Electronic seal

Last updated

An electronic seal is a piece of data attached to an electronic document or other data, which ensures data origin and integrity. [1] The term is used in the EU Regulation No 910/2014 (eIDAS Regulation) for electronic transactions within the internal European market. [2] [3] [4]

Contents

Description

Conceptually similar to electronic signatures and usually technically realized as digital signatures, electronic seals serve as evidence that an electronic document was issued by a specific legal entity. For this purpose, an electronic seal must be linked to the data sealed with it in such a way that any subsequent change in the data is detectable and also in such a way that a fake seal cannot be created without access to the data (usually a private key) used for creation of the digital seal. This is usually achieved through use of a qualified digital certificate that is involved in creation of a digital seal. The unique private key used in the creation of the digital seal ensures non-repudiation: the entity that created the digital seal cannot later deny that it created the seal for that document. If the document is modified after its digital seal was created, the digital seal is not valid for the modified document. This can be checked by anyone with access of the public key corresponding to the private key used in the creation of the digital seal, ensuring the integrity of the sealed document.

Besides authenticating the document issued by the legal entity, e-Seals can also be used to authenticate any digital asset of the legal person, such as software code or servers. The important difference between a digital signature and an electronic seal is that the latter is usually created by a legal person while digital signatures are created by a natural person. For the creation of a digital signature, action of the person signing a document or data is required. In contrast, the creation of the digital seals can be incorporated in automated processes executed in a digital environment. [5]

Qualified electronic seal

A qualified electronic seal is an electronic seal that is compliant to EU Regulation No 910/2014 (eIDAS Regulation) for electronic transactions within the internal European market. [2] [6] [7] It enables to verify the issuer of a document over long periods of time. Qualified electronic seals can be considered as digital equivalent to seals of legal entities on paper. According to the eIDAS regulation, a qualified electronic seal must be created by a qualified electronic device and based on a qualified certificate for electronic seal. [2] [8]

Related Research Articles

An electronic signature, or e-signature, is data that is logically associated with other data and which is used by the signatory to sign the associated data. This type of signature has the same legal standing as a handwritten signature as long as it adheres to the requirements of the specific regulation under which it was created.

A mobile signature is a digital signature generated either on a mobile phone or on a SIM card on a mobile phone.

Electronic authentication is the process of establishing confidence in user identities electronically presented to an information system. Digital authentication, or e-authentication, may be used synonymously when referring to the authentication process that confirms or certifies a person's identity and works. When used in conjunction with an electronic signature, it can provide evidence of whether data received has been tampered with after being signed by its original sender. Electronic authentication can reduce the risk of fraud and identity theft by verifying that a person is who they say they are when performing transactions online.

XAdES is a set of extensions to XML-DSig recommendation making it suitable for advanced electronic signatures. W3C and ETSI maintain and update XAdES together.

Worldwide, legislation concerning the effect and validity of electronic signatures, including, but not limited to, cryptographic digital signatures, includes:

CAdES is a set of extensions to Cryptographic Message Syntax (CMS) signed data making it suitable for advanced electronic signatures.

PAdES is a set of restrictions and extensions to PDF and ISO 32000-1 making it suitable for advanced electronic signatures. This is published by ETSI as EN 319 142.

Electronic signature allows users to electronically perform the actions for which they previously had to give a signature on paper. Estonia's digital signature system is the foundation for some of its most popular e-services including registering a company online, e-banks, the e-voting system and electronic tax filing – essentially any services that require signatures to prove their validity.

Electronic Signatures Directive EU directive

The Electronic Signatures Directive 1999/93/EC was a European Union directive on the use of electronic signatures (e-signatures) in electronic contracts within the European Union (EU).

Teleadministration is based on the concept that documents in electronic format have legal value. Administrative informatics is not new, but for many years it was merely Information Technology applied to legal documents, that is, the reproduction of paper-based legal documents into electronic file systems. Instead, Teleadministration turns this approach into its head. It is based on research conducted in 1978, the year when, at a conference promoted by the Court of Cassation, Giovanni Duni launched the then-futuristic idea that an electronic document could have legal value. 1978 was also the year in which the first research on digital signatures (RSA) was published in the United States, yet it would take more than twenty-five years for jurists and mathematicians to start working together.

eIDAS Electronic IDentification, Authentication and trust Services

eIDAS is an EU regulation on electronic identification and trust services for electronic transactions in the European Single Market. It was established in EU Regulation 910/2014 of 23 July 2014 on electronic identification and repeals 1999/93/EC from 13 December 1999.

An advanced electronic signature (AdES) is an electronic signature that has met the requirements set forth under EU Regulation No 910/2014 (eIDAS-regulation) on electronic identification and trust services for electronic transactions in the European Single Market.

ZertES is a Swiss Federal law that regulates the conditions under which trust service providers may use certification services with electronic signatures. Additionally, this law provides a framework that outlines the provider’s obligations and rights as they apply to providing their certification services.

A qualified electronic signature is an electronic signature that is compliant with EU Regulation No 910/2014 for electronic transactions within the internal European market. It enables to verify the authorship of a declaration in electronic data exchange over long periods of time. Qualified electronic signatures can be considered as a digital equivalent to handwritten signatures.

A trust service provider (TSP) is a person or legal entity providing and preserving digital certificates to create and validate electronic signatures and to authenticate their signatories as well as websites in general. Trust service providers are qualified certificate authorities required in the European Union and in Switzerland in the context of regulated electronic signing procedures.

In the context of Regulation (EU) No 910/2014 (eIDAS), a qualified digital certificate is a public key certificate issued by a trust service provider which has government-issued qualifications. The certificate is designed to ensure the authenticity and data integrity of an electronic signature and its accompanying message and/or attached data.

A secure signature creation device (SSCD) is a specific type of computer hardware or software that is used in creating an electronic signature. To be put into service as a secure signature creation device, the device must meet the rigorous requirements laid out under Annex II of Regulation (EU) No 910/2014 (eIDAS), where it is referred to as a qualified (electronic) signature creation device (QSCD). Using secure signature creation devices helps in facilitating online business processes that save time and money with transactions made within the public and private sectors.

Associated Signature Containers (ASiC) specifies the use of container structures to bind together one or more signed objects with either advanced electronic signatures or timestamp tokens into one single digital container.

Qualified website authentication certificate

A qualified website authentication certificate is a qualified digital certificate under the trust services defined in the European Union eIDAS Regulation.

Documento Nacional de Identidad (Peru) National identity card of Peru

The Documento Nacional de Identidad (DNI) is the only personal identity card recognized by the Peruvian Government for all civil, commercial, administrative, judicial acts and, in general, for all those cases in which, by legal mandate, it must be presented. It is a public document, personal, and non-transferable and also constitutes the only title of right to the suffrage of the person in whose favor it has been granted. Its issuance is in charge of the National Registry of Identification and Civil Status (RENIEC).

References

  1. John Erik Setsaas (24 October 2016). "Introduction to digital seals". Signicat. Archived from the original on 14 January 2018. Retrieved 15 January 2018.
  2. 1 2 3 "Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC". EUR-Lex. 23 July 2014. Archived from the original on 15 January 2018. Retrieved 15 January 2018.
  3. "Questions & Answers on Trust Services under eIDAS". Digital Single Market. European Commission. 29 February 2016. Archived from the original on 15 January 2018. Retrieved 16 January 2018.
  4. Dan Puterbaugh (1 March 2016). "Understanding eIDAS – All you ever wanted to know about the new EU Electronic Signature Regulation". Legal IT Insider. Archived from the original on 17 January 2018. Retrieved 17 January 2018.
  5. Michał Tabor (4 July 2016). "Confirm it with an e-seal". eIDAS Observatory. European Commission. Archived from the original on 14 January 2018. Retrieved 15 January 2018.
  6. "How the eIDAS regulation has revolutionized the credit system" (in German). 11 February 2018. Retrieved 22 June 2018.
  7. "EIDAS regulation".
  8. Turner, Dawn M. "Trust Service Providers according to eIDAS". Cryptomathic. Retrieved 22 June 2016.