Use case: Document signing (using legally binding signatures)

A company wants to provide a web interface to sign a contract using a digital signature which is legally binding in the European Union (which is admissible as court evidence).

This will require the use of an 'advanced electronic signature' as defined in directive 1999/93/EC of the European Parliament and of the Council. The key should be associated with a qualified certificate (issued by a certified certificate authority), issued using the most stringent processes and using the most secure type of keys (and therefore embedded in an hardware device like a smart card or an USB dongle).

The requirement for secure hardware prompted several European countries to issue electronic identity cards to their citizens. Currently Austria, Belgium, Estonia, Finland, Germany, Italy, Portugal, Spain and Sweden issue electronic identity cards and more countries are planning on issuing them.

These cards, many of them issued mandatory, create a large group of users with access to secure hardware and a certificate ready to create legally binding electronic signatures. Governments have begun using these cards in web applications for the retrieval of official documents like birth certificates (after authentication) or submitting online tax forms (requiring a signature). Many more use cases for government and corporate applications can be thought of, but in this paper we will be focussing on signing documents.

Requirements:
* Use the private key to perform basic cryptographic operations
* Export the certificate, including its certificate chain (the website has to validate that the public key was issued by a certified certificate authority)
* Specify the list certified certificate authorities when querying for a certificate

Kind regards,

Nick Van den Bleeken
R&D Manager

Phone: +32 3 425 41 02
Office fax: +32 3 821 01 71
nick.van.den.bleeken@inventivegroup.com<mailto:nick.van.den.bleeken@inventivegroup.com>
www.inventivedesigners.com


[cid:image001.png@01CBF2F8.1DA19110][cid:image002.png@01CBF2F8.1DA19110][cid:image003.png@01CBF2F8.1DA19110]


________________________________

Inventive Designers' Email Disclaimer:
http://www.inventivedesigners.com/email-disclaimer

Received on Wednesday, 24 April 2013 16:43:05 UTC