FAQ's
- What is SIGNATURE-CHECK for?
- Who should use SIGNATURE-CHECK?
- What do I need to use SIGNATURE-CHECK?
- Do I have to install any software on my computer to use SIGNATURE-CHECK?
- Is SIGNATURE-CHECK limited to any file formats?
- How do I verify digital signatures with SIGNATURE-CHECK?
- My signature verification has failed. What are the typical reasons?
- Some of my data, documents or bills are confidential. Is privacy ensured?
- May I save the verification report on my local PC/System?
- May I verify signatures that has been received a long time ago?
- Do I have to pay for using SIGNATURE-CHECK?
- How does a signature verification work?
- Does the signature verification include a so-called "online validation" of the signature and the certificate?
- I am receiving to many electronically signed documents and bills. Any automated solution available?
1. What is SIGNATURE-CHECK for?
SIGNATURE-CHECK is a web based service for verification of digital signatures and qualified time stamps. This service is provided to recipients of signed files (e.g. documents, electronic invoices) who want to check their signed data quick and easily, while maintaining their privacy.
2. Who should use SIGNATURE-CHECK?
The verification service is available to all users. The only prerequisite is that the user is using a computer system, which satisfies specified technical requirements. While you are able to read this text, it is very likly that your system fulfills the requiments, but please see next question: What do I need …
Please note that verification of data (documents, invoices) and signatures are limited to registered originators. Usually, all registered senders are listed on the Homepage (right side). If you are not sure whether your sender is registered or not at SIGNATURE-CHECK, please inform us using our contact form.
3. What do I need to use SIGNATURE-CHECK?
a) Personal computer with actual Internet-Browser, e.g. Microsoft Internet Explorer 6.0, Mozilla 1.6, Opera 7.23 Settings: activate cookies, JavaScript and automatic prompting for file downloads
b) Internet connection
c) Signed document and associated signature file from registered originator/sender
d) Acrobat 6.0, if you want to receive the verification report as a PDF-File
4. Do I have to install any software on my computer to use SIGNATURE-CHECK?
To check files (smaller than 3 MB) no special software is necessary. Almost any personal computer with a browser meets the requirements. If you are using Windows as operating system, please make sure that your system is always up to date regarding the integrated update-function. If you are not sure about your current system version and status, please visit the website windowsupdate.microsoft.com and follow the instructions.
If you want to check files, which are larger than 3 MB, you have to use the Java Applet. The Java Applet offers the possibility to check larger files much faster, than it would be possible with the "normal" service.
Please consider, that you need the latest Java Extension of SUN to use the Java Applet. If the latest version is already installed on you computer or how to get it, is explained as far as you click the link Java Applet.
5. Is SIGNATURE-CHECK limited to any file formats?
No, SIGNATURE-CHECK supports any digital file format. You may verify, i.e. signed PDF-files, Word-documents, Excel-Files, ZIP-Files and any others.
It would take a long time to check files larger than 3 MB with this "normal" service. Therefore Signature Check offers the possibility to check larger files by a special Java Applet. Checking signed data can be done much quicker by this Java Applet.
6. How do I verify digital signatures with SIGNATURE-CHECK?
a) Start the dialog for the verification service using the "Start" button. The verification window of the verification service opens automatically. If you are using WindowsXP with SP2 installed, please allow POP-UP windows for this site.
b) In the new window please select the signed file and the corresponding signature file, received from the sender.
c) By pressing the "Start Verification" button, the verification process is initiated, and after a few seconds the verification result is displayed automatically. This report can be printed out or stored electronically.
For detailed instructions please click here.
7. My signature verification has failed. What are the typical reasons?
Please note: Only a report showing a red mark indicates a failed signature verification! In most cases this is caused by modified signed data (document, invoice e.g.) after the signature has been created.
Prior of any other actions, please check the following:
a) Did you select the correct file for verification? Documents mostly end with i.e. ".pdf", ".doc", ".xls", ".zip". Signature data ends either with ".ads" or ".cms". Please select your data again and restart verification process.
b) Is your sender (the originator) registered on the SIGNATURE-CHECK homepage (right side)? If not, please inform us via our Contact Form.
c) Invalid signatures are mostly caused by modified signed documents. This happens often when saving the document (e.g. PDF files) by the "Save as" function. Therefore you must NOT save i.e. Adobe Acrobat PDF files by using the "Save as" function. This function changes the document header and invalidates the signature. Please use the "Save" function from your eMail program or Browser only. If you want to rename the document, save it first and then rename the file using the Windows Explorer "Rename..." function. If you have inadvertently saved the document using the "Save as" function, please delete the file and re-save the originally received files again. If you have already erased the originals from your incoming mailbox, please request again document & signature from originator.
d) If the verification fails again, we advise you to contact the originator and request to resend the documents by notification that the signature has failed.
e) A yellow (with green) mark shows a sucessfull "offline" verification. "Offline" means that external information services such as the issuer of the certificate etc. did not respond by our request. In most cases this is caused by blocked/overloaded internet line or a fault of service. Please note that this "offline-verification" was successful, there is no need to contact us or send us a technical error notification. If you want to receive an online verification, please try again later.
8. Some of my data, documents or bills are confidential. Is privacy ensured?
Yes, your privacy is ensured at any time. Verification of the signature is processed only within a certified trust center. All data is only transmitted as encrypted (SSL 128 bit) data. The hash value (digital fingerprint) of the document, which is required to verify the digital signature, is created in the certified trust center to check validity of the signature. The verification process is a fully computerized and automated process, without intervention of any employee or other person. Result of the verification process are returned to you as encrypted data, displayed your local browser only. Neither the documents nor the verification results are saved in the trust center at any time.
9. May I save the verification report on my local PC/System?
Yes. The verification result may be printed and/or saved on your local harddrive at any time. This enables you to archive the results electronically using an archiving system of your choice. Please note our legal notes about archiving of data within the verification report.
10. May I verify signatures that has been received a long time ago?
Yes, at any time. Qualified signatures, compliant to German (and somehow limited European) legal signature regulations may be verified over a long time. Signatures, generated by using a certificate from an accredited German CA, may be verified for 30 (thirty) years. The verification result does not change if a signature was verified several years after creation. SIGNATURE CHECK verifies that the certificate, used to create the signature, was valid at the date and time of the signature creation. In this process, it is of course irrelevant whether the certificate is valid at the time of the verification. Only the time of generation of the signature and the validity of the certificate at this particular time are legally relevant.
11. Do I have to pay for using SIGNATURE-CHECK?
The verification is in general free of charge for recipients of signed data and signatures. Prerequisite is that the originator of your signed documents registered sucessfully at SIGNATURE-CHECK.
Usually, all registered originators are listed on the homepage. If you are note sure whether your sender is registered with SIGNATURE-CHECK, please inform us using our contact form.
12. How does a signature verification work?
A so-called hash value (digital fingerprint) of the signed document is created in the certified trust center, based on a mathematical process which has been approved by the German Federal Network Agency and which is compliant to international signature standards. It´s automatically verified wether the hash value matches with the signature file. This step proves the integrity of the data. At the same time the validity of the certificate, which was used to create the signature, is checked by an online request to the issuer of the certificate and, if possible, to the Federal Network Agency. The centralized system, for verifying and requesting the information from the issuer of the certificates, is located at a certified trust center location managed by AuthentiDate International AG. AuthentiDate International AG is an accredited certification service pursuant to the German Signature Act and European Signature Regulations.
13. Does the signature verification include a so-called "online validation" of the signature and the certificate?
Yes, the centralized verification system always attempts an online verification of the signatures and certificates including the issuer of the ceritificate (the "CA" or Certificate Authority). Since an "online validation" always requires external services (CRL, OCSP, etc.), the result of the verification depends on the availability of these external services. If these external services are not available or do not answer within a pre-defined time slot, then this is indicated in the test report. Please note legal comments in the verification report about liabilities and external services.
14. I am receiving to many electronically signed documents and bills. Any automated solution available?
Sure, there are fully automated verification solutions available. The SIGNATURE-CHECK service is primarily targeted to recipients with low or medium volumes. For users and companies with higher volumes, a solution for the automated signature verification is advised. This solution consists of a software, which is installed within your corporate network (i.e. corporate server) and processes all verifications automatically and generates verification reports for later archiving or further processing. This fully automated solution ensures, that incoming invoices are verified prior of further processing and corresponding verification reports are generated and stored properly. Please contact us by our contact form or send an E-Mail to info(at)signature-check.com. If you prefer to contact by phone please call us at: +49-211 436989-0. We would be glad to provide you with further detailed information.
Contact
More Information
info(at)signature-check.com
Contact form
