07 December 2005
Swisscom Solutions is the first company to be certified as a provider of qualified electronic signature services. Swisscom therefore meets the highest criteria for the legally binding identification, authentication and authorisation of a person in the IT world.
The accreditation covers a certified electronic signature administered on the basis of a Public Key Infrastructure (PKI). In cryptology and cryptography, a PKI is a system that enables digital certificates to be issued, distributed and authenticated. These certificates are usually issued to persons or machines and are used for secure computer-based communications. The legal foundation for binding, format-independent transactions was laid when the Swiss Signatures Act (ZertES) came into force on 1 January 2005, thereby according equal status to electronic and manual signatures subject to specific conditions. The law enables electronic signatures to be appended to contracts which formerly had to be signed in the traditional manner, for example XX. Swisscom Solutions was certified by KPMG SA, the only certification body in Switzerland commissioned by the Swiss Accreditation Service (SAS) to award such certification.
"We are delighted to have overcome the difficult obstacle of electronic signature certification," says Swisscom Solutions CEO René Fischer. "Now our customers can enhance their efficiency and simplify their business processes even more. "
Swisscom Solutions is aiming to deliver these new "Swisscom Digital Certificate Services" to business customers, authorities and healthcare institutions. In conjunction with service providers, Swisscom Solutions proposes to launch its certificates and services in the form of integrated solutions for binding, format-independent electronic transactions: full-service solutions that incorporate digital certificates seamlessly in the workflow.
Electronic signatures are based on asymmetric encryption technology. The user is provided with unique electronic data: the cryptographic key - a private key which is kept secret, and its counterpart - the public key - which is disclosed.
The private key (or signature key) is used to sign an electronic file, while the public key (or signature authentication key) is used by the recipient to verify the sender's electronic signature. If the result is positive, the recipient can be sure that the contents have not been changed during data transfer.
The public key is embedded in an electronic certificate issued by a trusted third party: the provider of certification services. Swisscom Solutions has now become the first provider of such services. The main function of an electronic certificate is to assign a public key to a specific person who was identified by means of the passport when the key was issued. This allows the recipient of the electronically signed file to identify the sender.