Advanced Electronic Signature (AES)
The AES is a signature standard in which signers use a cell phone to confirm their identity each time they sign. Since no other factors are checked, there is a risk that the SIM card has been passed on or has fallen into the wrong hands.
The reliability of the identification depends on the signer’s mobile carrier. The data may be outdated, incomplete, or even incorrect.
API connection
An API is a programming interface that allows automated interaction with a software. Connecting to such an interface allows companies to integrate software into their own product or workflow applications.
For example, Certifaction’s electronic signatures can be integrated without relying on the manual use of our web application.
Audit Trail
So-called audit trails are technical records that (in this case) serve to ensure the non-repudiation of digital signatures. The signature provider and any partner companies involved record the necessary data in order to be able to guarantee complete proof if required.
Depending on the signature type, the evidential value varies. The qualified electronic signature is recognized by the courts, has the highest probative value and can be validated with very little effort.
AutoIdent
AutoIdent is a process developed by the provider IDNow for the fully automatic identification of people using a (cell phone) camera and an identification document (e.g., passport).
The procedure can be used without restriction for the secure identification of a signatory, regardless of the time of day, and is part of Certifaction’s Professional eSignature (PES), among other things.
Branding
Branding means that a company can adapt a software or a graphical user interface to their own corporate identity (CI). Certifaction, for example, allows customization of its SaaS solution with self-selectable brand colors and your own company logo.
Certification
Process of identifying a document as an original or official document in order to prevent forgeries. Universities, for example, can have diplomas digitally certified so that their validity can be independently verified afterwards.
CLOUD Act
Short for Clarifying Lawful Overseas Use of Data Act.
U.S. federal law that allows the U.S. government to request data from U.S. companies regardless of where it is stored, for example in the course of criminal investigations. This also applies to data stored by U.S. companies on European servers.
Contract Management
Features that facilitate the organization of contracts within a company.
Data residency
The place where data is physically stored. Certifaction stores data exclusively on ISO 27001 certified servers in Switzerland. Many other providers, on the other hand, store data in a server network with various locations, whereby the exact storage location is often unclear.
Digital signature
Electronic signatures that are generated digitally (for example, via computer software). Almost all electronic signatures in use today are also digital signatures.
Digital twin
A solution developed by Certifaction that allows digitally signed documents to be printed with a QR code or merged with other PDFs without giving up the benefits of digital signatures. The QR code can be used to retrieve the digital original at any time, thus verifying the legal validity of the signature(s).
Among other things, this enables secure storage of digitally concluded contracts in paper form. Learn more about the digital twin.
eIDAS (electronic IDentification, Authentication and Trust Services)
A regulation adopted by the EU that governs the technical requirements and legal validity of electronic signatures in the EU area. Electronic signatures from eIDAS-certified providers are legally valid throughout the EU.
End-to-End-Encryption (E2EE)
A procedure that is used for the transmission of data. Here, the data is already encoded before transmission so that it cannot be read even if a third party intercepts it on the way.
Certifaction uses this method to effectively protect sensitive data from unauthorized access. Even Certifaction itself is thus technically unable to view documents.
ESIGN (Electronic Signatures in Global and National Commerce Act)
US federal law that, among other things, clarifies the legal validity of electronic signatures. Electronic signatures from providers that meet the requirements of ESIGN have full legal validity in the USA.
eSignature / Electronic Signature
In contrast to a handwritten signature, an electronic signature (eSignature) is created electronically. In this way, digital documents, among other things, can be signed legally without printouts.
Formal requirement
A special requirement for certain contracts. Exactly which contracts this applies to is regulated differently in each country. For example, in Germany there is no formal requirement for unlimited rental agreements with constant rent, so these can also be legally concluded via an e-mail or a WhatsApp message. A fixed-term lease, however, is not, as there is a legally regulated formal requirement for this.
Contracts with a formal requirement can also be signed electronically in most cases, but this requires a Qualified Electronic Signature (QES).
ISO 27001 Certification
Certifies systems that comply with the international standard ISO 27001. It sets high standards for information security management systems and subsequently promises great protection against unauthorized access to stored data. Servers that Certifaction uses to store user data are all ISO 27001 certified.
Legal validity
Refers to the ability of signatures to stand up in court. In Europe and Switzerland, digital signatures are recognized by law and have full legal validity, provided they meet the respective legal requirements.
Lifecycle updates (for documents)
Enable the status or validity of electronic documents to be changed based on predefined rules. For example, electronic medical prescriptions issued in collaboration with Certifaction are automatically updated after they have been filled at a pharmacy, so that they cannot be used for another collection (at another pharmacy, for example). Learn more about lifecycle updates.
Local data processing
Refers to the process of processing data not just after it has been transferred to a software provider, but also before it is sent, for example on the user’s own end device or an on-premise server. Among other things, this enables data to be encrypted before it is sent (see also End-to-End Encryption (E2EE)).
Multi-Sign / Batch Signing
Many use cases require a larger number of documents to be signed at once – by the user themselves and/or by other parties. Certifaction supports all these cases.
No-sign lists
No-sign lists are used in companies that do not trust their eSigning provider. Certifaction therefore uses end-to-end encryption (E2EE) and local data processing, as these processes promise extremely high document security and make no-sign lists unnecessary.
On-premise implementation
This refers to the installation of a server, for example from an external SaaS provider, directly on the premise of a company and within their IT infrastructure. In this way, data always remains in the company’s own data flows, which increases data security.
Privacy-by-design
Refers to Certifaction’s product philosophy, in which the data protection aspect plays a decisive role from the outset in the design of the product.
Privacy-first
Certifaction’s motto. It underlines the high standards that Certifaction sets in this area, for example with the help of local data processing and end-to-end encryption (E2EE).
Professional eSignature (PES)
A signature standard developed by Certifaction that enables the secure identification of signers using AutoIdent. The big advantage over a QES is the significantly lower price. It is also much easier to use.
Most users complete the identification step in less than two minutes. Especially for contracts with end customers that are not subject to any formal requirements, the PES is the best alternative in most cases.
Qualified Electronic Signature (QES)
A signature standard defined by the legislature that is legally equivalent to a handwritten signature in most countries. Contracts with a formal requirement, such as a time-limited rental agreement in Germany, must be signed electronically with a QES to be legally valid.
Such a signature is considered non-repudiable and its validation is very simple thanks to official verification websites.
Rule of Least Privilege
Procedural rule within companies that states that external actors may request access rights to certain data if this is required for their activities, such as for an eSigning provider that processes digitally signed documents.
It’s in contrast to the Rule of No Privilege, where no such access rights are granted.
Rule of No Privilege
Procedural rule within companies in which access rights to data are not granted to external actors. This can be achieved in eSigning, for example, through local data processing and end-to-end encryption (E2EE), as used by Certifaction.
Signature standards
Generic term for all procedures used as standard in eSigning. These differ, for example, in the way signers are digitally identified. Learn more about eSignature standards.
Simple Electronic Signature (SES)
A signature standard for electronic signatures in which signers are identified only by their e-mail address. Often used in B2B, where a company e-mail address is usually sufficient for identification. If the liability risk is low or between trusted parties, SES can also be used with private e-mail addresses.
Single Sign-On (SSO)
With single sign-on, an existing authentication system is used to log in to additional systems. This eliminates the need for an additional password. With Certifaction, for example, users can log in with their Microsoft account. However, customer-specific integrations are also possible.
UETA (Uniform Electronic Transactions Act)
U.S. framework regulation that aims to align the legal validity of eSignatures in all U.S. states and make them compatible with each other.
VideoIdent
Procedure for identifying people, for example for a qualified electronic signature (QES). Identification is performed by a human employee who verifies the identity of a person in a live video call using a camera and identification documents.
Written form
Legal requirement for certain documents and contracts, which, for example, mandatorily requires archiving in paper form.
Zero-Document-Knowledge
Concept which states that when a document is processed, no knowledge about its content is transferred from it to the processing provider. One of the outstanding features of Certifaction, thanks to local data processing and end-to-end encryption (E2EE), no data about the content of the document itself is transmitted to our servers.
In the unlikely event of a data leak, only very strongly encrypted documents could thus be captured. Even the fastest quantum supercomputer cannot decrypt these documents.
ZertES
Swiss federal law that regulates the legal validity of electronic signatures. Digital signatures from providers such as Certifaction that meet the requirements of ZertES have full legal validity in Switzerland.
