Electronic seal: where to use and how to get it

For over two decades, Ukrainian businesses have been utilizing electronic signatures. As electronic document workflow continues to evolve, these solutions are becoming increasingly reliable and convenient to use. Today, cloud-based e-signatures are the most common. In this article you will learn about their peculiarities and how they can benefit your business.

Which types of electronic signatures are there?

In 2003, the government enacted legislation that enabled the use of electronic document workflow in Ukraine. The legal validity of electronic documents was established through the use of an electronic digital signature (EDS). The EDS private key was in the form of a file stored on a disk or USB flash drive.

Electronic digital signatures were not sufficiently protected, which created risks for their owners. Third parties could copy the EDS key and use it to sign electronic documents. In response, the government took steps to enhance the security of electronic signatures. The current law of Ukraine, “On Electronic Identification and Electronic Trust Services,” defines the following types of signatures:

QES (qualified electronic signature) — is created using a qualified electronic signature tool and is based on a qualified electronic signature certificate;

AES (advanced electronic signature) is created using a qualified electronic signature certificate issued by a qualified electronic trust services provider and does not contain information that the private key is stored in a qualified electronic signature tool.

The QES provides a superior level of information protection compared to the AES. It is only valid for use on the device for which it was generated. In contrast to the AES, it cannot be copied, sent via email, or transferred in any other manner.

The following types of electronic signatures are distinguished according to the form of key storage:

• а file-based key stored on a USB flash drive, disk, or other media;
• a hardware key is a key on a secure USB storage device, namely a token;
• a mobile ID is a key on a mobile phone SIM card;
• a cloud-based key is a key stored in cloud storage.

Each type of QES has its own distinctive features. The primary drawback of file-based QESs is the relatively low level of protection they offer. Hardware-based QESs require specialized software. They can only be used on computers or laptops that have a USB connector. Mobile ID is not a widely utilized technology in the present day. For these reasons, cloud-based digital signatures are the most prevalent type of digital signature.

What is a cloud-based QES?

A cloud-based QES is a qualified electronic signature with the key stored on the provider’s server in a network crypto module. It is protected from any third-party access. It is not susceptible to loss or damage.

The user is provided with access to a cloud-based electronic signature within a mobile application. Electronic documents can be signed from any internet-connected device. To further protect the key, the user is required to undergo two-factor authentication each time they access the application.

Who needs a cloud signature?

Cloud-based digital signatures are employed for the purposes of signing digital documents and identifying individuals online. Service providers offer QESs to individuals and employees of companies.

Individuals utilize QES to access public services. Specifically, they log in to the iGov.ua portal to:

• apply for a foreign passport;
• register an individual entrepreneur;
• apply for marriage registration;
• register at the place of residence;
• apply for a birth or death certificate online;
• submit an electronic petition;
• register a copyright for an intellectual property object, etc.

Company employees utilize a QES to digitally sign electronic documents. A digital signature serves to certify that the individual is duly authorized to sign documents on behalf of the company.

The use of a QES is dependent upon the scope of the electronic document workflow. It is employed to sign internal company documents (such as HR documents, orders, instructions, etc. ) as well as contracts with partners and other external documents.

Cloud-based QESs are an optimal solution for certain types of businesses, such as logistics, freight transportation, etc. As an illustration, upon the introduction of electronic consignment notes, drivers, warehousemen, and other personnel involved in logistics processes are able to sign documents for cargo while on the road, in the warehouse, and so forth. In such circumstances, the employee can conveniently sign electronic documents in a mobile application.

Benefits of a cloud-based signature for business

Unlike QES for individuals (such as Privatbank’s SmartID cloud QES, Diya.Signature, etc.), cloud digital signatures from other providers (e.g., Vchasno.KEP) are designed specifically to solve business problems.

The majority of external documents from the company are signed only by the CEO. Vchasno.KEP allows them to sign documents in bulk in a few clicks. For companies with a high volume of electronic document workflow, this saves the CEO a significant amount of time.

For large companies, it is a convenient and efficient process to administer QES keys. When ordering keys for employees, the company manager is responsible for managing access rights to electronic signatures. This includes creating applications for QES for new employees and blocking signatures of employees who have moved to another position or resigned.

The Vchasno.KEP cloud-based signature is compatible with other Vchasno services, including Vchasno.ODE, Vchasno.EDI, Vchasno.Kasa, and Vchasno.TTN. Consequently, it is an advantageous tool to employ in a multitude of business contexts. Furthermore, it is compatible with any accounting system via APIs. This enables users to sign documents via a user-friendly interface.

How can you obtain a cloud signature?

A cloud QES can be obtained from a qualified electronic trust service provider (KNEDP). The list of providers is available on the Ministry of Digital Transformation website.

Once a client has selected a provider, they are invited to the office to submit the necessary documents in order to obtain an electronic signature. Vchasno also offers the option of obtaining a cloud-based digital signature online. To initiate this process, you must first create an application for a QES and verify your identity using Diia.Signature or an individual’s QES from any provider.

A Vchasno.KEP digital signature is valid for one or two years and must be renewed thereafter.

Individuals, including individual entrepreneurs, can obtain Vchasno.KEP free of charge. It is convenient to use it together with other Vchasno ecosystem services for a variety of small business needs. In particular, signing electronic documents in the Vchasno.ODE service, certifying electronic receipts in the Vchasno.Kasa PRRO, working with suppliers of goods in the Vchasno.EDI service, signing electronic consignment notes in Vchasno.TTN, etc.

Vchasno.KEP is also an efficient solution for document workflow with government control authorities (the State Tax Service, the Pension Fund of Ukraine, the National Public Procurement Portal, etc.). It can be used to work with Taxer and many other business services.