.

You can find one Trusted Provider who issue valid qualified electronic certificates on the EU Trust Services portal.

Yes, the Strong authentication will replace the username and password in the login process. 
No other type of authentication will be recognized and accepted.

The strong authentication will affect only how the user log in to the system. 
Therefore, it will be needed to access the CMS system and create the API-key but will not affect the usage of the API itself.
To get the API Key, you need to connect on the CMS. This connection requires the Strong Authentication. As connected and recognized user (authentified via the smartcard and the underlying certificate), you can request the APIKey.
Once you get this API Key, you can perform the API Calls independently from the Strong Authentication
In summary and in the context of the API Calls, the Strong Authentication is only required to request / ask for the API Key.

You need two certificates to be able to use the CMS. 
The first certificate (the Authentication one) is required to “log” in CMS. This certificate must be available on one physical device.
The documents you will upload in the CMS must be electronically signed. For this purpose, you need to have one certificate supporting the Qualified Certificate electronic signature.
Depending on the provider, the two certificates could be stored on the same device.
While it is mandatory for UPC internal security rules to have the authentication certificate stored on a physical device (smartcard or usb stick), for the qualified electronic Signature certificate, it is not required to have it on the physical device.

Once you receive your device (and certificates), you can to test it with the functionality “Test my authentication device” available on the CMS login page:

https://auth-secure.unified-patent-court.org/test-smart-card

The certificate required for the AUTHENTICATION (log in into CMS) must have the following characteristics:

  • Issued by a CA/QC ( Certification Authority / Qualified Certified) (available on the EU Trust Services portal )
  • Intended usage : Digital Signature
  • And of course with status  =GRANTED
  • Must be delivered on a physical device (smart card or usb stick) 

The certificate required for the SIGNATURE must have the following characteristics:

  • Issued by a CA / QC (Certification Authority / Qualified Certified) ) (available on the EU Trust Services portal )
  • Type must be “QCert for Esig”
  • Intended usage : Non repudiation ( in order to approved and certified the content of a signed document)
  • Status = GRANTED
  • Not mandatory to be a physical device