Present-day society is an information society, with increasingly widespread use of the Internet and mobile telephony. We need to know that information is correct, that the right persons have access to it and that others are prevented from accessing it. We also need to be able to be sure of with whom we are communicating. Electronic identification and electronic signatures are a couple of the tools needed in order to establish the necessary confidence and security.

What can electronic identification and signatures be used for?
There are several reasons for the use of electronic identification and signatures:

• To improve protection of your information
• To improve protection against fraud, without reducing the availability of services.
• To provide traceability of transactions and/or of events
• To be able to create new business, or to add value to existing businesses, through the ability to make full use of electronic identification and signatures.

Electronic signatures can and should be used when a signature is necessary, or when we do not want information to be changed. Signatures are required in many contexts on various forms and documents, contracts, payment instructions, for confirmations and so on. If a document is signed electronically, this also ensures that the information being transferred is not altered on the way, whether accidentally or intentionally. Electronic signatures make it possible for the sender of information to sign the information so that the reader can see who has sent it and that it has not been altered.

Digital Signature & certificate
A digital signature can be placed by using a certificate. There are several levels of trust possible for certificates, ranging from self-signed to qualified certificates. Important for digital signatures is proof of identity of the holder of the certificate, and eliminating risks in the process as much as possible.

Legislation and CWA
Each country as well as the European Union has its own legislation or directive regarding the validation of digital signatures. If a digital signature complies with the legislation it is called a qualified signature. For a digital signature to be valid for EU legislation the whole process of issuing the certificate and signing the information has to comply with a technical framework called CWA. This framework describes the technical architecture to use and security measures to take to be compliant.

Legislation and Common Criteria
For a qualified signature to be valid in countries like The Netherlands, Spain, Italy and Germany a Common Criteria certification of EAL4 is mandatory, which means that the product and/or process complies with the protection profile as given by the CWA.

EAL 4+ means that the product not only complies with EAL4, but has implemented additional security measures as well, augmenting its security.  

Digital Signatures and AET Solutions
AET Solutions support the use of digital signatures; The cryptographic middleware SafeSign Identity Client is in the process of becoming EAL 4+ certified, and BlueX Digital ID Management can be used to issue certificates complying to the CWA directive.