Home > Digital Signature  
 
 
 
 
 

 

 

A digital signature is the term used for signing an electronic document, by a process analogous to paper sigantures, but which makes use of a technology known as public-key cryptography.

Clearly paper signatures cannot be applied to documents that remain in electronic form. More significantly additional security properties are required of signatures in the electronic world.
This is because the probability of disputes rises dramatically for electronic transactions without face-to-face meetings, and in presence of potentially undetectable modifications to electronic documents.

Digital signatures address both of these concerns, and offer more inherent security than paper signatures. Compared to all other forms of signatures, digital signatures are by far the most easily verified and the most reliable with respect to providing document integrity.

The EU Electronic Signature Directive
To answer these juridical necessities the European Union adopted a community framework for electronic signatures some time ago (directive 1999/93/EC of the European Parliament and the council of December 13, 1999, on a community framework for electronic signatures) that has been implemented in various European countries. The European directive is used for business in which European partners (persons or societies) or public administrations are involved. It also means that if an American organization enters into an electronic contract with a European society it has to respect European requirements to ensure the contract is valid.

The Directive addresses three forms of electronic signatures. The first one is the simplest form of the “electronic signature” and is given a wide meaning. It serves to identify and authenticate data. It can be as simple as signing an e-mail message with a person’s name or using a PIN-code. To be a signature the authentication must relate to data and not be used as a method or technology only for entity authentication.

The second form of electronic signature defined in the Directive is the “advanced electronic signature”. This form of signature has to meet the requirements defined in Article 2.2 of the Directive. The Directive is technology neutral but in practice, this definition refers mainly to electronic signatures based on a public key infrastructure (PKI). This technology uses encryption technology to sign data, which requires a public and a private key.

Lastly there is a third form of electronic signature mentioned in Article 5.1, which the Directive did not give a term of its own, but which is commonly called “qualified electronic signature”. This consists of an advanced electronic signature based on a qualified certificate and created by a secure-signature-creation device (SSCD).
The SSCD must ensure the key can neither be forced nor reproduced in a reasonable time, one that is longer than the validity period for the signature.

Most of the EU Member States as the Italy have transposed the Directive into national legislation. In addition, many of the non-EU countries have based their own electronic signatures and delivery of signature related services legislation on that of the EU Directive. From a technical point of view the Directive has even influenced international standardization initiatives, such as the IETF standardization work on Qualified Certificates. New terminology introduced by the Directive (especially Qualified Certificate, Advanced Electronic Signature, and Certification Service Provider) has been taken over in international context.

INTESA services are fully compliant with European Directive and our PKI is an International Certification Service Provider from 2001.

 

PKI - e-mail Security - Fraud Management - SSL Services - Digital Signature