Invoices secured by means of an electronic signature

What is an electronic signature ?

The electronic signature is a means of securing electronic invoices accepted by the French legislator. It autonomously guarantees the authenticity, origin, and integrity of the content.

Only electronic signature that complies with the General Security Repository (RGS) and the eIDAS Regulation  are allowed:

The secure electronic signature creation device shall ensure by appropriate technical means and procedures that the electronic signature created data:

  1. Cannot be established more than once and their confidentiality is ensured.
  2. Cannot be found by deduction and that the electronic signature is protected against falsification.
  3. May be satisfactorily protected by the signatory against use by others.

It must also not allow any alteration and must not prevent the signatory from having an exact knowledge of the content before signing it

Contact IwayServices Experts

IwayServices, an EDI and SAP EDI consulting firm, can assist you in all stages of invoice dematerialization, regardless of the format. Our experts will provide you with the right answers and solutions to meet your needs.

Verifications


Integrity of the document, using the data inserted in the electronic certificate attached to the electronic signature.

  • This verification must be possible not only upon receipt of the invoice but also at any time during the planned retention period.
  • Verifying the document fingerprint using the signer’s public key ensures that the document signed by the invoice issuer has not been altered or subsequently modified.
  • In addition, the company receiving the invoices must also ensure the authenticity and validity of the electronic certificate attached to this electronic signature verification data.
  • These provisions are applicable to the recipient of electronic invoices accompanied by an electronic signature (or server stamp) regardless of the format of the latter.

Duties of the service provider

The electronic certification service provider must:

  • Demonstrate the reliability of the electronic certification services it provides.
  • Ensure the operation, for the benefit of the persons to whom the electronic certificate is issued, of a directory service listing the electronic certificates of the persons who request it.
  • Ensure the operation of a service allowing the person to whom the electronic certificate has been issued to revoke this certificate without delay and with certainty.
  • Ensure that the date and time of issuance and revocation of an electronic certificate can be accurately determined.
  • Employ staff with the knowledge, experience and qualifications necessary to provide electronic certification services.
  • Apply appropriate security procedures.
  • Use systems and products that guarantee the technical and cryptographic security of the functions they provide;
  • Take all appropriate measures to prevent the falsification of electronic certificates.
  • In the event it provides the signatory with electronic signature creation data, guarantee the confidentiality of such data during their creation and refrain from retaining or reproducing such data.
  • Ensure, in the event that both creation data and electronic signature verification data are provided, that the creation data corresponds to the verification data.
  • Keep, possibly in electronic form, all information relating to the electronic certificate that may be necessary to prove the electronic certification in court.
  • Use electronic certificate retention systems.

  • The entry and modification of data are reserved only for persons authorized for this purpose by the service provider and that the information can be checked as to its authenticity.
  • Public access to an electronic certificate may not take place without the prior consent of the certificate holder.
  • Any modification likely to compromise the security of the system can be detected.
  • Verify, on the one hand, the identity of the person to whom an electronic certificate is issued, by requiring him to present an official identity document, on the other hand, the quality on which that person relies and keep the characteristics and references of the documents presented to prove that identity and quality.
  • Ensure at the time of issuance of the electronic certificate that the information it contains is accurate and that the signatory identified therein holds the electronic signature creation data corresponding to the electronic signature verification data contained in the certificate.
  • Before concluding a contract for the provision of electronic certification services, inform in writing, if necessary, by electronic means, the person requesting the issue of an electronic certificate.
  • The terms and conditions of use of the certificate.
  • Whether or not it has submitted to the process of voluntary qualification of e-certification service providers.
  • Procedures for disputes and disputes resolution.
  • Provide persons who rely on an electronic certificate with the elements of the information provided for in the previous point that are useful to them.

How do I obtain an electronic signature certificate?

The realization of an advanced electronic signature presupposes the prior obtaining of an electronic signature certificate. Qualified electronic signature certificates within the meaning of Regulation No. 910/2014 “eIDAS” are issued by qualified electronic certification service providers.

Iway Services supports you in all stages of Electronic Invoicing, whatever the format.

Contact IwayServices Experts

IwayServices, an EDI and SAP EDI consulting firm, can assist you in all stages of invoice dematerialization, regardless of the format. Our experts will provide you with the right answers and solutions to meet your needs.

Partagez

You might also like