Deutsch
English
The eSigning Glossary
Everything about eSigning explained simply
- Certifaction is your knowledge hub for everything to do with digital signatures. Do you still have questions?
API connection
An API is a programming interface that allows automated interaction with software. A connection to such an interface enables companies to integrate software into their own product or workflow applications. For example, Certifaction's electronic signatures can be integrated without having to rely on the manual use of our web application.
Bulk Signing
Also: Multi-Sign / Batch Signing
Many use cases require a large number of documents to be signed at once - by the user themselves and/or by counterparties. Certifaction supports all cases.
Branding
Branding means that a company can customise software or a graphical user interface to its own corporate identity (CI). For example, Certifaction enables the SaaS solution to be customised with brand colours and the company logo.
Contract management
Features that facilitate the organisation of contracts within a company.
Digital signature
Electronic signatures that are generated digitally (e.g. using computer software). Almost all electronic signatures commonly used today are also digital signatures.
eSignature / Electronic signature
Electronic signature. In contrast to a handwritten signature, an electronic signature, or electronic signature (eSignature for short), is created electronically. In this way, digital documents can be signed in a legally valid manner without printouts.
ISO 27001 certification
Certifies systems that comply with the international ISO 27001 standard. This standard sets high standards for information security management systems and promises a high level of protection against unauthorised access to stored data. The servers that Certifaction uses to store user data are all ISO 27001-certified.
Privacy-first
Certifaction's motto, which translates as "data protection first". It emphasises the high standards that Certifaction sets in this area, for example with the help of local data processing and end-to-end encryption (E2EE).
Rule of Least Privilege
A procedural rule within a company that states that external parties may request access rights to certain data if these are required for their activities, such as for an eSigning provider that processes digitally signed documents. This is in contrast to the rule of no privilege, where no such access rights are granted.
Signature standards
Generic term for all standard procedures used in eSigning. These differ, for example, in the way in which signatories are digitally identified. Find out more about eSignature standards.
Simple electronic signature SES
The simple electronic signature is a signature standard for electronic signatures in which signatories are only identified by their email address. It is frequently used in the B2B sector, where a company email address is usually sufficient for identification. If the liability risk is low or between trustworthy parties, the SES can also be used for private e-mail addresses.
ZertES
(ZertES = Federal law on certification services in the field of electronic signatures and other applications of digital certificates) Swiss federal law that regulates the legal validity of electronic signatures. Digital signatures from providers such as Certifaction that fulfil the requirements of ZertES have full legal validity in Switzerland.
Audit Trail
So-called audit trails are technical records that (in this case) serve to ensure the non-repudiation of digital signatures. The signature provider and any partner companies involved record the necessary data in order to be able to provide complete evidence if required. The probative value varies depending on the type of signature. The qualified electronic signature is recognised by the courts, has the highest evidential value and can be validated with very little effort.
Advanced eSignature (AES)
The advanced electronic signature is a signature standard in which signatories use a mobile phone to confirm their identity each time they sign. As no other factors are checked, there is a risk that the SIM card has been passed on or fallen into the wrong hands. The reliability of the identification depends on the signatory's mobile phone provider. The data may be out of date, incomplete or even incorrect.
Certification
Process of labelling a document as an original or official document to prevent forgery. Universities, for example, can have diplomas digitally certified so that their validity can be independently verified afterwards.
Data residency
The place where data is physically stored. Certifaction stores data exclusively on ISO 27001 certified servers in Switzerland. Many other providers, on the other hand, store data in a server network with various locations, whereby the exact storage location is often unclear.
Digital Twin
A solution developed by Certifaction that allows digitally signed documents to be printed with a QR code or merged with other PDFs without giving up the advantages of digital signatures. The digital original can be retrieved at any time via the QR code, allowing the legal validity of the signature(s) to be verified. Among other things, this enables secure storage of digitally concluded contracts in paper form. Find out more about the digital twin.
End-to-End-Encryption (E2EE)
(E2EE) A procedure that is used for the transmission of data. Here, the data is encoded before transmission so that it cannot be read even if a third party intercepts it en route. Certifaction uses this process to effectively protect sensitive data from unauthorised access. Certifaction itself is also technically unable to view documents.
Life cycle updates
For documents Enable the status or validity of electronic documents to be changed based on predefined rules. For example, electronic prescriptions issued in collaboration with Certifaction are automatically updated after they have been redeemed in a pharmacy so that they can no longer be used for another collection (e.g. in another pharmacy).
No-Sign-Lists
Usually manually created lists of documents that are not authorised for signing using digital signatures in a company. In most cases, this concerns particularly sensitive data. No-sign lists are used in companies that do not trust their eSigning provider. Certifaction therefore relies on end-to-end encryption (E2EE) and local data processing, as these processes promise extremely high document security and make no-sign lists unnecessary.
Qualified eSignature (QES)
A signature standard defined by the legislator, which is legally equivalent to a handwritten signature in most countries. Contracts with a formal requirement must be signed electronically with a qualified electronic signature in order to be legally valid. Such a signature is considered non-repudiable and its validation is very simple thanks to official verification websites.
Rule of No Privilege
Procedural rule within a company in which access rights to data are not assigned to external parties. This can be achieved in eSigning through local data processing and end-to-end encryption (E2EE), as used by Certifaction.
Single Sign-On (SSO)
With single sign-on or one-time login, an existing authentication system is used to log in to other systems. This eliminates the need for an additional password. With Certifaction, for example, users can log in with their Microsoft account. However, customised integrations are also possible.
VideoIdent
Process for identifying people, for example for a Qualified Electronic Signature (QES). Identification is carried out by a human employee who verifies the identity of a person in a live video call using a camera and identification documents.
AutoIdent
AutoIdent is a process developed by the provider IDNow for the fully automatic identification of people using a (mobile phone) camera and an identification document (e.g. passport). The process can be used without restriction, regardless of the time of day, for the unambiguous identification of a signatory.
CLOUD Act
Short for Clarifying Lawful Overseas Use of Data Act. US federal law that allows the US government to request data from US companies regardless of where it is stored, for example in the course of criminal investigations. This also applies to data stored by US companies on European servers.
eIDAS
(eIDAS = electronic IDentification, Authentication and Trust Services) A regulation adopted by the EU that regulates the technical requirements and legal validity of electronic signatures in the EU. Electronic signatures from eIDAS-certified providers are legally valid throughout the EU.
ESIGN
(ESIGN = Electronic Signatures in Global and National Commerce Act) US federal law which, among other things, clarifies the legal validity of electronic signatures. Electronic signatures from providers that fulfil the requirements of ESIGN have full legal validity in the USA.
Formal requirement
A special requirement for certain contracts. Which contracts this applies to exactly is regulated differently in each country. In Germany, for example, there is no formal requirement for most B2B contracts, meaning that these can also be concluded in a legally valid manner via email or WhatsApp message. However, a consumer credit agreement or an audit report, for example, are not, as there is a statutory formal requirement for these. In most cases, contracts with a formal requirement can also be signed electronically, but a Qualified Electronic Signature (QES) is required for this.
Local data processing
Refers to the process of processing data not after it has been sent to a software provider, but before it is sent, for example on your own end device or an on-premise server. Among other things, this enables data to be encrypted before it is sent (see also end-to-end encryption (E2EE))
On-premise implementation
In companies, this refers to the installation of a server, e.g. from an external SaaS provider, directly at the company location. In this way, data always remains in the company's own data cycle, which increases data security.
Legal validity
Refers to the ability of contract signatures, for example, to stand up in court. In Europe and Switzerland, digital signatures are recognised by law and have full legal validity, provided they meet the respective legal requirements.
Written form
Legal requirement for certain documents and contracts which, for example, requires archiving in paper form.
UETA
(UETA = Uniform Electronic Transactions Act) US framework regulation that aims to harmonise the legal validity of eSignatures in all US states and make them compatible with each other.
Zero Document Knowledge
Concept, which means that when a document is processed, no knowledge of its content is transferred to the processing provider. One of Certifaction's outstanding features is that, thanks to local data processing and end-to-end encryption (E2EE), no data about the content of the document itself is transmitted to our servers. In the unlikely event of a data leak, only very strongly encrypted documents could be captured. Even the fastest quantum supercomputer cannot decrypt these documents.