Open Signature Initiative to foster transparency and interoperability for electronic signatures

[Europe, September 3rd, 2013] Leading European institutions, associations, enterprises and projects join forces to launch the non-profit Open Signature Initiative (http://opensignature.org), which aims at improving transparency and interoperability with respect to electronic signature technology and related trust services.

Electronic signatures are crucial for internal market of trustworthy services

The existence and broad adoption of suitable standards is clearly a prerequisite for the successful implementation of a single European market of services as envisioned by the directive 2006/123/EC. Electronic signatures allow to maintain integrity, authenticity and trust in electronic transactions. "While electronic signatures play a crucial role in the implementation of a single European market of trustworthy services, the practical adoption of this important security technology still seems to have room for improvement.", states
Prof. Dr. Udo Helmbrecht, Executive Director of the European Union Agency for Network and Information Security (ENISA). While the proposed eIDAS Regulation [COM(2012) 238 final][1] is expected to boost the digital single market by making it easier for citizens and small and medium enterprises to use eID, electronic signatures and related trust services across borders, the current situation is suboptimal.

Improvable interoperability, usability and transparency with respect to e-signatures

In particular there are still many interoperability and usability problems, which make signature technology hard to deploy in practice. There are subtle technical dependencies between the various hardware and software components, which are typically involved in the process of creating and verifying electronic signatures and often impede interoperability and impair user experience. “Despite the long lasting efforts and valuable achievements of the different standardisation bodies and accompanying interoperability initiatives, we have not yet reached full interoperability with respect to signature creation devices, signature application components, trust services and electronic signatures on a European level.”, states Prof. Dr. Helmut Reimer, who was for a long time CEO of the TeleTrusT assoiation and is editor of the German journal for privacy and data security (Datenschutz und Datensicherheit (DuD)). “To make matters worse, the stumbling blocks and effective interoperability properties of components and services are often not transparent for prospective users, because there is a lack of publicly available information about the relevant technical features.”, adds Dr. Detlef Hühnlein, CEO of ecsec GmbH and Coordinator of the Open Signature Initiative.

Open initiative to enhance transparency and interoperability for electronic signatures

Against this background experts from well-known European organisations have joined forces to prepare the launch of the Open Signature Initiative, which will take place on
September 11th, 2013 in the scope of the Open Identity Summit 2013 (http://openidentity.eu). This non-profit initiative cordially invites all interested institutions, associations, projects and individuals to contribute to the enhancement of transparency and interoperability with respect to electronic signature technology. This includes, but is not limited to, vendors and issuers of signature creation devices and signature application components, providers of trust services, application providers, standard development organisations, publicly funded projects, academic institutions, associations and last but not least government bodies and policy makers.

Initial supporters include ENISA, EEMA, BSI, TeleTrusT, GI/BIOSIG, SK, Open eCard, FutureID, STORK 2.0, AuthentiDate, CCESigG, ecsec, GAD, G&D, intarsys, OpenLimit, Procilon, Thames Stanley and Trustable

The initial supporters of this non-profit initiative include leading European institutions, associations, enterprises and projects, such as the European Network and Information Security Agency (ENISA), the European Association for e-Identity and Security (EEMA), the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI), the German IT Security Association (TeleTrusT), the Estonian Certification Center (AS Sertifitseerimiskeskus, SK), the Open eCard Project, the FutureID Project, the STORK 2.0 Project, AuthentiDate International AG, the Competence Center for Electronic Signatures in Health Care (CCESigG), ecsec GmbH, GAD eG, Giesecke & Devrient GmbH, intarsys consulting GmbH, OpenLimit SignCubes AG, Procilon Group, Thames Stanley GmbH and last but not least Trustable Ltd. "We appreciate the Open Signature Initiative, as it aims to improve transparency and interoperability with respect to electronic signature technology and related trust services in Europe.", states Prof. Dr. Udo Helmbrecht, Executive Director of ENISA.

Cordial invitation for product vendors and issuers of signature creation devices

In the initial phase the Open Signature Initiative in particular invites issuers of signature creation devices and product vendors to contribute to this non-profit initiative.

Issuers of signature creation devices are invited to provide test devices and corresponding technical specifications in order to facilitate the creation of standardised capability descriptions according to ISO/IEC 24727-3 and provide accessible information about the implemented registration process and guidance how to perform the registration in a cross-border setting.

Vendors of signature creation devices, signature application components and services are invited to provide technical information about their products as well as corresponding test and demo versions of the components or services, which can be evaluated by interested parties to verify the interoperability claims.

The Open Signature Initiative covers the entire life cycle of electronic signatures ranging from the issuing of certificates, over the creation and verification of electronic signatures to the long-term preservation of digital evidence. “It is a pleasure to see that the Open Signature Initiative also covers long-term aspects of electronic signatures based on the Evidence Record Syntax.”, states Tobias Gondrom, chair of the concluded IETF LTANS working group and co-author of RFC 4998 and RFC 6283.

Open Signature Initiative on Tour

In the near future there will be contributions with respect to the Open Signature Initiative at the following events:


 European Union Agency for Network and Information Security (ENISA) (www.enisa.europa.eu)

The European Union Agency for Network and Information Security (ENISA) is a centre of network and information security expertise for the EU, its member states, the private sector and Europe's citizens. ENISA works with these groups to develop advice and recommendations on good practice in information security. It assists EU member states in implementing relevant EU legislation and works to improve the resilience of Europe's critical information infrastructure and networks. ENISA seeks to enhance existing expertise in EU member states by supporting the development of cross-border communities committed to improving network and information security throughout the EU.

European Association for eIdentity and Security (EEMA) (www.eema.org)

For 25 years, EEMA has been Europe’s leading independent, non-profit e-Identity & Security association, working with its European members, governmental bodies, standards organisations and interoperability initiatives throughout Europe to further e-Business and legislation.

Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI) (www.bsi.bund.de)

The Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI) is the German government agency in charge of managing computer and communication security for the German government. Its areas of expertise and responsibility include the security of computer applications, Internet security, cryptography, certification of security products, public documents, electronic healthcare and smart metering.

TeleTrusT – IT Security Association Germany (www.teletrust.de)

TeleTrusT is a widespread competence network for IT security comprising members from industry, administration, research as well as national and international partner organizations with similar objectives.

GI/BIOSIG – Special Interest Group Biometrics and Electronic Signatures within GI e.V. (www.biosig.org)

The special interest group “Biometrics and Electronic Signatures” (BIOSIG) within the German Computer Science Society (Gesellschaft für Informatik) GI e.V. is dedicated to the fundamentals, methods, techniques, processes and implementations used to guarantee the authenticity and integrity of entities.

Estonian Certification Centre (AS Sertifitseerimiskeskus, SK) (www.sk.ee)

SK (Certification Centre, legal name AS Sertifitseerimiskeskus) is Estonia's primary and currently the only certification authority (CA), providing certificates for authentication and digital signing to Estonian ID Cards as well as wireless PKI service Mobile-ID. Established in February 2001 by two leading Estonian banks Swedbank and SEB plus two telecom companies, Elion and EMT (members of the TeliaSonera group), SK has the backing of Estonian and Nordic financial and telecom sector.

FutureID Project (www.futureid.eu)

The EU-funded FutureID project builds a comprehensive, flexible, privacy-aware and ubiquitously usable identity management infrastructure for Europe, which integrates existing eID technology and trust infrastructures, emerging federated identity management services and modern credential technologies to provide a user-centric system for the trustworthy and accountable management of identity claims.

Open eCard Project (www.openecard.org)

The Open eCard Team consists of industrial and academic experts, who have joined forces to provide an Open Source and platform-independent implementation of ISO/IEC 24727, such that arbitrary applications can easily access arbitrary smart cards for authentication and signature purposes. A first result of the project is the Open eCard App, which provides an Open Source alternative to proprietary eID clients.

STORK 2.0 Project (www.eid-stork2.eu)

STORK 2.0 (Secure idenTity acrOss boRders linKed 2.0) aims to extend to organisations the benefits of secure cross-border electronic authentication and identification while offering them and European citizens new services and solutions based on electronic identity. So it builds on the success and results of STORK by taking further steps to decisively push the lines for wider uptake of eID in Europe, aiming at realizing a single European electronic identification & authentication area. STORK 2.0 will implement four new Pilots focused on strategic eLearning & Academic Qualifications, eBanking, Public Services for Business and eHealth areas.

AuthentiDate International AG (www.authentidate.de)

AuthentiDate International AG, a member of exceet, is one of the leading vendors throughout the business segments of "Secure Data Exchange" and "Secure eHealth". As the inventor of the central mass signature, AuthentiDate offers innovative e-Invoicing business process solutions, software, cloud services (SaaS) and consulting services using electronic signatures and timestamps. Leading global companies, such as Air Products, Alcatel-Lucent, Bosch, Deutsche Bahn, Dow Chemical, E.ON, EnBW, Honda, John Deere, METRO Group, Roche, SABIC, Solvay, TÜV, Deutsche Telekom, United Internet benefit from AuthentiDate products and cloud services for many years. Within the AuthentiDate e-Invoicing network, more than 50 million of electronic invoices are processed each year. AuthentiDate International AG is a certification service provider, accredited by the German Federal Network Agency (BNetzA) and operates a trust center according to the strict regulations of the German Signature Law and EU Signature Directive.

Competence Center for Electronic Signatures in Health Care (www.ccesigg.de)

The Competence Center for Electronic Signatures in Health Care (Competence Center für die elektronische Signatur im Gesundheitswesen, CCESigG) was established in 2009 in order to advance methods and solutions with respect to electronic signatures in health care environments. Among the main focal areas of the CCESigG are the advancement of interoperability between components, the integration of electronic signature technology in health care processes and the replacing scanning of documents.

ecsec GmbH (www.ecsec.de)

ecsec GmbH is a specialised provider of innovative solutions in the areas of IT security, smart card technology, identity management and electronic signatures. Based on the long lasting experiences gathered in various smart card projects with international reach ecsec belongs to the leading providers in this area and supports well-known customers during the conception and realisation of tailor-made solutions.

GAD eG (www.gad.de)

GAD is a leading specialist for providing banking IT services in the German-speaking region. GAD is IT consultancy and competence center, application software development company and data processing center for 430 Volksbanken & Raiffeisenbanken as well as retail banks in the German-speaking region. Centerpiece of GAD´s IT solutions is bank21, a comprehensive banking solution with fully integrated business processes for sales, controlling and operations.

Giesecke & Devrient GmbH (www.gi-de.com)

Giesecke & Devrient (G&D) is an internationally leading technology provider with its headquarters in Munich, Germany and 58 subsidiaries, joint ventures, and associated companies in 32 countries worldwide. G&D is a global market leader and cutting-edge innovator of products and solutions for the banknote and mobile security segments. Over the course of its history, the technology group has successfully penetrated numerous new business fields by systematically leveraging synergies such as the ongoing transfer of security technologies from paper production, film manufacturing, and banknote printing. The products complement and enhance one another, ensuring a broad market positioning.

intarsys consulting GmbH (www.intarsys.de)

intarsys is a leading manufacturer of high quality software products and components for creation and verification of all kind of advanced electronic signatures. The company focuses on authentication, timestamping, eID validation and cryptographic secured long-term archiving products. The products comply with national and EU regulations on qualified electronic signatures. Beside electronic signature intarsys offers a whole portfolio of products for the handling of PDF/A, the ISO standard document format for long-term preservation.

OpenLimit SignCubes AG (www.openlimit.com)

OpenLimit SignCubes AG was founded in 2002 and is a wholly-owned subsidiary of the publicly traded OpenLimit Holding AG. The company is headquartered in Baar, Switzerland and has a subsidiary in Berlin, Germany. The group currently employs over 60 highly qualified employees. OpenLimit stands for the secure electronic handshake. Our technologies enable people and machines globally to communicate without restrictions securely, identifiably and provably. We develop base technologies and products in the following areas: electronic identities, electronic signatures, evidentiary value-preserving long-term storage of data and documents and secure data transmission between machines. Our technologies are an integral part of products from leading developers of IT applications for government and industry with an impact on each individual. To achieve this, we enter carefully selected strategic development and distribution partnerships.

procilon Group (www.procilon.de)

procilon is a German IT enterprise dealing more than 10 years with cryptography, identity management, secure electronic transmission of e-mails, forms, files, providing digital signature and preserving probative value of signatures. German-wide over 1000 customers use our server- and client-based IT solutions for their secure electronic communication.

Thames Stanley GmbH (www.thamesstanley.com)

Thames Stanley is a global boutique C-level advisory. We offer senior advisory and services on managing your Information Security Management Systems, Risk Management, Governance and Compliance.

trustable Ltd. (www.trustable.eu)

trustable Ltd. supports the user of advanced and qualified electronic signatures with its free verification services (www.sig-check.de) and open source code. trustable is proudly supporting the Open Signature Initiative!



Dr. Detlef Hühnlein
Coordinator of the Open Signature Inititative
c/o ecsec GmbH
Sudetenstraße 16
96247 Michelau
Tel.: +49 9571-896479

E-Mail: signature@openecard.org


Full Press Release