[v4.50] Define signature qualities

Inhalt

1. What are signature qualities and what types are there?

Electronic signatures increase the efficiency of users and their flexibility in terms of time and location. Since documents may be subject to different security and legal requirements, we distinguish between three types of electronic signature qualities according to eIDAS or ZertES:

Simple Electronic Signature (SES or EES)
Advanced Electronic Signature (AES or FES)
Qualified electronic signature (QES)

XiTip
To determine which signature you should use for which process in your context, it makes sense to define an internal regulation.

1.1 Simple electronic signature

The eIDAS recognises three security levels. The simple electronic signature (EES) or standard electronic signature (SES) is the first or simplest security level.

SES can be used wherever a QES is not necessary. For example, it is used for protocols, documentation and terms and conditions.

XiTip
The SES does not require a certificate from the signatories. Nevertheless, in order to meet the highest possible quality standards, XiTrust always selects a qualified company seal for the simple electronic signature as well. Customers of the Business or Enterprise Cloud can use the XiTrust MOXIS company seal. Customers of the Enterprise Cloud or MOXIS On-Premises can store a qualified company seal for their company themselves. For more information about the XiTrust company seal, please contact your responsible XiTrust representative.

1.2 Advanced electronic signature

The advanced electronic signature (AES) must meet certain requirements:

Timestamp
Options for verifying the identity of the signing person
Signing of the signature by a professional service provider such as XiTrust
Integrity and immutability of the signature through the use of encryption techniques and mechanisms that ensure that the document cannot be altered.

The advanced electronic signature is used for purchase or rental agreements.

1.3. Qualified electronic signature

The qualified signature (QES) according to eIDAS or ZertES represents the highest level of security for electronic signatures.

XiTip
QES:MOXIS uses the highest security standard for electronic signatures
In accordance with Regulation (EU) No. 910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation) and the Swiss Federal Act on certification services in the area of electronic signatures, it is almost equivalent to a handwritten signature. It is not the signature that is crucial, but the technical and legal certification process in the background.

2. What signature qualities does MOXIS offer?

The following parameters define the signature qualities in MOXIS:

the decision level
the security and legal recognition of the document

2.1. Levels of signature quality at the internal level

The following levels are available for the signature quality at the internal level (see Table 1):

Level 1: Release
Level 2: Simple signature
Level 3: Qualified signature

2.2. Levels of signature quality at the external level

The following levels of signature quality at the external level (see Table 1) are available:

Level 1: Simple signature
Level 2: Advanced signature
Level 3: Qualified signature

The signature qualities at the external level are described in the articles Appendix of external orders and Advanced signature for external signatories.

2.3. Common signature qualities in MOXIS – overview

Signature quality	Iteration level	Description
Approval	Internal	This signature quality can be selected when it is necessary – regardless of the decision-making level – for the releasing persons to merely confirm that an order can be forwarded to the next decision-making level. In this case, no signature is left in the document. Example: Checking whether all documents have been correctly attached
Simple signature	Internal/external	This form of signature quality is suitable for internal documents or written processes for which unequivocal verifiability of the signing person or their certificate is not absolutely necessary. In MOXIS, however, a certificate or a qualified electronic seal is attached to the document, which ensures the authenticity and integrity of the document (such seals can be purchased by companies, e.g. A-Trust Seal) and proves the time of the signature. Any manipulation is made visible. Examples: internal approval processes (‘dockets’), announcements
Advanced signature	External	If the liability risk for documents without formal requirements can be calculated, this signature quality can be used. The qualified electronic seal, which is left in the document by FES, guarantees the authenticity and integrity of the document and confirms the time of the signature. A certificate for the person signing the document is not required. The person signing the document is identified by means of authentication via SMS-TAN or password. It is also possible to track biometric characteristics and technical device information. Examples: Sales and rental contracts, high-value contracts
Qualified signature	Interal/external	This signature quality has the highest security level and should definitely be used for all documents that are subject to a formal requirement and for which there is a high liability risk. The QES is based on a qualified eIDAS or ZertES certificate of the signing person. In addition to guaranteeing the authenticity and integrity of the document, the QES ensures the identity of the signing person according to the highest possible legal requirements by: • the time and place of the signature, • the visualisation of the personal signature image of the signing person • and further information. This signature fulfils the legal requirement of a handwritten signature. The signing person requires a digital identity (e.g. ID Austria) and can thus be identified beyond doubt by means of the qualified certificate. Examples: employment contracts, official business records such as audit reports, labour leasing contracts

Table 1: Description of the signature qualities in MOXIS

The following Figure 1 provides a more detailed visualisation of the information from the table.

*Figure 1: Signature qualities in MOIXS: Approval - simple signature - advanced signature - qualified signature*

3. How do I define the signature quality in MOXIS?

Defining a signature quality in MOXIS is extremely easy. To define it, use the slide control (see figure 2) when creating a new job to specify the quality of the signature.

XiTip
The actual signature quality in the Enterprise version depends on the process configuration defined by the administrator. Therefore, if you are unable to select certain signature qualities, please contact your in-house administrator.

*Figure 2: Select qualified electronic signature with personal cerificate in an iteration*

44. How do I change the signature quality in MOXIS?

Changing the signature quality is also done intuitively by adjusting the slider. The quality of a signature cannot be mixed within a decision level.

XiTip
If the signature quality of a decision level is changed after recipients have been added, the system removes contacts from the decision level who lack the permissions. You will receive a warning (see figure 3) notifying you that contacts will be removed.

*Figure 3: Appearing signature quality change warning*