Electronic signature

An electronic signature is an electronic record of an agreement.

Contracts have been used for a long time to show that two parties agree on something. Often these parties will then write a document that they both sign to show this agreement. In the times of the internet, many of these documents are transmitted in digital form, but showing agreement is still needed. That is where an electronic signature comes in.

The concept of electornic sgnature itself is not new. Common law jurisdictions have recognized telegraph signatures as far back as the mid-19th century, and faxed signatures since the 1980s.

Electronic signatures exist in different forms. All forms can show that somebody agreed with something. Some forms can also protect the data the person agreed with from being changed easily, or they can legally identify the person that agreed. To do this, ideas from public-key cryptography are used: digital signatures, certificates, and hash codes. An electronic signature often includes a timestamp to show when the signature was made. Much like cryptography, electronic signatures can be used for any kind of data, there is no requirement that the data signed has a specific format.

Even though cryptography is often used, the term electronic signature has a legal meaning. This is different from the technical term digital signature used in cryptography. Many countries have made regulations so that some electronic signatures are equivalent to a handwritten signature for many purposes.

There are different ways in which an electronic signature can be done. Many countries have standards as to what such a signature must look like. Examples for such regulations are eIDAS in the European Union, NIST-DSS in the United States or ZertES in Switzerland.

Different kinds of electronic signatures

Electronic signature Advanced electronic signature Qualified electronic signature
Level of security low high very high
Example Electronic mail, with the name of the person who wrote the mail Electronic mail with a digital signature electronic mail with a certificate that requires an identity check. The certificcate is usually stored on a smart card, reading the mail requires the smart card. In addition, the data on the smart card is portected, for example by a password, or by biometric data.
change of the message can be detected no yes yes
signer can be legally identified no no yes
legally equivalent ot a handwritten signature no for some cases yes

Diagram (for the case "qualified elecronic signature")

 
Signing a document, and verifying a digital signature

Advanced electronic signature

For an electronic signature to be considered as advanced, it must meet the following requirements:[1][2]

  1. The signer can be uniquely identified and linked to the signature
  2. The signer must have sole control of the signature creation data (typically a private key) that was used to create the electronic signature
  3. The signature must be capable of identifying if its accompanying data has been changed after the message was signed
  4. In the event that the accompanying data has been changed, the signature must be invalidated

Qualified electronic signature

A qualified electronic signature is an electronic signature that is compliant to EU Regulation No 910/2014 (eIDAS Regulation) for electronic transactions within the internal European market.[3] It enables to verify the authorship of a declaration in electronic data exchange over long periods of time. Qualified electronic signatures can be considered as digital equivalent to handwritten signatures.[4]

Qualified electronic signatures use digital certificates, which are issued by accredited certification authorities. The certtificate and key are stored securely, usually on a smart card. To access the data on the smart card, the user must autenticate himself or herself, usually with a password or piece of biometric data. The certification authority also checked that the user is who he pretends to be, usually cross-checking with an official, state-issued document.

In addition to the points listed under "addvanced electronic signature", a qualified electronic signature also legally identifies the signer. before the authorities.

References

  1. THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION. "Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC". EUR-Lex. Retrieved 12 May 2016.
  2. Department for Business Innovation & Skills. "Electronic Signatures (Guide)" (PDF). The Government of the United Kingdom. Retrieved 12 May 2016. {{cite web}}: |last1= has generic name (help)
  3. Turner, Dawn M. "Qualified Electronic Signatures For eIDAS". Cryptomathic. Retrieved 13 June 2016.
  4. "Qualified Electronic Signature". Bundesnetzagentur. Archived from the original on 21 February 2019. Retrieved 13 June 2016.