Digital signature – basics
Digital signatures are the future. Trust the experts at StepOver.
Today, contracts are signed electronically all over the world. This is simple, fast and secure. StepOver has been developing suitable solutions for digital signatures for over 20 years. We know what we are doing.
But what is an electronic signature? How can I integrate digital signatures into my company? In which industries is the digital signature used? What types of electronic signatures are there and what are they suitable for? Many questions – we provide answers.
Terminologies
What is an electronic signature?
An electronic signature is data linked to electronic information. The digital data can be used to identify signers or signature creators and to verify the integrity of the signed electronic information.
The digital information is usually electronic documents, and the linked data is either biometric characteristics or secure certificates that relate to a person or an organization.
The electronic signature can cover various tasks or a combination of several requirements:
- Declaration of intent, i.e. consent to a business transaction
- Identification of the signer
- Protection of document integrity (tampering can be detected)
Good to know: The electronic signature has the same objective as a handwritten signature on paper documents.
What forms of electronic signature are there?
In general, a distinction is made between three forms of electronic signature. These are regulated in the European Union by the eIDAS Regulation:
1. simple electronic signature (SES) – The simplest form of electronic signature, for example a scanned image of the signature in an electronic document such as PDF or Word. This form is used only when there is no great emphasis on provability. However, this does not mean that a simple electronic signature has no evidentiary value in any case.
2. advanced electronic signature (AES) – AES is the most widely used form of electronic signature. It ensures that the signer is uniquely identifiable and that the document cannot be altered undetected after signing.
3 Qualified electronic signature (QES) – The qualified electronic signature must meet extensive security requirements. Here, the identification of the signing person must already take place before the signature by a certified body (e.g., with the help of a video-ident procedure).
Good to know: In principle, electronic signatures are admissible as evidence in court in the EU.
Difference between the terms electronic signature and digital signature
Always stay up to date!
Subscribe to newsletter
Legal aspects & security
What does evidential signature mean?
Whether an electronic signature is evidential depends heavily on the applicable legislation, its form, and its security.
The advanced electronic signature (AES) and the qualified electronic signature (QES) are regarded as verifiable in the EU. Here, the signed document cannot be manipulated undetected and the identity of the signatory can be clearly established. With the AES, this only happens in the event of a dispute and after signing; with the QES, the signatory must already be identified before signing.
The simple electronic signature is generally a form with low probative value. It nevertheless generates a certain binding force and is used in transactions with low requirements for evidential value.
Good to know: The better a signature solution is traceable and the more carefully data and information are handled, the more evidential the electronic signature will be. StepOver attaches great importance to this in all its solutions.
What are the characteristics of an advanced electronic signature?
The eIDAS Regulation sets out four basic requirements for an advanced electronic signature:
1
It is clearly assigned to the signatory.
2
It enables the identification of the signatory.
3
It is created using electronic signature meta data that the signer can use with a high degree of confidence under their sole control.
4
It is linked to the data in a way that any subsequent change to the data can be detected.
How is it ensured that the signature cannot be misused or copied?
In an electronically signed document, the use of secure cryptographic procedures ensures both the identification of the signer and the protection of document integrity. StepOver’s signature solutions ensure maximum security by using highly secure encryption standards. This applies to both certificate-based and handwritten electronic signatures.
In the case of the handwritten electronic signature, biometric data is embedded into the electronic signature as an identifier using a process patented by StepOver. This is done as follows:
- Using highly secure cryptography, the biometric data of your signature is encrypted and invisibly added to the electronic document. The visible writing is merely an endorsement. This process ensures that the signature in the document cannot be misused or copied.
If the document is changed after it has been signed, the newly created checksum is no longer correct when it is checked. This means that manipulation can be easily detected, for example with freely available software such as Adobe Reader.
In the case of certificate-based and / or audit trail-based signatures, security consists of the signer authenticating themselves using one or more “factors” that are exclusively accessible to them (e.g., email and SMS).
In short, the signature data is securely encrypted and document integrity is guaranteed.
Good to know: With Stepover signature pads, the security-relevant steps of the process always take place in the signature pad itself, so that even viruses and malware have no chance of intercepting your biometric signature.
Is the electronic signature legally secure?
An electronic signature is generally as legally secure as a paper signature, provided it meets the formal requirements. The eIDAS Regulation as the central control element within the EU stipulates that an electronic signature may not be denied legal effect and admissibility because it is made in electronic form. This means that it can be used in approximately 95% to 98% of all business cases. Exceptions such as credit agreements, wills or property deeds are regulated by national laws.
The form of electronic signature required depends on the type of document. If there is a written form requirement, only the qualified electronic signature is permissible. However, this is seldom the case, as most contracts are subject to freedom of form and the contractual partners can decide for themselves.
Good to know: If there is no written form requirement, most companies use the advanced electronic signature.
Are there any country-specific features?
Electronic signatures are regulated throughout the EU in the eIDAS Regulation. The aim of the regulation is to create a common basis for secure digital interactions between citizens, companies and public authorities.
Switzerland, Liechtenstein, Iceland and Norway have adopted the regulations on electronic signatures of eIDAS analogously with their respective federal laws.
Electronic signatures, referred to here as e-signatures, are also legally valid in the USA. This is regulated on the one hand by the ESIGN Act passed in 2000 and on the other hand by the so-called UETA Act of 1999.
Electronic signatures in practice
Return on Investment
What do I need for an electronic signature?
The solutions and expertise of StepOver 🙂
The answer depends on many individual parameters. Therefore: do not hesitate and contact us. Gladly by e-mail or by phone.
The StepOver team will be happy to advise you in a personal meeting. Together we will find out which form of electronic signature is required and which solution best fits your existing IT infrastructure.
What file formats can I sign electronically?
In principle, neither eIDAS nor US legislation prescribes a file format. In practice, however, the PDF format – especially the PDF/A variant suitable for long-term archiving – has established itself as the usual document format for electronic signatures. This ensures that documents can be displayed and validated over the long term.
In principle, however, other arbitrary data records and also Word and Excel documents could be signed electronically. However, these must not be changed after the signature has been applied and must still be able to be displayed identically during a later check – if necessary, many years from now.
What solutions are available for digital signatures?
Standalone
Integration
Cloud
In which areas and industries can the electronic signature be used?
The digital signature can generally be used in all industries and in the most diverse departments and areas of a company.
What are the advantages of the digital signature?
The benefits of electronic signatures are many – all of them bring you clear competitive advantages. Here we have listed a few for you:
Cost reduction
No printing costs, no postage costs, no costs for a physical archive.
No media break
Digital documents remain digital
Sustainability
Resources such as paper or toner are saved.
Time saving
Documents can be signed in a time-saving manner, even if the signers are not in the same location.
Efficiency gains
Employees can focus on the important things and are not busy printing, scanning & archiving documents.
Error susceptibility decreases
No signatures are forgotten within a document. The right signer signs in the right place.
Range
Obtain signatures independently worldwide and local time
Flexibity
Always the optimal form of signature: remote, on-site, handwritten or certificate-based
Remote
Capable of acting even without meetings
What is the difference between handwritten, certificate-based or audit trail-based advanced electronic signatures?
In practice, there are different types of advanced electronic signatures (AES). Their designation depends on which identification feature of the signer is used:
Handwritten AES: The identification feature is biometric data (usually the handwritten signature on a suitable capture device).
Certificate-based AES: The identification feature is a key pair uniquely assigned to the signatory via a certificate.
Audit-trial-based AES: The identification feature is the process documentation uniquely assigned to the signature and the document. This includes the unambiguous linking of process steps that have taken place with one or more factors (email, mobile number, etc.) that can be verifiably assigned to the signatory. The process documentation and the audit trail document must be created by a third party (e.g. a server). The link between the document and the audit trail is then usually ensured by a certificate-based signature, whereby the certificate identifies the third party (e.g. the server) as the originator of the audit trail and as the “process observer” and is not assigned to the actual signatory.
Do you need help?
We are happy to help!
Contact us without obligation about our products or about electronic signatures in general.