Confirm it with an e-seal

  • Michał Tabor profile
    Michał Tabor
    4 July 2016 - updated 4 years ago
    Total votes: 6

Electronic Seal is a new solution incorporated in the eIDAS EU Regulation. Using the Electronic Seal to secure evidence of electronic transactions can facilitate the implementation of electronic services for individuals, reducing the need for them to use the electronic signature.

Electronic Seal is designed to ensure the integrity and authenticity of documents sealed with it. The Seal certificate contains information, which defines what exactly does “the authenticity” of the document imply. Authenticity of an electronic document may mean that the sealed document has been created or processed in accordance with rules regulated by certificate or certification policy.

The eIDAS Regulation specifies that only a legal person can create a seal. The creation of an electronic seal guarantees the authenticity of the document in accordance with the terms of use of the electronic seal, which are defined in the certificate or certification policy.

An advanced electronic seal is created using the data, which is under the control of the creator of a seal. Incidentally the eIDAS Regulation does not specify how this control should be implemented. In this area the eIDAS regulation leaves some freedom and allows the creator of a seal to establish their own control measures over data used for placing the seal.

Guaranteeing the authenticity and integrity of documents can be very important to facilitate the implementation of a number of electronic services, ensuring safety measures necessary for addressing the risk in a particular business process. The guarantor of integrity and authenticity of a sealed document is the creator of a seal. Also the environment and conditions in which the seal is created remain under his control.

The above scheme allows for the creation of technical solutions, in which the seal mechanism can become a part of a device provided or authorized by "creator of a seal". These devices create an electronic seal over electronic data processed by them. The seal can contain information on the processing schema and security conditions. Individuals or legal persons for specific dedicated tasks can then use such devices. The evidence prepared by such a device can secure a business process or other trust services.

An example of the aforementioned usage of an electronic seal is a photo camera in which every captured image is sealed with information about the time and place, downloaded from the GPS. This stamp guarantees the authenticity of origin of images from a specific camera model and also specifies where and when the photo was taken. The entity submitting this seal is the manufacturer (or guarantor) of the camera. The camera manufacturer in this way ensures that only pictures taken with this specific camera, accompanied by data from the GPS will have this seal.

Another example illustrating of the use of the seal is a paper scanner in which the seal is used to ensure the authenticity and integrity of scanned documents. The Scanner manufacturer guarantees the seal is created only on a document scanned by their machine. However no document that hasn’t been scanned on the specific device can receive a similar seal.

The use of an electronic seal by the manufacturer of the device enables the delivery of equipment performing various functions and data processing schemes.  It also provides evidence that the manufacturer or the guarantor of the device guarantees the authenticity and integrity. These can be devices processing only the content of electronic documents (eg. sealing received or sent messages), as well as devices supplying additional content i.e. an image, movement, sound, time and place (for ex. cameras, recorders, camcorders, speed cameras and biometric readers).

Sealed documents can be further processed in the data cloud or used as evidence for other trust services, which in turn creates the opportunity to build a number of business services. The use of the electronic seal as outlined in this article makes it possible to simplify the usage of electronic services by individuals without the need of an electronic signature.

Tags: