Electronic Signature

Introduction

An electronic signature is essentially the equivalent of a hand-written signature, with data in electronic form being attached to other electronic subject data (Invoice, Payment slip, Contract, etc) as a means of authentication.
Electronic signature is not just a 'picture' of the hand written signature. It is a digital signature that uses a cryptographic transformation of the data to allow the recipient of the data to prove the origin and integrity of the subject data.
In addition to this digital signature the electronic signature also has user authentication via digital certificate, smart card or a biometric method.

Increasingly, electronic signatures are being accorded the same legality as hand-written ones. The European Commission e-sign Directive (1999/93/EC) was a step in this direction, as was the June 2000, U.S. government E-sign bill.

On 28 November 2008 the European Commission adopted an 'Action Plan on e-signatures and e-identification to facilitate the provision of cross-border public services in the Single Market' (COM(2008) 798).

On 22nd December 2009, the European Commission issued a standardization mandate on electronic signatures (M/460) for the definition of a rationalized standardization framework.

Our Role & Activities

ETSI activity on electronic signatures is coordinated by technical committee Electronic Signatures and Infrastructures (ESI).
 
ETSI ESI is the committee dealing with electronic signatures (signature format, certificates, CSPs, trusted list) and ancillary services (Registered email, Time-Stamping, Long-term document preservation).

Their activity covers signature creation and verification based on advanced electronic signatures such as CAdES (CMS Advanced Electronic Signatures), XAdES (XML Advanced Electronic Signatures), PAdES (PDF Advanced Electronic Signatures), and ASiC (Associated Signature Container).  ESI also deals with cryptographic suites, trust service providers supporting e-signatures (e.g. certification authorities, time-stamping authorities), trust application providers (e.g. Registered Emails (REM) providers, Information preservation providers), and Trust-service Status List (TSL). TSL is defined to enhance the confidence of parties relying on certificates or other services related to electronic signatures since they have access to information that will allow them to know whether a given Trust Service Provider was operating under the approval of any recognized scheme at the time of providing their services and of any dependent transaction that took place.

In order to prove interoperability of implementations and enhance standards robustness, ETSI is running regular CAdES/XAdES PlugtestsTM events. Other PlugtestsTM events on PAdES, ASiC, and Registered Emails will enhance testing activities.

Latest ESI activities on:
http://portal.etsi.org/esi/esi_activities.asp

Standards

The following is a list of the 20 latest published ETSI standards on electronic signatures.

A full list of related standards in the public domain is accessible via the ETSI standards search. Via this interface you can also subscribe for alerts on updates of ETSI standards.

For work in progress see the ETSI Work Programme on the Portal.

Standard No. Standard title.
TR 119 000 Electronic Signatures and Infrastructures (ESI); The framework for standardization of signatures: overview
EN 319 403 Electronic Signatures and Infrastructures (ESI); Trust Service Provider Conformity Assessment - Requirements for conformity assessment bodies assessing Trust Service Providers
TS 119 403 Electronic Signatures and Infrastructures (ESI); Trust Service Provider Conformity Assessment - Requirements for conformity assessment bodies assessing Trust Service Providers
TS 119 162-1 Electronic Signatures and Infrastructures (ESI); Associated Signature Containers (ASiC); Part 1: Building blocks and ASiC baseline containers
TS 119 162-2 Electronic Signatures and Infrastructures (ESI); Associated Signature Containers (ASiC); Part 2: Additional ASiC containers
TR 119 001 Electronic Signatures and Infrastructures (ESI); The framework for standardization of signatures; Definitions and abbreviations
TS 119 612 Electronic Signatures and Infrastructures (ESI); Trusted Lists
TS 119 102-1 Electronic Signatures and Infrastructures (ESI); Procedures for Creation and Validation of AdES Digital Signatures; Part 1: Creation and Validation
TS 119 172-1 Electronic Signatures and Infrastructures (ESI); Signature Policies; Part 1: Building blocks and table of contents for human readable signature policy documents
TS 119 122-1 Electronic Signatures and Infrastructures (ESI); CAdES digital signatures; Part 1: Building blocks and CAdES baseline signatures
TS 119 122-2 Electronic Signatures and Infrastructures (ESI); CAdES digital signatures; Part 2: Extended CAdES signatures
TS 119 132-1 Electronic Signatures and Infrastructures (ESI); XAdES digital signatures; Part 1: Building blocks and XAdES baseline signatures
TS 119 132-2 Electronic Signatures and Infrastructures (ESI); XAdES digital signatures; Part 2: Extended XAdES signatures
TS 119 142-1 Electronic Signatures and Infrastructures (ESI); PAdES digital signatures; Part 1: Building blocks and PAdES baseline signatures
TS 119 142-2 Electronic Signatures and Infrastructures (ESI); PAdES digital signatures; Part 2: Additional PAdES signatures profiles
TS 119 401 Electronic Signatures and Infrastructures (ESI); General Policy Requirements for Trust Service Providers
TS 119 411-1 Electronic Signatures and Infrastructures (ESI); Policy and security requirements for Trust Service Providers issuing certificates; Part 1: General requirements
TS 119 411-2 Electronic Signatures and Infrastructures (ESI); Policy and security requirements for Trust Service Providers issuing certificates; Part 2: Requirements for trust service providers issuing EU qualified certificates
TS 119 412-1 Electronic Signatures and Infrastructures (ESI); Certificate Profiles; Part 1: Overview and common data structures
TS 119 412-2 Electronic Signatures and Infrastructures (ESI); Certificate Profiles; Part 2: Certificate profile for certificates issued to natural persons