Your SlideShare is downloading. ×
  • Like
CEN/ISSS Task 2. e-Invoicing & e-Signatures
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

CEN/ISSS Task 2. e-Invoicing & e-Signatures

  • 261 views
Published

Presentation from Georg Lindsberger.

Presentation from Georg Lindsberger.

Published in Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
261
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
3
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. e-Invoicing & e-Signatures Georg Lindsberger CEN/ISS EUROPEAN WORKSHOP April 2006, Brussels
  • 2. Agenda Part 1: Issuing and receiving electronically signed invoices Part 2: Advanced Electronic Signature used for electronic invoices Part 3: Verification and documentation of the integrity and authenticity CEN/ISS EUROPEAN WORKSHOP. April 2006, Brussels
  • 3. Basic Legal Requirements Authenticity of the origin and integrity of the contents of electronic invoices have to be guaranteed Member States may however ask for the advanced electronic signature to be based on a qualified certificate and created by a secure signature creation device Storage: authenticity of the origin and integrity of the content of the invoices, as well as their readability, must be guaranteed throughout the storage period Service providers: Seller, buyer, third party i.e. service provider - is enabled to issue an electronic invoice Invoice formats: Formats of the electronic invoices are not specified in the Directive but in certain Member States legal obligations exist that the electronic invoice has to be machine readable CEN/ISS EUROPEAN WORKSHOP. April 2006, Brussels
  • 4. Issuing e-Invoices 1. Generation of the electronic invoices; 2. Generation of the electronic signatures for the invoices; 3. Archiving the electronically signed invoices; 4. Transmitting the electronically signed Service Provider invoices to the customers/suppliers Requirements CEN/ISS EUROPEAN WORKSHOP. April 2006, Brussels
  • 5. Receiving e-Invoices 1. Signature verification 2. Documentation of the integrity and authenticity 3. Archiving the electronically signed invoices CEN/ISS EUROPEAN WORKSHOP. April 2006, Brussels
  • 6. Pre-conditions Signature generation: it must be possible to generate the signatures for electronic invoicing in a batch process Storage: additional information should be added ensuring the invoice was valid at issuance time - verification data Invoice formats: static non modifiable document formats are highly recommended some applicable laws outright forbid the use of macros and hidden codes Service Provider: a third party is empowered to endorse the signature of such an invoice with its own certificate service providers should be able to sign the invoices using their own signing key pair CEN/ISS EUROPEAN WORKSHOP. April 2006, Brussels
  • 7. Advanced Electronic Signature Used for Electronic Invoices
  • 8. AdES Bound to a Person Using advanced electronic signatures within the meaning of Article 2 (2) of Directive [1] means that an electronic signature has to be bound to a person Electronic signature for an electronic invoice can be the signature of a natural or legal person, according to applicable law If the electronic signature is an electronic signature of a natural person, information should be supplemented that the natural person has acted on behalf of the company issuing the invoices that should be specified in the certificate. For example, the invoice issuing company might be specified in the “organizationName” CEN/ISS EUROPEAN WORKSHOP. April 2006, Brussels
  • 9. Electronic Seals Where qualified signatures are requested by a national legislation, they cannot be given the meaning of commitment to the content of the electronic invoice Only the purpose of guaranteeing the invoices authenticity and integrity can be assigned to qualified electronic signatures in the domain of e-invoicing For the purposes of the Directive 2001/115/EC, the term “electronic signature” has the meaning of “electronic seal” CEN/ISS EUROPEAN WORKSHOP. April 2006, Brussels
  • 10. Batch e-Invoice Signing Without the meaning of commitment to the content, it is easier to deal with batch e-invoice signing. AdES do not strictly require private keys to be generated and kept in hardware devices, while QES provide this feature as a basic distinction CEN/ISS EUROPEAN WORKSHOP. April 2006, Brussels
  • 11. Certificate Extensions & Policies Service providers should use the certificate extension EinvoicingServiceProvider Certificates used for electronic invoicing should make use of the certificate extension ElectronicInvoicing The proposed policy recommendations for electronic invoice certificates should be implemented Extended key usage: id-kp-eInvoicing. This extension SHOULD be non critical CEN/ISS EUROPEAN WORKSHOP. April 2006, Brussels
  • 12. Verification and Documentation of the Integrity and Authenticity
  • 13. Verification Authentication and integrity have to be guaranteed over the whole storage period of invoices which can be from 5 to 11 years Electronic invoicing storing systems must ensure that the electronic signature stays verifiable over years Without the addition of relevant data, like revocation information and information on before and when the signature itself was created, the electronic signature could not be verifiable in the future CEN/ISS EUROPEAN WORKSHOP. April 2006, Brussels
  • 14. Ogranisational Measures vs. Technical Measures CEN/ISS EUROPEAN WORKSHOP. April 2006, Brussels
  • 15. Facts TL-1 TL-2 TL-3 Storage Requirements Basic invoice signature storage Apply and store TST on the ES; or countersign the invoice and apply a TST and store the whole of it; or implement equivalent measures Fetch and store certificate path, suitable certificate revocation information for the entire certificate path (CRL/OCSP responses), TST chain, TST certificate path, suitable TST certificate revocation information for the TST certificate path (CRL/OCSP responses) CEN/ISS EUROPEAN WORKSHOP. April 2006, Brussels
  • 16. Facts Ensuring stored invoices are long term valid depends on both organisational and technical measures Depending on the trust level of the organisation additional technical measures should be applied CEN/ISS EUROPEAN WORKSHOP. April 2006, Brussels
  • 17. Resume Requirements for e-signatures for e-invoices are clarified (incl. electronic seals) Certificate extensions proposed to ease the processing of the signatures on e-invoices Clarified verification process CEN/ISS EUROPEAN WORKSHOP. April 2006, Brussels
  • 18. Q&A Georg Lindsberger CEN/ISS EUROPEAN WORKSHOP April 2006, Brussels