CEN/ISSS Task 2. e-Invoicing & e-Signatures

438 views

Published on

Presentation from Georg Lindsberger.

Published in: Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
438
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

CEN/ISSS Task 2. e-Invoicing & e-Signatures

  1. 1. e-Invoicing & e-Signatures Georg Lindsberger CEN/ISS EUROPEAN WORKSHOP April 2006, Brussels
  2. 2. Agenda Part 1: Issuing and receiving electronically signed invoices Part 2: Advanced Electronic Signature used for electronic invoices Part 3: Verification and documentation of the integrity and authenticity CEN/ISS EUROPEAN WORKSHOP. April 2006, Brussels
  3. 3. Basic Legal Requirements Authenticity of the origin and integrity of the contents of electronic invoices have to be guaranteed Member States may however ask for the advanced electronic signature to be based on a qualified certificate and created by a secure signature creation device Storage: authenticity of the origin and integrity of the content of the invoices, as well as their readability, must be guaranteed throughout the storage period Service providers: Seller, buyer, third party i.e. service provider - is enabled to issue an electronic invoice Invoice formats: Formats of the electronic invoices are not specified in the Directive but in certain Member States legal obligations exist that the electronic invoice has to be machine readable CEN/ISS EUROPEAN WORKSHOP. April 2006, Brussels
  4. 4. Issuing e-Invoices 1. Generation of the electronic invoices; 2. Generation of the electronic signatures for the invoices; 3. Archiving the electronically signed invoices; 4. Transmitting the electronically signed Service Provider invoices to the customers/suppliers Requirements CEN/ISS EUROPEAN WORKSHOP. April 2006, Brussels
  5. 5. Receiving e-Invoices 1. Signature verification 2. Documentation of the integrity and authenticity 3. Archiving the electronically signed invoices CEN/ISS EUROPEAN WORKSHOP. April 2006, Brussels
  6. 6. Pre-conditions Signature generation: it must be possible to generate the signatures for electronic invoicing in a batch process Storage: additional information should be added ensuring the invoice was valid at issuance time - verification data Invoice formats: static non modifiable document formats are highly recommended some applicable laws outright forbid the use of macros and hidden codes Service Provider: a third party is empowered to endorse the signature of such an invoice with its own certificate service providers should be able to sign the invoices using their own signing key pair CEN/ISS EUROPEAN WORKSHOP. April 2006, Brussels
  7. 7. Advanced Electronic Signature Used for Electronic Invoices
  8. 8. AdES Bound to a Person Using advanced electronic signatures within the meaning of Article 2 (2) of Directive [1] means that an electronic signature has to be bound to a person Electronic signature for an electronic invoice can be the signature of a natural or legal person, according to applicable law If the electronic signature is an electronic signature of a natural person, information should be supplemented that the natural person has acted on behalf of the company issuing the invoices that should be specified in the certificate. For example, the invoice issuing company might be specified in the “organizationName” CEN/ISS EUROPEAN WORKSHOP. April 2006, Brussels
  9. 9. Electronic Seals Where qualified signatures are requested by a national legislation, they cannot be given the meaning of commitment to the content of the electronic invoice Only the purpose of guaranteeing the invoices authenticity and integrity can be assigned to qualified electronic signatures in the domain of e-invoicing For the purposes of the Directive 2001/115/EC, the term “electronic signature” has the meaning of “electronic seal” CEN/ISS EUROPEAN WORKSHOP. April 2006, Brussels
  10. 10. Batch e-Invoice Signing Without the meaning of commitment to the content, it is easier to deal with batch e-invoice signing. AdES do not strictly require private keys to be generated and kept in hardware devices, while QES provide this feature as a basic distinction CEN/ISS EUROPEAN WORKSHOP. April 2006, Brussels
  11. 11. Certificate Extensions & Policies Service providers should use the certificate extension EinvoicingServiceProvider Certificates used for electronic invoicing should make use of the certificate extension ElectronicInvoicing The proposed policy recommendations for electronic invoice certificates should be implemented Extended key usage: id-kp-eInvoicing. This extension SHOULD be non critical CEN/ISS EUROPEAN WORKSHOP. April 2006, Brussels
  12. 12. Verification and Documentation of the Integrity and Authenticity
  13. 13. Verification Authentication and integrity have to be guaranteed over the whole storage period of invoices which can be from 5 to 11 years Electronic invoicing storing systems must ensure that the electronic signature stays verifiable over years Without the addition of relevant data, like revocation information and information on before and when the signature itself was created, the electronic signature could not be verifiable in the future CEN/ISS EUROPEAN WORKSHOP. April 2006, Brussels
  14. 14. Ogranisational Measures vs. Technical Measures CEN/ISS EUROPEAN WORKSHOP. April 2006, Brussels
  15. 15. Facts TL-1 TL-2 TL-3 Storage Requirements Basic invoice signature storage Apply and store TST on the ES; or countersign the invoice and apply a TST and store the whole of it; or implement equivalent measures Fetch and store certificate path, suitable certificate revocation information for the entire certificate path (CRL/OCSP responses), TST chain, TST certificate path, suitable TST certificate revocation information for the TST certificate path (CRL/OCSP responses) CEN/ISS EUROPEAN WORKSHOP. April 2006, Brussels
  16. 16. Facts Ensuring stored invoices are long term valid depends on both organisational and technical measures Depending on the trust level of the organisation additional technical measures should be applied CEN/ISS EUROPEAN WORKSHOP. April 2006, Brussels
  17. 17. Resume Requirements for e-signatures for e-invoices are clarified (incl. electronic seals) Certificate extensions proposed to ease the processing of the signatures on e-invoices Clarified verification process CEN/ISS EUROPEAN WORKSHOP. April 2006, Brussels
  18. 18. Q&A Georg Lindsberger CEN/ISS EUROPEAN WORKSHOP April 2006, Brussels

×