blog-eidas-advantages-of-qes-compared-to-aes-and-where-qes-is-vital

eIDAS: The Advantages of QES as compared to AES

Advanced and Qualified Electronic Signatures are electronic signatures that comply with EU Regulation 910/2014 on eIDAS electronic transactions in the European internal market. They enable long-term verification of electronic signatures. Today, we explain the difference between Qualified and Advanced Electronic Signatures, both in terms of legal status and technical requirements.

For an electronic signature to be considered an advanced or qualified electronic signature, three main requirements must be met. 

  • First, it is necessary to link the signatory and identify it uniquely with the signature.
  • Secondly, the data used to create the signature must be under the signatory's sole control.
  • Finally, it must be able to identify whether the data that accompanies the signature has been manipulated since the message was signed.

An advanced electronic signature with a qualified digital certificate created by a qualified signature creation device (QSCD) is a qualified electronic signature. The addition of a qualified certificate is the difference between the advanced electronic signature and the qualified electronic signature. This certificate is issued by a qualified trust service provider and certifies that the electronic signature is authentic to serve as proof of the signatory's identity.

eIDAS requires that no electronic signature be denied legal effect or admissibility as evidence solely on the ground that it is in an electronic form or does not meet the requirements for qualified electronic signatures. However, the qualified electronic signature has the equivalent legal effect as a handwritten signature - it has a higher probative value in court. All EU Member States must recognize that a qualified electronic signature is valid as long as it has been created with a qualified certificate issued by another Member State under the EIDAS Regulation. In addition, it is prohibited for public services in member states to request higher-level signatures than qualified electronic signatures.

As mentioned above, generating a qualified electronic signature is more than simply adding a qualified certificate to an advanced electronic signature—the signature must be created using a qualified signature creation device (QSCD). This device is responsible for securing qualified electronic signatures by using specific hardware and software to ensure that private keys are controlled by the signatory only.

In addition, a qualified trust service provider manages the generated signature data. The creation of signature data must remain unique, confidential and protected from forgery. Qualified electronic signatures that comply with eIDAS can be technically implemented through three specific digital signature standards (XAdES, PAdES, and CAdES developed by the European Telecommunications Standards Institute ETSI).

Then they need to be complemented by a qualified digital certificate through the procedures described above.

The qualified trust service provider plays an important role in the process of qualified electronic signing. A trust service provider must obtain qualified status from a governmental supervisory body that effectively allows the entity to provide qualified trust services for the creation of qualified electronic signatures. The European Union has compiled an EU trust list with the legal effect that a provider or service will only be qualified if it appears in the trusted list.

Qualified trust service providers are required to comply with the strict guidelines outlined as part of the certificate creation process. The service provider must provide a valid time and date for the creation of certificates. Signatures that have expired certificates must be immediately revoked.

Personnel employed by the qualified trust service provider must be adequately trained. The service provider's software and hardware must be trustworthy and capable of preventing forgery of certificates.

Under eIDAS, the purpose of implementing qualified electronic signatures is to serve several purposes, such as facilitating business and public service processes, including cross-border processes.

Using electronic signing under eIDAS, these processes can be safely accelerated. EU Member States have set up Single Contact Points for Trust Services to ensure that electronic ID schemes can be used in cross-border public sector actions such as exchanging and accessing cross-border healthcare information.

Previously, a signatory would sign a document or message and then return it to the intended recipient via the postal service, Facsimile service by hand, or by scanning and attaching it to an email.
The problem with these practices is that they are not always totally secure (man in the middle attack). Long delays of delivery could occur and there is the chance that signatures could be forged or that the original documents could be altered. Risks are higher as multiple signatures are needed from different people who may be located at multiple locations.

These fundamental problems are mitigated by the use of qualified electronic signatures, which are legally valid and provide a higher level of technical security. Instead of relying on traditional methods, users may now perform transactions across borders, like "1-Click" payment services.

About the author

Ulrich Scholten is an internationally active entrepreneur and scientist. He holds a PhD in information technology and owns several patents on cloud-based sensors. His research on cloud computing is regularly published in highly rated journals and conference papers. From 2008 - 2015, he was associated research scientist at the Karlsruhe Service Research Institute (KSRI), a partnership by KIT and IBM, where he researched network effects around web-platforms together with SAP Research.

To find more press releases related with below topics, click on one of the keywords:

¿En qué podemos ayudarle?

Hable con uno de nuestros especialistas y descubra cómo Utimaco puede ayudarle hoy mismo.
Ha seleccionado dos tipos diferentes de Download, por lo que necesita presentar formularios diferentes que puede seleccionar a través de las dos pestañas.

Su(s) solicitud(es) de Download:

    Al enviar el siguiente formulario, recibirá enlaces a las descargas seleccionadas.

    Su(s) solicitud(es) de Download:

      Para este tipo de documentos, es necesario verificar su dirección de correo electrónico. Recibirá los enlaces a las Download seleccionadas por correo electrónico después de enviar el siguiente formulario.

      Descargas de Utimaco

      Visite nuestra sección de descargas y seleccione recursos como folletos, fichas técnicas, libros blancos y mucho más. Puede ver y guardar casi todos ellos directamente (pulsando el botón de descarga).

      Para algunos documentos, es necesario verificar su dirección de correo electrónico. El botón contiene un icono de correo electrónico.

      Download via e-mail

      Al hacer clic en dicho botón se abre un formulario en línea que le rogamos rellene y envíe. Puede recopilar varias descargas de este tipo y recibir los enlaces por correo electrónico simplemente enviando un formulario para todas ellas. Su colección actual está vacía.