Remote signatures with the online ID function
Since 1 July 2016 Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation ) has been in effect in all member states, creating a standard framework for the cross-border use of electronic means of identification and trust services.
For detailed information about the eIDAS Regulation and the completed notification of the online ID function and the electronic residence permit, please click here .
As a result of the Regulation, a qualified electronic signature created by a citizen in one EU member state has the same legal effect in all other member states as a written signature. This means that, for the first time, legally binding cross-border electronic communication is possible across Europe.
So far signature cards have been used to create qualified electronic signatures. The procedure’s security is ensured through the signature card and two-factor authentication when creating the signature: The private key on the signature card is protected from unauthorized access and can be used only with the authentication factors of knowledge (PIN) and possession (signature card).
The eIDAS Regulation makes it possible for the first time to use remote signatures in Germany.
With the remote signature, a signature card is no longer needed to create a qualified electronic signature because a qualified trust service provider creates the signature on behalf of the signatory. The advantage of this new procedure is that additional no technical equipment (signature card, card reader) is needed to create a qualified electronic signature. Instead, signatories must securely prove their identity to the trust service provider.
On-the-fly signature with the online ID function
For creating a remote signature using the online ID function, a suitable mobile phone with an NFC interface can be used as a card reader for electronic identification. This makes it possible to create a legally binding electronic signature with the mobile phone (mobile signature). What sets this procedure apart from other procedures where identification (to issue a qualified electronic signature certificate) and authentication (to authorize the trust service provider to create a signature) are separate processes is that the online ID function combines these two functions in one step.
The online ID function enables an on-the-fly signature, i.e. a signatory can create a qualified electronic signature ad hoc and when needed without having to first register with a trust service provider.
This one-step procedure is particularly useful for people who create electronic signatures only occasionally.
The procedure fulfils all requirements for qualified electronic signatures under the eIDAS Regulation and all requirements for the trust service provider.
Status of implementation
The Federal Office for Information Security (BSI) is currently carrying out a pilot project to develop a prototype for implementing the remote signature procedure using the online ID function.
A draft has been sent to all qualified trust service providers listed by the Federal Network Agency.