Abbreviations, terms and explanations
Glossary: Electronic signature
Legal framework, standards and more from A to Z
| Term | Explanation |
|---|---|
| AATL (Adobe Approved Trust List) | The AATL (Adobe Approved Trust List) is a list of trusted certification authorities and trust service providers that issue digital certificates and timestamps to reliably digitally sign documents in Adobe products such as Acrobat. |
| AES (Advanced Electronic Signature) | AES (Advanced Electronic Signature) – A signature that is uniquely assigned to the signatory and enables their identification. It is linked to the document and detects subsequent changes. |
| API (Application Programming Interface) | API (Application Programming Interface) – A programming interface that allows third-party systems such as CRM or ERP to communicate directly with the signature solution. It enables automated signature processes. |
| Asymmetric encryption | Asymmetric encryption (asynchronous) is an encryption method that uses two different keys: a public key to encrypt the message and a private key to decrypt it. |
| Audit trail | In the context of electronic signatures, the audit report (audit trail) is a complete record of all steps in the signature process. It serves the purposes of traceability and legal protection. |
| Biometric data of a signature | In the context of electronic signatures, biometric signature data usually refers to characteristics such as writing pressure, speed and movement patterns of a handwritten signature on a digital device. These characteristics make the signature uniquely attributable to a person and forgery-proof. |
| BSI (Federal Office for Information Security) | The BSI (Federal Office for Information Security) is a German authority that certifies trust services and signature components, among other things. It ensures that technical security standards are met. |
| C5 (Cloud Computing Compliance Criteria Catalogue) | The C5 (Cloud Computing Compliance Criteria Catalogue) is an international auditing standard that defines the effectiveness of controls and processes at service providers with regard to security, availability and compliance, with a focus on the cloud. |
| CA (Certification Authority) | CA (Certification Authority) - An organisation that issues and manages digital certificates. Trusted CAs are crucial for the validity of digital signatures. |
| CAdES (CMS Advanced Electronic Signatures) | CAdES (CMS Advanced Electronic Signatures) – An eIDAS-compliant standard for electronic signatures in any file format (images, Word, binary files). A special signature reader is required for this. |
| Certificate | Digital certificate – An electronic certificate for identity verification when creating signatures. It is issued by a trust service provider and contains, for example, the name and public key of the signatory. |
| Cryptography | Cryptography is the technique of encrypting information so that only the right people can read it. It ensures that data remains protected, unchanged and authentic. |
| Digital seal | A digital or electronic seal is equivalent to an electronic signature, but for legal entities (organisations rather than individuals). Proves authenticity and integrity. |
| Digital signature | Cryptographic method for ensuring authenticity and integrity. |
| DSS (Digital Signature Service) | DSS (Digital Signature Service) – A technical service that creates, checks or validates digital signatures. Often used in signature solutions to secure electronic transactions. |
| ECC (Elliptic Curve Cryptography) | ECC (Elliptic Curve Cryptography) is a cryptographic method that uses the mathematics of elliptic curves to enable secure and efficient encryption and digital signatures. NIST P-384 is a form of ECC. |
| E-Signature | Colloquially, this refers to an electronic signature. |
| eID (electronic Identification Document) | An eID (electronic Identity Document) is used for authentication with qualified signatures, such as an identity card or eID card. |
| eIDAS (Electronic Identification, Authentication and Trust Services) | The eIDAS (Electronic Identification, Authentication and Trust Services) is the EU regulation that defines the legal framework for electronic signatures, seals and identification services in the EU. The aim is to create a single digital market with legally secure, cross-border transactions. |
| Electronic signature | The electronic signature is an umbrella term for electronic procedures that link a person's identity to a document. It has three levels: SES, AES, QES. |
| Encryption | Cryptographic methods that secure data and signatures to ensure integrity, confidentiality and authenticity. |
| EUDI-Wallet (European Digital Identity Wallet) | The EUDI-Wallet (European Digital Identity Wallet) is a digital wallet that allows EU citizens to securely store official documents such as identity documents, certificates or driving licences and present them electronically when required. It enables simple, data protection-compliant interaction with authorities and companies within the EU. |
| EUTL (European Union Trust List) | The EUTL (European Union Trust List) is an official register of trusted signature providers in Europe. |
| GDPR (General Data Protection Regulation) | The GDPR (General Data Protection Regulation) is an EU regulation for the protection of personal data. Electronic signature solutions must be used in compliance with data protection regulations. |
| Ident method | Methods for identity verification when signing, e.g. video identification, postal identification, auto-identification or eID-based procedures. |
| ISAE 3402 (International Standard on Assurance Engagements 3402) | ISAE 3402 (International Standard on Assurance Engagements 3402) is an international auditing standard that defines the effectiveness of controls and processes at service organisations with regard to security, availability and compliance. |
| ISO 27001 (Information Security Standard) | ISO 27001 (Internationally recognised standard for information security management systems) confirms that a company meets high standards of data protection and IT security. |
| LTV (Long Term Validation) | LTV (Long Term Validation) – Procedure for the long-term validity of signatures. Supplements the signature with additional validation data such as timestamps and certificate status. |
| NIST P-384 (National Institute of Standards and Technology) | NIST P-384 (National Institute of Standards and Technology) – An algorithm from ECC (elliptic curve cryptography) that ensures high security for digital signatures. |
| On-Premises | Refers to a software solution that is installed and operated in the company's own data centre or on the company's servers – in contrast to cloud solutions. |
| PAdES (PDF Advanced Electronic Signatures) | PAdES (PDF Advanced Electronic Signatures) – An eIDAS-compliant standard for electronic signatures in PDF documents. Enables legally compliant and readable signatures within PDFs. |
| PKI (Public Key Infrastructure) | PKI (Public Key Infrastructure) – A system of keys, certificates and policies that enables the secure creation and management of electronic signatures. |
| Private key | A private key is the secret part of an asynchronous cryptographic process that can be used to decrypt encrypted messages sent with the public key. It must only be known to the owner in order to ensure the security of communication. |
| Public key | A public key is part of an asynchronous cryptographic process that can be freely shared so that others can send encrypted messages to the owner of the key. Only the corresponding private key can decrypt these messages. |
| QES (Qualified Electronic Signature) | QES (Qualified Electronic Signature) – The highest security level of e-signature, legally equivalent to a handwritten signature (written form). It requires qualified identification. |
| QTSP (Qualified Trust Service Provider) | A QTSP (Qualified Trust Service Provider) is a company that provides legally recognised digital trust services such as qualified electronic signatures, seals or time stamps, while meeting strict EU security and certification requirements. |
| RSA (Rivest–Shamir–Adleman) | RSA (Rivest–Shamir–Adleman) – A cryptographic method used for the secure encryption of data in electronic signatures. |
| SaaS (Software-as-a-Service) | SaaS (Software-as-a-Service) is a model in which software is not purchased but used as a service via the cloud. Updates, maintenance and operation are handled by the provider. |
| SES (Simple Electronic Signature) | SES (Simple Electronic Signature) – The basic form of e-signature, e.g. a scanned signature or a tick. It offers little legal protection and is suitable for less critical documents. |
| SigG (Signature Act) | The SigG (Signature Act) was replaced in Germany by the VDG (Trust Services Act) and the eIDAS Regulation. The Signature Act regulated the requirements and legal effects of electronic signatures. |
| Signature types | Signature types are defined in the EU by eIDAS. There are simple, advanced and qualified electronic signatures. Simple signatures, referred to as ‘electronic signatures’ in eIDAS, have no special requirements, while advanced and qualified electronic signatures must meet certain requirements. |
| Signature software | Application for creating electronic signatures – software solution for creating, integrating and verifying digital signatures. Can be used locally, on mobile devices or cloud-based. |
| TSA (Time Stamping Authority) | A TSA (Time Stamping Authority) is a trusted service that applies tamper-proof timestamps to digital data. It provides reliable proof of when a document existed and that it has not been altered since. |
| TSP (Trust Service Provider) | A TSP (Trust Service Provider) is a certified provider that offers services such as electronic signatures, time stamps, or proof of identity. It meets the requirements of the eIDAS Regulation. |
| Timestamp | A timestamp in the context of electronic signatures proves the exact date and time at which a document was signed. |
| VDG (Trust Services Act) | The VDG (Trust Services Act) specifies the requirements and supervision for electronic trust services such as electronic signatures, seals or time stamps in Germany. It implements the European eIDAS Regulation at national level and ensures that these services are operated in a legally compliant and secure manner. |
| Written form | The written form is a legally prescribed form in which a declaration of intent must be signed in paper form or electronically with a qualified electronic signature. |
| ZertES (Swiss Federal Act) | The ZertES (Swiss Federal Act on certification services in the field of electronic signatures) largely corresponds to the eIDAS Regulation but applies in Switzerland. |
Want to go deeper?
Expert knowledge on the subject of electronic signatures
Sign electronically yourself once with a sample document
