Validity of Certificates
Electronic signatures issued by Evrotrust can be issued for different validity period:
| Advanced Electronic Signature (AES) | Qualified Certificate for Qualified Electronic Signature (QES) | |
|---|---|---|
| Long-term validity | not offered | 2 years |
| Short-term validity | 2 hours | 2 hours |
Covering both long-term certificate and OTP eSign, the client can select which type of eSign to be issued based on the process to be digitalized. Long-term certificates are issued once and can be used for the term of their validity period for signing any electronic documents. Then they are automatically renewed for the user if the identification is still a valid one.
OTP eSign certificates are issued every time electronic documents need to be signed.
The main difference of the signatures is based on the way the identification of the end user is performed, to whom the eSign is issued:
| User identified via | Identification responsibility | User signs via | Certificate Validity |
|---|---|---|---|
| Evrotrust app | Evrotrust | Evrotrust app | Long-term |
| Evrotrust mobile SDK (eID) | Evrotrust | Client app with integrated Evtotrust mobile SDK | Long-term |
| Evrotrust mobile SDK (ident lite enhanced) | Evrotrust | OTP eSign | Short-term |
| Evrotrust mobile SDK (ident lite basic) | Client | n/a | n/a |
| Evrotrust WebSDK | Evrotrust | OTP eSign | Short-term |
| Face-to-face | Client | OTP eSign | Short-term |
| Other (e.g. client uses other provider for remote e-Identification, Evrotrust can assess and upon decision rely on such identification) | Client | OTP eSign | Short-term |
For long-term certificates: Evrotrust is responsible for correctly identifying individuals and attesting to the personal data of the signatory into a qualified certificate. Certificates for QES are issued by Evrotrust in a highly protected environment using certified HSMs. Evrotrust covers the legal liability for the identification and for that purpose has insurance coverage.
For short-term certificates: Evrotrust can rely on the identification performed by the client either at the current moment in face-to-face processes, as well as for identification performed face-to-face by the Client back in the time (existing customers of the Client that had been already identified following strict KYC rules).
Updated 15 days ago