Regulation Zertes, eIDAS

 

What is Zertes ?

ZertES is a Swiss Federal law that regulates the conditions under which trust service providers may use certification services with electronic and digital signatures. Additionally, this law provides a framework that outlines the provider’s obligations and rights as they apply to providing their certification services
Acting in geographical proximity of the European Community, it is not surprising that ZertES is conceived similarly to eIDAS, in particular when looking at the tiered structure and legal value. ZertES has multiple assurance levels, the highest of which is the QES level equivalent to a handwritten one and mandatory for many official documents.

 

What is eIDAS ?

The eIDAS regulation has been enforceable across the EU Since 1st July 2016. eIDAS classifies two types of secure electronic and digital signatures standards;

1) the Advanced Signature and
2) the Qualified Signature.

Under eIDAS, citizens and businesses can use their native eIDS when accessing public services within other EU Member States that use eIDS. This regulation defines the conditions in which the Member States will recognize electronic identification from users.

Additionally, this regulation implements standards for digital signatures, time stamps, electronic seals, and other proof of authentication, including digital certification and registered delivery services that give those electronic transactions the same legal status as if they were conducted on paper. Signatys provides solutions for both types.

 

Basic, Advanced and Qualified Electronic signatures

Digital signature principle, what are the digital signature types?

 

Anyone new to this area can be easily confused about what constitutes an electronic signature and how different types of e-signatures compare in terms of evidential power and legality.

At a basic level any mark on an electronic document can be used to capture the signer’s intent to approve or accept the contents of that document. The form of the “mark” or how it was created is not important. What is important is proving who made the mark and that the document was not changed subsequently.

 

 

3 digital signature types

 

What is a Basic digital signature?

Some business applications require users to sign documents immediately without requiring the user to register and have their identity verified with the SignMit system. Typically use cases include a potential customer visiting a bank, office or shop in person and needing to sign some initial paperwork.
Documents signed with a basic e-signature show that the digital e-seal (technically a digital signature) was applied by the organisation.

 

What is an Advanced digital signature (AES)?

  • uniquely linked to the signatory;
  • capable of identifying the signatory;
  • created using means that the signatory can maintain under their sole control; and
  • linked to the data to which it relates in such a manner that any subsequent change of the data is detectable.

Signatys implements such signatures using standard PKI cryptography. Each user has a unique PKI signing key and associated digital certificate. The certificate acts as the person’s “digital identity” and is embedded in each signature they create – thereby securely binding the signer’s identity to their signed documents. The signing key which is used to create the signature is private and remains under the sole control of the owner, only accessible after appropriate authentication and authorisation checks.

 

What is a Qualified digital signature (QES)?

  • built on the Advanced Electronic Signatures (AES) format but where also:
  • the user’s digital certificate is issued by a trusted Qualified CA
  • the user’s signing key is managed within a trusted Qualified Signature Creation Device (QSCD)

QES are a more trusted version of AES. Cross-border recognised, QES require the highest levels of security for the protection of the user’s signing key and also a formal registration process for the user to verify their identity by a qualified Certificate Authority. From a legal perspective QES can be considered even stronger than handwritten signatures as the burden of proof shifts to the signer to prove that they did not sign!