What to consider in advance during the procurement process
This blog post is dedicated to the procurement processes for electronic signatures and seals. There are two options here, which differ greatly from one another.
Electronic signature vs. electronic seal: differences in the procurement process
However, the basic factors are the same for both variants: an electronic signature, regardless of whether it is applied by card or remote service provider, is always linked to a natural person. Each user therefore needs their own signature certificate to create a signature. The application is made via a qualified trust service provider (qVDA).
The creation of such a certificate is always accompanied by identification of the applicant. The procedures used for this differ depending on the provider. An electronic seal is issued for a legal entity by a qualified trust service provider (qVDA). The rest of the application process differs depending on whether signature or seal cards or remote service providers are selected for the process. The steps of the respective procurement process are summarized below.
Signature and seal cards: What does the application process look like?
An earlier blog post showed that additional hardware, such as a card reader, is required when applying signatures and seals. Furthermore, software is required to support the application process. We at Governikus have two different solutions for this: the fat client Governikus DATA Boreum and the signature and seal platform Governikus DATA Sign. Both products can also be integrated into specialist procedures if required and support all signature and seal card issuers in Germany.
The most common identification procedure used here is the POSTIDENT procedure. Customers can prove their identity at a Deutsche Post branch or online through a contractual partner via video chat. Other identification scenarios may be possible and always depend on the provider. After successful identity verification, the trust service provider issues the signature or seal card. A key pair (private and public key) is stored on this card. In addition to the signature card, the user requires a card reader and a software solution for applying the signature, such as DATA Sign or DATA Boreum. A second factor is always required to generate a qualified electronic signature (QES), which is why there is always a PIN for the signature card that must be entered during the signature process.
Some issuers provide a shortened application process for this if, for example, the ID card data has not changed since the initial application. As with the signature card, there is also the PIN.
Applying for remote signature and remote seal
Remote signature
A suitable remote signature provider and a German ID card or electronic residence permit are required to use a remote signature. With activated eID functionality and a card reader or mobile device (with NFC interface), the registration process with our signature and seal platform DATA Sign can be completed from a web application for applying signatures in just a few minutes. If required, DATA Sign can also be integrated into a specialist process. Please contact us for further information. The remote signature can be used immediately. Alternatively, depending on the remote signature provider, other identification services such as Video-Ident, NECT-Ident (identification using a smartphone app via an AI) or POS-Ident are offered. POS-Ident stands for Point of Service and is an on-site registration. In this case, the applicant must go to a registration office, usually an internal one - for example, the HR department.
Unlike with a signature card, no application form needs to be sent by post or a PostIdent procedure needs to be completed to generate a qualified electronic signature.
Remote seal
With D-Trust GmbH and Bank-Verlag, two remote signature services from Germany are currently available with which a qualified or, depending on the application, an advanced or simple signature can be created. Applying for a remote seal requires a number of structured steps. A central aspect is the second factor for applying the seal: electronic key material that is stored in the system. Users have no direct interaction with this step in the process, which simplifies the application. Access rights are regulated internally and can be controlled completely digitally via an Active Directory (AD) with DATA Sign, for example, which ensures efficient administration and security. This makes the use of electronic seals a practical and secure process for legal entities.
Would you like to find out more about our DATA Boreum or DATA Sign applications? Then please contact us by e-mail.