Advanced electronic signature

eIDAS created standards for the use of electronic signatures so that they could be used securely when conducting business online, such as an electronic fund transfer or official business across borders with EU Member States.{{cite web|last1=Forget|first1=Guillaume|title=The eIDAS regulation is coming. How can banks benefit from it?|url=http://www.cryptomathic.com/news-events/blog/the-eidas-regulation-is-coming.-how-can-banks-benefit-from-it|publisher=Cryptomathic|access-date=12 May 2016}} The advanced electronic signature is one of the standards outlined in eIDAS.

For an electronic signature to be considered as advanced it must meet several requirements:{{cite web|last1=The European Parliament and the Council of the European Union|title=Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC|url=http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2014.257.01.0073.01.ENG|publisher=EUR-Lex|access-date=12 May 2016}}{{cite web|author=((Department for Business Innovation & Skills))|title=Electronic Signatures (Guide)|url=https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/356786/bis-14-1072-electronic-signatures-guide.pdf|publisher=The Government of the United Kingdom|access-date=12 May 2016}}

1. The signatory can be uniquely identified and linked to the signature
2. The signatory must have sole control of the signature creation data (typically a private key) that was used to create the electronic signature
3. The signature must be capable of identifying if its accompanying data has been tampered with after the message was signed
4. In the event that the accompanying data has been changed, the signature must be invalidated

Advanced electronic signatures that are compliant with eIDAS may be technically implemented through the Ades Baseline Profiles that have been developed by the European Telecommunications Standards Institute (ETSI):

• XAdES, XML Advanced Electronic Signatures is a set of extensions to XML-DSig recommendation making it suitable for Advanced Electronic Signatures.{{Cite web |title=Create Powerful Marketing Email Signatures – Email Signature for Marketers |url=https://newoldstamp.com/solutions/email-signature-for-marketing?mdrv=newoldstamp.com |access-date=2024-06-03 |website=Newoldstamp |language=en}}
• PAdES, PDF Advanced Electronic Signatures is a set of restrictions and extensions to PDF and ISO 32000-1 making it suitable for Advanced Electronic Signatures.
• CAdES, CMS Advanced Electronic Signatures is a set of extensions to Cryptographic Message Syntax (CMS) signed data, making it suitable for Advanced Electronic Signatures.
• JAdES, JSON Advanced Electronic Signatures is a set of extensions to JSON Web Signature (RFC 7515) making it suitable for Advanced Electronic Signatures.
• ASiC Baseline Profile. ASiC (Associated Signature Containers) specifies the use of container structures to bind together one or more signed objects with either advanced electronic signatures or time-stamp tokens into one single digital (zip) container.{{cite web|last1=|first1=|title=Asic Baseline Profile|url=http://www.etsi.org/deliver/etsi_ts/103100_103199/103174/02.02.01_60/ts_103174v020201p.pdf|publisher=etsi.org|access-date=23 May 2017}}

The implementation of advanced electronic signatures under the specification of eIDAS serves several purposes. Business and public services processes, even those that go across borders can be safely expedited by using electronic signing. With eIDAS, EU States are required to establish "points of single contact" (PSCs) for trust services that ensure the electronic ID schemes can be used in public sector transactions that occur cross-borders, including access to healthcare information across borders.

In the past, when signing a document or message, the signatory would sign it and then return it to its intended recipient through the postal service, via facsimile service, or by scanning and attaching it to an email. This could lead to delays and, of course, the possibility that signatures could be forged and documents altered, especially when multiple signatures from different people located in different locations are required. The process of using an advanced electronic signature saves time, is legally binding and assures a high level of technical security.{{cite web|last1=Mazzeo|first1=Mirella|title=Digital Signatures and European Laws|url=https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=ec9f1b60-74e3-4d3f-b2f7-85d8993c4bc6&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments|publisher=Symantec|access-date=12 May 2016}}

Following Article 25 (1) of the eIDAS regulation, an advanced electronic signature shall "not be denied legal effect and admissibility as evidence in legal proceedings". However it will reach a higher probative value when enhanced to the level of a qualified electronic signature. By adding a certificate that has been issued by a qualified trust service provider that attests to the authenticity of the qualified signature, the upgraded advanced signature then carries according to Article 24 (2) of the eIDAS Regulation the same legal value as a handwritten signature. However, this is only regulated in the European Union and similarly through ZertES in Switzerland. A qualified electronic signature is not defined in the United States.{{cite web|last1=Tuner|first1=Dawn M.|title=Is the NIST Digital Signature Standard DSS legally binding?|url=http://www.cryptomathic.com/news-events/blog/is-the-nist-digital-signature-standard-dss-legally-binding|publisher=Cryptomathic|access-date=12 May 2016}}{{cite web|last1=Information Technology Laboratory National Institute of Standards and Technology|title=FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION (FIPS PUB 186 -4): Digital Signature Standard (DSS)|url=http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf|access-date=12 May 2016}}

• Trusted timestamping
• Qualified electronic signature

{{reflist}}

Category:Cryptography standards

Category:XML-based standards

Category:Regulation