The electronic digital signature has been guaranteeing the security of Ukrainians – both businesses and individuals – for years. However, many people still do not know how this technology works and, most importantly, why it should be used.
Digital signature (EDS) is a modern technological solution for verifying the authenticity and immutability of electronic documents. This tool allows individuals and organizations to certify digital documents in such a way that any unauthorized tampering becomes obvious, thus ensuring their authenticity.
Types of electronic signatures
There are different types of EDS. For example, the EDS of an individual. Citizens use it to confirm their identity in the digital environment. It is used when submitting electronic declarations, applications and other documents to state institutions.
A digital signature is formed by means of a specialized algorithm using a digital key. Such a key is a mathematical object consisting of two components: a public key and a private key. The public key is used to verify the signature, while the private key is kept confidential and is used to create the signature. The security of the private key is of paramount importance, because its compromise (simply put – falling into the wrong hands) can lead to unauthorized signing of documents on behalf of the owner. At the same time, the public key is published on the official information resource, as it is necessary for EDS authentication
An EDS can look in many different ways. For example, as a text signature. Then it is a line of text containing information about the signatory and the date of signature, which is usually placed at the bottom of the document. Another option is a graphic signature. It is similar to a handwritten signature and may contain the name or initials of the signatory.
There is also a cryptographic signature: it is invisible to the eye, generated using cryptographic keys and is a unique code that is verified by special software. Finally, there is the so-called electronic seal. It can be displayed as a graphic image or text information on a document.
EDS is used in various spheres:
– Commercial transactions: provides confirmation of transactions between companies and customers, reducing the risk of document forgery.
– Email correspondence: used to sign information in emails, guaranteeing its authenticity.
– Remote banking: secures payments and confirms the identity of customers.
There are numerous advantages to using an electronic signature:
Guarantee of authenticity and integrity: Ensures that documents remain unaltered after signing
Efficiency and Convenience: Allows you to quickly sign documents without the need to print and physically sign.
Cost reduction: Electronic document management reduces paper and storage costs.
Remote signing: Ability to sign documents from any location with Internet access
Electronic signatures are:
– In the form of a file that is stored on a computer or common flash drives, etc.
– Signatures that are stored on secure media – tokens or cloud services
– Signatures that are stored on the SIM card of a cell phone – Mobile ID.
File signatures can be copied and stored anywhere, while tokens (USB keys), cloud storage and Mobile ID cannot be copied and are therefore more secure. A token needs to be connected to a computer and read, and when using Mobile ID, you need to enter your phone number and personal pin code created when you connect the Mobile ID service. The owner has access to the key in the cloud storage from any device with internet access.
How electronic signature of documents is implemented in Ukraine
Previously, users were familiar only with electronic digital signature (EDS). However, with the adoption of the Law of Ukraine “On Electronic Trust Services” it ceased to be relevant. It has been replaced by a more precise notion – qualified electronic signature (QES).
A qualified electronic signature has the same legal force as a handwritten signature. This is confirmed by the Law of Ukraine “On Electronic Document Flow and Electronic Documents”.
From a technical point of view, a CEP is a set of electronic data created from a document file, a signature key and a time stamp. These elements are combined into a container (an archive containing the file and signature) or a separate file to be stored and verified together with the document.
From a technical point of view, a CEP is a set of electronic data created from a document file, a signature key and a time stamp. These elements are combined into a container (an archive containing the file and signature) or a separate file to be stored and verified together with the document.
Benefits of CEP:
– Legal validity: CEP is equal to a handwritten signature and can be used for any legally significant actions.
–Security: CEP ensures confidentiality and integrity of information, eliminating the possibility of forgery or falsification of documents.
–Time saving: CEP allows you to sign documents electronically, without the need for printing, manual signing and scanning.
– Convenience: CEP can be used on any device with Internet access.
Practical implementation: use of qualified electronic signature (QES)
In Ukraine electronic keys are issued by different organizations – and this should not surprise anyone. Issuance of EDS, according to the Law “On Electronic Trust Services”, is a trust service, and therefore it is performed by qualified providers of electronic trust services, the list of which is contained in the Trust List (as of today there are 26 of them). Accredited Key Certification Authorities (KCAs) established in accordance with the Law of Ukraine “On Electronic Digital Signature”, which intended to provide qualified electronic trust services, were automatically entered by the central certification authority into the Trust List as qualified providers of electronic trust services.
The validity period of an EDS certificate is two years. After this period expires, a new signature must be produced again using the same algorithm of actions. The reason for such term is the information protection requirements that are put forward to the means used for imposing EDS.
From the technical point of view there is no fundamental difference between a personal and a corporate electronic key. An individual can obtain an electronic signature from any qualified electronic trust service provider and use it. Also, the solution for qualified electronic signature for signing electronic documents is integrated into the Diya application. This option is free of charge for individuals.
Another thing is that legal entities need EDS in order to organize secure document flow. A CEP is an indispensable thing for organizing electronic document flow in business and for submitting reports to state authorities online. A qualified electronic signature of a legal entity is a legal analog of a handwritten signature, so it can be used to sign any legally significant documents. Companies that have decided to switch to electronic document management in order to optimize external and internal business processes should obtain a legal entity CEP for all employees who have the right to sign.
Why do company employees need a CEP? For full transition to EDI both in communication with counterparties and within the company; for registering cash registers, issuing electronic signatures for cashiers and seals; for signing acts and documents, incoming and outgoing invoices online via EDI services for retail; for implementing e-TTN, issuing KEPS to shippers, drivers and consignees – and so on.
It is not by chance that the ability to download digital signatures is integrated into such Ukrainian document management systems as M.E.Doc, SOTA, “Vchasno” (in this service you can also get an EDS key) and a number of others. In addition, some large Ukrainian banks – FUIB, Oschadbank, Ukrsibbank, PrivatBank and Monobank – can issue EDS for their clients.
A company can self-certify its employees – become a representative of one of the qualified providers of electronic trust services. Or order an offsite key generation service from them.
If a company has more than 100 employees, it is better to use the services of cloud storage providers. What if an employee quits or is on vacation? A key on a flash drive or a token in such a case is impossible to control. And cloud services allow you to see all transactions that take place with signatures and deny access to the key depending on where and when the employee is. This both strengthens control and increases the level of information security.
Risks of using an electronic signature and security measures.
Although there are certain risks associated with using an electronic signature, such as key loss or unauthorized access, taking security measures can prevent negative consequences. It is important to block old certificates in case of key loss and contact the service provider to create a new signature.
Moreover, the loss of an EDS key can put you at risk of hacking and unauthorized access to your electronic data.
Third parties can take advantage of this vulnerability and commit fraud on your behalf – steal money from your bank account, take out a loan in your name, or even re-register your business.
To prevent the negative consequences of losing an EDS key, it is important to immediately block old certificates and contact the organization or institution that issued the key. They can help you create a new key and carry out the re-activation procedure. In some cases, you may be required to verify your identity and provide additional documents to restore access to the EDS key.
Conclusions.
Despite all the possible risks, the benefits of using an electronic signature are obvious. It is a modern, convenient, and secure way to confirm the authenticity of electronic documents, which greatly facilitates the work of both businesses and individuals.