Business contracted over the internet has been increasing as the world gets smaller and long distance and international commerce begins to replace face-to-face trade. From the beginning, contracts could not be signed over the internet; checks could not be electronically delivered. It has been possible to sign documents and send images over the electronic media, but for many years most transactions could not be legal until a paper document arrived bearing a pen and ink signature. Before the late 1970s, the recipient of an electronic document could never be sufficiently assured that signatures received electronically were not forged or changed after the signature was affixed.
In 1976, cryptographer Whitfield Diffi and Martin Hellman published first described the notion of a digital signature. The solution has become known as Diffie–Hellman key exchange. A short time later, cryptographers Ronald Rivest, Adi Shamir and Len Adelman invented the RSA algorithm, which could be used to produce a first digital signature–albeit not secure by today’s standards. Gradually, what would be required for a truly secure digital signature was defined, as the possible means of falsification were rigorously worked out.
Instead of individual differences in the shape of personal signature handwriting, that are traditionally used on faith in authentic paper-and-ink signatures, the ‘qualified electronic signature’ means an advanced electronic signature that is created by a qualified electronic signature creation device (QSCD), and which is based on a qualified certificate for electronic signatures. This device is responsible for qualifying a digital signature and ensures that. Only the signatory has control of their private key. A qualified trust provider manages the signature creation data. It´s protected, unique and confidential.
If the signatory is using a QSCD and a qualified certificate for the electronic signature, then it is a qualified electronic signature and consists of the following data:
- Signatory’s personal certificate to identify the signatory;
- Certificate status information which is provided by the qualified Trust Service Provider;
- Timestamp which is linked to the signatory’s certificate, certificate revocation information, and data signed by the signatory in such a way that any subsequent change in the data is detectable.
Any signatory that has signed documents in SignWise Services with qualified electronic signature creation device and using qualified certificate cannot, at a later time, deny having signed it.
SignWise Services, the electronic identity platform, enables identifying customers’ identity, electronic document signing and user authentication with strong electronic signatures. The service streamlines access control and provides quality and convenient online services. Please contact us to learn more.
POST IS WRITTEN BY
manager @SignWise Services and electronic identity expert
I have primarily worked as an R&D visionary and adviser for PKI-based authentication, eSigning, eSignature validation and eAuthorization services. I was part of the team that worked on the Estonian electronic identity for the Ministry of Economic Affairs and Communications, creating service portals for local authorities and annual electronic reports submission system for the e-Business Registry – winning the Best e-Government Solution award at the World Summit Award in 2011.
Learn more about electronic identity and document signing trends and how you can get the support for your business by contacting SignWise Services team now.