Utimaco Announces Breakthrough for Digital Signature Legally-compliant Mass Signatures Directly from SAP Applications

CeBIT, Hannover – 10 March 2005: Utimaco today unveiled at CeBIT the SignatureServer SmartCard for SAP. This innovative product creates legally-compliant mass signatures directly from mySAP.com applications:

*Legally-compliant electronic invoices can be created and processed within a digital workflow without media disruption.

*Using this technology, the 1,000 largest German companies alone could make annual savings of around €500 million.

German businesses still have some way to go to catch up when it comes to using electronic communications pathways consistently – at least where important commercial documents like invoices are concerned: 74 per cent of the 1,000 largest companies in Germany still entrust their invoices to normal postal services, just as they did a century ago. This archaism costs businesses dearly: according to data provided by E-Finance Labs in Frankfurt the top 1,000 companies alone could make annual savings of up to half a billion Euros if they sent their invoices automatically and electronically.

However, unlike traditional paper invoices, electronic invoices that are created by computer fax or e-mail are not yet fully legally binding in Germany. At present, financial authorities only accept digital invoices in their sales tax calculations if they are accompanied by a qualified electronic signature.

Using Utimaco’s SignatureServer SmartCard for SAP, premiered today at CeBIT, companies can automatically add digital signatures to electronic invoices that have been created directly in SAP systems and then encrypt them. This technology also protects SAP R/3 data or documents when they are saved and transferred.

“For the first time, legally-compliant electronic invoices can be created and processed efficiently within a structured digital workflow. This means users can avoid media disruption, further optimise their business processes and therefore make considerable savings”, stated technology expert Andreas Philipp, deputy vice president of the Transaction Security Division at Utimaco. “Using electronic invoicing, companies can also improve the quality of the service they provide for business partners and so strengthen their links with customers.”

The SignatureServer SmartCard with the “Sign & Crypt for SAP” software module can be integrated easily into existing business processes. Via the SSF interface, a number of other external security products from the SAP Security Library can be implemented in parallel with the SignatureServer SmartCard .

Variants in electronic signatures

Electronic signatures are based on a cryptographic procedure that allows the originator to “sign” electronic documents. By using a digital signature you can prevent a document from being changed without you noticing. German digital signature legislation differentiates between simple electronic signatures, advanced signatures and qualified signatures (with or without supplier accreditation). (àGerman law ƒ2 Nr. 1 SigG)

Simple electronic signatures
Any data (or graphic), that is logically linked to other data (for example documents) and identifies its creator (authentication), qualifies as an electronic signature.

This means that even a scanned signature can be regarded as an eSignature. However, in practice there is a range of relatively secure procedures on offer even at this level. For formal reasons these are referred to as “simple” signatures. (à German law ƒ2 No. 1 SigG) Advanced signature (called FES in German)
An advanced electronic signature (FES) is assigned exclusively to the owner of the signature key and must make it possible to identify them. The FES must be linked to the data that it refers to in such a way that any subsequent changes to the data can be identified.
To ensure this a checksum (hash value) is created from the entire contents of the signed object, encrypted and attached to the object like a seal. (à German law ƒ2 No. 2 SigG)

Qualified signature (called QES in German)
A qualified electronic signature (QES) fulfils the more stringent requirements of the German signature legislation (SigG) of 1997. This legislation not only takes into account advancing technological developments in which key certificates are only valid for a limited period of time, but also describes specific requirements with which the organisational and technical circumstances of the certificate issuer (Trust Centre = Certification Authorities) must comply.

In Germany, only qualified signatures are legally regarded as having the same value as a traditional (handwritten) signature – with a few, specifically defined exceptions. Advanced electronic signatures are used across Europe. At present there are no binding agreements in force for commercial traffic with non-European countries. (à German law ƒ2 No. 3 SigG)

About Utimaco :
Utimaco Safeware AG is the leading European manufacturer of professional IT security solutions. The security technology and solutions developed by Utimaco protect the electronic data of companies and government bodies against unauthorised access and guarantee that business processes and administrative procedures in the electronic world are binding and confidential.

Utimaco’s Transaction Security division specialises in security solutions for e-business, e-government and e-payment based on its own technologies (telecommunications management systems, hardware security modules, gateways for e-mail security, authentication and digital signatures, Public Key Infrastructure (PKI), and PKI-enabled applications).