ZertES
   HOME

TheInfoList



Click Here for Items Related To - ZertES
OR:
ZertES on:   [Wikipedia]   [Google]   [Amazon]

ZertES is a Swiss Federal law that regulates the conditions under which trust service providers may use certification services with
electronic signature An electronic signature, or e-signature, is data that is logically associated with other data and which is used by the signatory to sign the associated data. This type of signature has the same legal standing as a handwritten signature as long as i ...
s. Additionally, this law provides a framework that outlines the provider’s obligations and rights as they apply to providing their certification services.


Description

ZertES was approved into law on December 19, 2003. The law promotes the use of secure services for electronic certification to facilitate the use of qualified electronic signatures. Under this law, the signatures would be equal to a handwritten
signature A signature (; from la, signare, "to sign") is a handwritten (and often stylized) depiction of someone's name, nickname, or even a simple "X" or other mark that a person writes on documents as a proof of identity and intent. The writer of a ...
. Switzerland’s ZertES law possesses a similar tiered structure and standards of legal value as the
European Union The European Union (EU) is a supranational political and economic union of member states that are located primarily in Europe. The union has a total area of and an estimated total population of about 447million. The EU has often been de ...
’s
eIDAS eIDAS (electronic IDentification, Authentication and trust Services) is an EU regulation on electronic identification and trust services for electronic transactions in the European Single Market. It was established in EU Regulation 910/2014 ...
Regulation. ZertES provides several assurance levels; qualified electronic signatures is the highest level, equivalent to a handwritten signature. For many official documents, it is required that the electronic signatures used be at this qualified electronic signature level.


Standards

Under ZertES, an electronic signature refers to electronic data that is either attached to or associated to other electronic data, which serves as a means of authentication for that data. Currently, ZertES does not provide specifications on how electronic signatures should be technically implemented. Despite this limitation, the
Swiss Federal Council The Federal Council (german: Bundesrat; french: Conseil fédéral; it, Consiglio federale; rm, Cussegl federal) is the executive body of the federal government of the Swiss Confederation and serves as the collective head of state and governm ...
has made international agreements to facilitate the international use of electronic signatures and allow for their legal recognition. Therefore, the council allows that electronic signatures that have been technically implemented as digital standards in eIDAS be accepted. The following standards are recognized by the Swiss Federal Council: *
XAdES XAdES (short for XML Advanced Electronic Signatures) is a set of extensions to XML-DSig recommendation making it suitable for advanced electronic signatures. W3C and ETSI maintain and update XAdES together. Description While XML-DSig is a gene ...
*
PAdES PAdES (''PDF Advanced Electronic Signatures'') is a set of restrictions and extensions to PDF and ISO 32000-1 making it suitable for advanced electronic signatures. This is published by ETSI as EN 319 142. Description While PDF and ISO 32000- ...
*
CAdES CADES (Computer Aided Design and Evaluation System) was a software engineering system produced to support the design and development of the VME/B Operating System for the International Computers Limited, ICL New Range - subsequently 2900 - comput ...


Electronic transactions

A , also known as an
advanced electronic signature An advanced electronic signature (AdES) is an electronic signature that has met the requirements set forth under EU Regulation No 910/2014 (eIDAS-regulation) on electronic identification and trust services for electronic transactions in the Europe ...
, must meet certain requirements in order to prove its authenticity, including: *Establishing a unique link to its signatory *The ability to identify its signatory or holder *Having been created with software or equipment that remains under the sole control of its signatory *The capability of identifying if the data or document to which it is attached to has been altered or tampered with after being signed ZertES allows for the enhancement of the advanced electronic signature and its legal value by adding on a qualified certificate, which is similar to how eIDAS allows for this instance. The upgraded advanced electronic signature is referred as or qualified electronic signature. The signature must be produced by a secure signature creation device and then be attached to the qualified certificate. At the time that the signature is created, the certification must be valid. ZertES requires that qualified certificates must provide: *A serial number that identifies it as a qualified certificate *The name of the individual who holds the signature verification *Signature verification *The name and state where the issuer of the certificate is established, in addition to the qualified electronic signature of the issuer, referred to as , in addition to the national or foreign accreditation body that accredited the issuer *Time that the certificate will be valid for *Proof of recognition for the certificate service provider who provides the certification services *Transaction information for which the certificate can be used Certificate service providers that issue qualified certificates are required to undergo audits performed by a conformity assessment body that has been appointed by the . Under ZertES, the Swiss Federal Council regulates signature generation and issues (signature verification keys) to qualified certificates. The secure signature creative device must verify that the signature key used is: *Unique and its secrecy can be reasonably assured *Protected from being counterfeited *Under the sole control of the signatory The signature verification process will ensure that: *The data used to verify the signature corresponds to the data sent to the verifier *The signature is reliably verified and its verification result is displayed correctly *If needed, the verifier is able to determine the contents of the signed data *It is clearly identified when a pseudonym is used *If tampering has occurred, it will be detected *The signature owner’s identity is properly displayed ZertES requires qualified trust service providers to meet requirements that will ensure the validity of the certificates they issue for electronic signatures. Providers can be naturalized or legal citizens. Under certain circumstances, foreign suppliers may be permitted to provide certification services.


Legal implications

ZertES is similar to eIDAS in assuring the legal bindingness of electronic signatures and a tiered approach to legal value in court with qualified electronic signatures having a higher
probative value Relevance, in the common law of evidence, is the tendency of a given item of evidence to prove or disprove one of the legal elements of the case, or to have probative value to make one of the elements of the case likelier or not. Probative is a te ...
than
advanced electronic signature An advanced electronic signature (AdES) is an electronic signature that has met the requirements set forth under EU Regulation No 910/2014 (eIDAS-regulation) on electronic identification and trust services for electronic transactions in the Europe ...
s. Cross-border communications between Switzerland and the Member state of the European Union occur on a daily basis, as the country is home to many internationally active banks and companies. Therefore, ZertES and eiDAS are comparable in technical design and carry similar legal implications.


References

{{reflist * * * * Cryptography standards XML-based standards Standards of Switzerland