e-Signature

The e-Signature Building Block (BB), which is one of the key building blocks of the e-SENS project, aims to establish cross-border interoperable components for a secure authentication infrastructure in different domains. e-Signature is one of the Digital Service Infrastructure Building Blocks (DSI-BBs) of the Connecting Europe Facility (CEF) programme. It is part of the “electronic identification and authentication” DSI-BB, defined as “services to enable cross-border recognition and validation of e-identification and signature.” An electronic signature is defined as “data in electronic form which are attached to or logically associated with other electronic data and which serve as a method of authentication” (Signature Directive 1999/93/EC). The main purpose is to bind an e-Document to an entity so that legal value is associated.

The e-Signature BB and its components follow legal and interoperability frameworks (EU e-Signature legislation and the EU e-Signature Standards Framework) and prove that real-life interoperability is possible. The ICT architecture is therefore based on the EU e-Signature Standards Framework as governing the specification.

Many European states have defined various forms of e-Signature solutions. With the upcoming eIDAS Regulation, the provisions of e-Signatures legislation that were originally provided by the Signature Directive will be amended. The e-SENS e-Signature building block is based on and will support eIDAS as a policy basis.

 

e-Signature architecture

The general architecture of e-Signature is shown below.


e-Signature consists of four architectural BBs (ABBs):

  • e-Signature Creation Service: This defines a service that uses an application to generate signatures that adhere to the specification.
  • e-Signature Verification Service: This defines a service that uses an application to verify signatures according to the specification.
  • Mobile e-Signature: For both the e-ID and the e-Signature building blocks mobile technologies deserve particular attention, as mobile devices like tablets and smartphones are increasingly becoming the default Internet access device. e-SENS supports mobile signature solutions, taking advantage of mobility to establish cross-border e-Signature services with the use of a mobile signing device. As part of the inventory checking phase, several building block candidates have been identified that have the potential to achieve these goals. In order to systematically assess their capabilities to meet the defined goals, an analysis is being applied to potential building block candidates based on Austrian Mobile Phone Signature, Estonian Mobile-ID, Turkcell Mobile Signature, Spanish Firm@Movil. Despite the fact that mobile e-signature is a high-potential market and exists in several European countries, a majority of countries still use traditional e-signature solutions based on smart cards.

 

Interoperability for e-signatures requires that all parties adhere to the same format and standards when generating and verifying signatures. This framework provides the format and standards to be used, and maintains these over time. The e-Signature standards framework covers numerous standards and specifications. It is best described by the CEN and ETSI “Rationalised Framework for Electronic Signature Standardisation.”

As e-SENS e-Signature services must be trustworthy, the e-Signature BB has close interaction with the Trust Services BB, which establishes trust and confidence between cross-border services including e-Signature. The Trust Services BB supports different trust models, namely the Web Services Trust Model, Trust-service Status List and Trust Networks for PKI and Mutual Recognized Certificates, which may be applied as alternatives or even be used in a hybrid manner, depending on needs.

  • Trust Network – PKI. This Trust Establishment Model is based on the use of a single PKI issuing certificates for all members of a Trust Domain (TD). Certificates are used for digital signatures on service request and response messages for purposes of authentication and integrity and for client authentication (e.g. SSL/TLS), and may optionally also be used for encryption of messages.
  • Trust Network – Trust Service Status List (TL). These were established by Commission Decision 2009/767/EC as amended by Commission Decision 2010/425/EU. TLs have the aim of supporting the validation of Qualified Electronic Signatures (QES) and Advanced Electronic Signatures (AdES) supported by a Qualified Certificate (AdESQC). TLs enable EU-wide validation of service supervision/accreditation status and hence the quality of Trust Service Providers (TSPs) issuing (qualified) certificates.  
  • Trust Network – Mutual Recognized Certificates. Mutual exchange of certificates is a widely used simple mechanism of the Direct Trust Model. Due to its limited scalability, it may be a first choice for interacting communities with a manageable number of participants having knowledge about one another. 

 

Furthermore, e-Signature is related to the Traceability BBs, which are a set of tools and techniques used for tracing users’ transactions, for example. Traceability consists of the following ABBs:

  • Evidence Emitter – this enables all the corners of the e-SENS four-corner model to generate and emit electronic evidence used for non-repudiation purposes, based on each domain’s regulations and technological needs. 
  • Electronic Timestamps – used for temporal traceability of electronic transactions with evidential value. Evidence may be provided to end entities to be kept for proof purposes, serving to capture the time instant that a given data item was produced (e.g. electronic signatures, documents).