eIDAS certificate

In the future, registration and further work with TPP will be based on eIDAS specification certificates. These certificates will have been granted to the third party by a QTSP (Quality Trust Service Provider).

QWAC

Qualified Web Authentication Certificate. This certificate is used when a third party firsts opens an interaction with a financial institution and is used to es-tablish a TLS session with the ASPSP. The QWAC replaces the usual web cer-tificate that would be used to establish a TLS session.
The purpose of this certificate then is to identify the third party and to ensurethat messages sent between the two parties are not read or stolen. A certifi-cate used to establish a TLS session sits in the transport layer and is vali-dated by the Web browser.

QsealC

This Qualified Electronic Seal Certificate is sent together with messages that a third party would send to a ASPSP during one of the consent processes. The purpose of this certificate is to validate the identity of the sender of the message (i.e. the TPP) and to ensure that the contents of the message have not been tampered with while it was in transit.

Certificate contains:

Authorization number that tells us which NCA (National Competent Authority) register the TPP is one and what unique identification number can use to find the TPP on the register.
Each authorization number contains the following elements:

·Country code (e.g. MT, EE) representing the home EEA (European Eco-nomic Area) country that the TPP is regulated in NCA·Acronym representing the NCA that regulates this TPP
·Reference Number – a number that can be used to find the third party on the specified NCA register