Electronic seal

An electronic seal is a piece of data attached to an electronic document or other data, which ensures data origin and integrity.^[1] The term is used in the EU Regulation No 910/2014 (eIDAS Regulation) for electronic transactions within the internal European market.^{[2] [3] [4]}

Description

Conceptually similar to electronic signatures and usually technically realized as digital signatures, electronic seals serve as evidence that an electronic document was issued by a specific legal entity. For this purpose, an electronic seal must be linked to the data sealed with it in such a way that any subsequent change in the data is detectable and also in such a way that a fake seal cannot be created without access to the data (usually a private key) used for creation of the digital seal. This is usually achieved through use of a qualified digital certificate that is involved in creation of a digital seal. The unique private key used in the creation of the digital seal ensures non-repudiation: the entity that created the digital seal cannot later deny that it created the seal for that document. If the document is modified after its digital seal was created, the digital seal is not valid for the modified document. This can be checked by anyone with access of the public key corresponding to the private key used in the creation of the digital seal, ensuring the integrity of the sealed document.

Besides authenticating the document issued by the legal entity, e-Seals can also be used to authenticate any digital asset of the legal person, such as software code or servers. The important difference between a digital signature and an electronic seal is that the latter is usually created by a legal person while digital signatures are created by a natural person. For the creation of a digital signature, action of the person signing a document or data is required. In contrast, the creation of the digital seals can be incorporated in automated processes executed in a digital environment.^[5]

Qualified electronic seal

A qualified electronic seal is an electronic seal that is compliant to EU Regulation No 910/2014 (eIDAS Regulation) for electronic transactions within the internal European market.^[2][6][7] It enables to verify the issuer of a document over long periods of time. Qualified electronic seals can be considered as digital equivalent to seals of legal entities on paper. According to the eIDAS regulation, a qualified electronic seal must be created by a qualified electronic device and based on a qualified certificate for electronic seal.^[2][8]

References

1. John Erik Setsaas (24 October 2016). "Introduction to digital seals". Signicat. Archived from the original on 14 January 2018. Retrieved 15 January 2018.
2. "Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC". EUR-Lex. 23 July 2014. Archived from the original on 15 January 2018. Retrieved 15 January 2018.
3. "Questions & Answers on Trust Services under eIDAS". Digital Single Market. European Commission. 29 February 2016. Archived from the original on 15 January 2018. Retrieved 16 January 2018.
4. Dan Puterbaugh (1 March 2016). "Understanding eIDAS – All you ever wanted to know about the new EU Electronic Signature Regulation". Legal IT Insider. Archived from the original on 17 January 2018. Retrieved 17 January 2018.
5. Michał Tabor (4 July 2016). "Confirm it with an e-seal". eIDAS Observatory. European Commission. Archived from the original on 14 January 2018. Retrieved 15 January 2018.
6. "How the eIDAS regulation has revolutionized the credit system" (in German). 11 February 2018. Retrieved 22 June 2018.
7. "EIDAS regulation".
8. Turner, Dawn M. "Trust Service Providers according to eIDAS". Cryptomathic. Retrieved 22 June 2016.