CLOUDSERVICES Overview SIGNAMUS Cloudservices The name SIGNAMUS [lat. "we sign"] combines the different AuthentiDate web services. Depending on use cases the different functions of SIGNAMUS Cloudservices can be freely combined. This allows a highly flexible customization based on customer requirements. SIGNAMUS Cloudservices includes the following features. Signature creation and verification SIGNAMUS offers all necessary functions to apply qualified digital signatures to documents. The created qualified digital signatures comply with both the EU Digital Signature Directive and the German Signature Law ( SigG ). The requirements of the EU Tax Directive and the German Value Added Tax Law (UStG) for electronic invoices and credit memos are fulfilled as well. SIGNAMUS creates qualified digital signatures as separate files. For PDF documents SIGNAMUS supports to integrate the qualified digital signature into the PDF file. SIGNAMUS also offers the possibility to verify qualified digital signatures and compile a report with the verification results. The verification of qualified digital signatures that have not been created using SIGNAMUS Cloudservices is supported as well, e.g. for received invoices and credit memos. The signature verification can be processed automatically. The manual signature verification via a web portal is also available. Timestamp request and verification SIGNAMUS Cloudservices offers requesting qualified digital timestamps from the accredited AuthentiDate trust center. The qualified digital timestamps like qualified digital signatures - can be applied to almost any document. The timestamps are stored as a separate file together with the original document for further processing (e.g. for archiving). The verification of qualified timestamps can be processed automatically in the SIGNAMUS Cloudservice similar to the signature verification. In addition, a manual timestamp verification using a web portal can be performed as well. SIGNAMUS Online Archive incl. DMS functions SIGNAMUS Cloudservices offers the possibility of archiving any transferred documents as well as all created signatures, timestamps and verification reports. All data is committed to an archiving system included in SIGNAMUS Cloudservices which stores all data audit-proof. Retrieving archived documents from the SIGNAMUS Online Archive is quick and easy using the included Web interface with Document Management System (DMS) functions. Documents can be accessed via a full text search engine very fast and can be retrieved directly. Other IT systems can retrieve documents using a standardized interface. The connection to the SIGNAMUS Online Archive is fully transparent. Data conversion Between customers and vendors one of the main questions for electronic document exchange (e.g. invoices or credit memos) is to agree on one specified file format. SIGNAMUS Cloudservices offers comprehensive conversion logic for this purpose to transfer source file formats to the required target formats. The conversion logic supports both machine-readable formats like XML and human-readable formats like PDF. The documents are converted based on customer-specific templates. If required, additional SIGNAMUS Cloudservices features can be invoked after a conversion has been finished. Flexible use case support All SIGNAMUS Cloudservice functions can be freely combined. Depending on the customer use case the single features are individually configured, so that the SIGNAMUS Cloudservices integrate seamlessly into the existing company process framework and fulfill the requirements in an optimal way. 2011 AuthentiDate Deutschland GmbH. All rights reserved. - Version: 3.7 Page 1 / 5
SECURE & STANDARDS For small, medium size and large companies SIGNAMUS offers optimized interfaces and services for almost all companies independent of their size, location, language and requirements. Standardized interfaces, simple and fast to implement, i.e. standard e-mail, virtual network drives, SFTP and highly integrated web service (SOAP) interfaces are available. This provides the optimum service for any requirement for the automatic, large scale generation and check of qualified signatures and qualified time stamps for incoming and outgoing electronic invoices, documents and other digital data. The SIGNAMUS services can optionally be supplemented with an individual data conversion and subsequent archiving in an audit-conforming archive. Of course, the signature services are provided by adherence to the legal requirements of the EU signature directive, the EU invoice guideline and one of the most strict einvoicing legal regulations, the German signature law and the current sales tax law and the EU invoice guideline. In addition, the signature system (version 2.4.0), which is the basis of the web service, was certified with respect to the accounting requirements by the internationally recognized auditing company PriceWaterhouseCoopers. Signature portal & checks are included free of charge The easy to use, multi-lingual signature portal www.signature-check.com is available - free of charge - for all SIGNAMUS users and their customers or suppliers to check all signatures generated through SIGNAMUS. The check is fast, simple and self-explanatory and provides an orderly and auditable check report in up to eight different languages - worldwide. A current internet browser (IE, Firefox, etc.) is the only requirement for using the signaturecheck web portal, enabling all recipients of signed or time stamped documents/invoices to check easily and fast signatures without special software or knowledge. Flexible & professional interfaces The web services provided by SIGNAMUS may be securely integrated into existing semi and fully automated business processes, such as invoice processing, via standardized interfaces. Different flexible interfaces are available for the integration of the efficient SIGNAMUS web services into your enterprise processes: The easiest and fasted integration is provided by a virtual network drive. This drive will be established in a few minutes completely automatic by using the free SIGNAMUS client software (Windows) on your work station. This means that you can sign and check signatures on invoices and other documents without any previous knowledge within a few minutes. Afterwards, you may send or process the invoice or signed document. You can also configure the virtual drive directly in your existing environment. The e-mail (SMTP) interface is the best option for you if you send and receive invoices by e-mail. The integration of this interface will be established centrally on your e- mail server. Implementation service is normally provided by your system administrator. However, we would be glad if we can support you with this activity. This will guarantee an automatic and secure data flow for your important documents at any time. The signature creation and/or signature check is provided fully automatically in the background when the e-mail is sent or received. The standardized SOAP web service interface provides the optimal security if you require a high and auditable transaction security. The structured and transaction-secured data exchange per SOAP protocol (in accordance with worldwide W3C specifications) provides a control of the data flow and a maximum flexibility through a message-based control. The establishment of this interface can be provided by one of your employees based on our documentation. However, we will be glad to support you. If requested, we can provide the complete installation. Using the SOAP interface option, the sending and receiving of invoices is processed on your systems. If you need to process large amounts of data the SFTP interface is the right choice. It allows transferring files securely between computers connected to the Internet. You can transfer your data in only one single step. After all files have been signed or verified you can retrieve them also in one single process. The sending and receiving will be handled in your systems. Secure and powerful signature service SIGNAMUS offers one of the most secure and powerful international web services including "everything you need for electronic signatures" and the processing of electronic data. Internationally proven architecture The architecture of the SIGNAMUS Web service is based on the very powerful and legally conforming signature servers, AuthentiDate Billing Signature Server and AuthentiDate Signature Check Server, which generate and check qualified electronic signatures for many companies of all sizes in many countries and for many years. Many worldwide leading companies and other globally acting signature service providers in Europe and the United States rely on these systems. Secure and redundant system design SIGNAMUS is secure and redundant from its core design, i.e. it is designed for at least dual redundancy. SIGNAMUS consists of at least four independent server systems, which offer each other protection against failures and a multilevel access protection system. This protects your valuable data from unauthorized access and loss. If archiving services ordered, data will be always stored redundant. This data protection is supported by frequent backups and professional transfers of the secured and backup d data to especially protected safe deposit boxes. 2011 AuthentiDate Deutschland GmbH. All rights reserved. - Version: 3.7 Page 2 / 5
SECURE & STANDARDS High availability included SIGNAMUS is available 24/7 for 365 days per year, enabling high volume processing of signature generation and signature checking. A flexible, scalable and redundant system platform secures high availability of the SIGNAMUS services. Flexibility included One of the special strengths of SIGNAMUS is the built in flexibility and the possibility to provide solutions to individual requirements. This means that individual data flow concepts including the branching to additional systems and services can be implemented if required. Based on the proven system architecture and the variety of application areas, the SIGNAMUS Consulting Team has an exceptionally deep and broad experience to provide solutions for individual requirements for the generation and checks of signatures and test reports. This service is only available individually. Please contact our team. Individual, dedicated signature cards The standard service scope includes a number of SIGNAMUS signature cards for signature generation. However, SIGNAMUS also offers you the option to use individual, separate signature cards. The cards will be implemented and administered separately and they will be assigned to your SIGNAMUS account. They can only be used by your individually assigned accounts. This means, that you can include your own company name, e.g. as a pseudonym, or other information in your signatures. Individual, dedicated SIGNAMUS systems: The option of dedicated SIGNAMUS systems is available for special requirements. In this case, a complete SIGNAMUS system will be made separately available to you. This means, that very individual requirements with respect to volume, signatures, data flow and data security can be satisfied. An individual proposal for a dedicated system will be jointly worked out and coordinated with you. Please contact us. Securing document using qualified timestamps To secure documents SIGNAMUS Cloudservice offers the service to request qualified digital timestamps from the accredited AuthentiDate trust center. If the timestamp function is ordered, SIGNAMUS Cloudservices requests qualified timestamps with a high performance and stores them in separate files. Timestamps are requested using the worldwide standardized format RFC3161. If required, SIGNAMUS Cloudservices verifies qualified timestamps and compiles a verification report. Also a manual verification of timestamps is possible using the available web portal. Requesting and verifying qualified timestamps can be freely combined with any other SIGNAMUS Cloudservices functions. The SIGNAMUS Online Archive can be accessed comfortably via a Web interface providing full document management system (DMS) functionality. It includes an easy to use, quick full text search engine for the complete archive content. A preview function and the direct retrieval of documents from the archive are available via the Web interface. To connect the SIGNAMUS Online Archive with other IT systems an interface implementing the worldwide standardized CMIS (Content Management Interoperability Services) is available. This allows other IT systems access similar to a local archive. Customizable and flexible conversion services SIGNAMUS Cloudservices offers a powerful and flexible data conversion engine, which is available on project base. Any file format with structured data may be used as source format for conversions. Any file format with structured data may be used (e.g. XML or EDI). Furthermore, customer-specific proprietary formats can be supported on request. SIGNAMUS Cloudservices uses customer-specific templates for high-performance data conversion. Supported target formats can either be machine-readable formats like XML or EDI as well as human-readable formats like PDF. Legal Compliance and standardized worldwide Legally compliant signatures: SIGNAMUS enables you to sign easily your electronic invoices and documents in accordance with the legal regulations. This means that the signatures and timestamps generated by SIGNAMUS are in accordance with the EU signature directive, the EU invoice guideline (2001-115-EG) and the strict requirements of the German signature law, and they can be used for the value added tax deduction throughout the European union and other countries. The AuthentiDate ebilling Signature Server, used by the SIGNAMUS service guarantees the legal signature compliance at any time based on the manufacturer declaration published by the German Federal Network Agency. In addition, the AuthentiDate ebilling Signature Server version 2.4.0 has been certified by the internationally recognized auditing company PricewaterhouseCoopers with respect to the regulations of German accounting principles. (GoB, AO, HGB, GDPdU, etc.). As an option, SIGNAMUS may also be used to sign electronic invoices for non-eu countries, such as Switzerland, the United States and others. If required, country specific individual legal requirements, i.e. special Swiss signature cards, shall be taken into account and implemented as required. Transparent, audit-proof archiving using SIGNAMUS Online Archive SIGNAMUS offers the full functionality of an archiving system with the SIGNAMUS Online Archive. All documents and all created signatures, timestamps and verification reports are saved audit-proof in the SIGNAMUS Online Archive and cannot be altered afterwards. Standardized worldwide A maximum long-term interoperability is achieved by the conformity of the SIGNAMUS services to current standards and specifications (Common-PKI /PKIX). The use of worldwide, also by the W3C consortium, standardized protocols (such as SOAP, WebDAV, HTTPS) permits a simple and secure handling by the user independent of hardware, software or geography. 2011 AuthentiDate Deutschland GmbH. All rights reserved. - Version: 3.7 Page 3 / 5
TECHNICAL SPECIFICATION Secured and high availability infrastructure Highly available central system design, consisting of at least four server systems Web service availability: 99.5% * Availability guaranteed through Service Level Agreement (SLA) Manual signature check included through signature portal www.signature-check.de (free of charge for all signatures generated by SIGNAMUS) Easy and simple connection to ERP/invoice & DMS systems Protection against unauthorized access through authentication and encryption on protocol level Optional: Data format conversion/imaging, e.g. from XML to PDF, as part of individual projects Optional: Implementation of the transmission channels (e.g. SOAP input with subsequent sending of e-mail) only as part of individual adaptations Optional: Extended support offering through individual SLA * The calculation of the annual availability takes into account planned maintenance windows and the availability of external services, such as Internet provider. System requirements: High speed internet connection (e.g. DSL) Properly configured firewall for the respective interface for access to SIGNAMUS. Signature creation The following additional information must be considered for signature creation: High-volume generation of qualified signatures for electronic invoice documents and data Usage of qualified certificates with general service pseudonym ("SIGNAMUS") External/attached signatures: o Signature file format: CMS o Allocation of file and signature through file names Internal/integrated signatures: o Support of PDF documents version 1.7 (ISO 32000) o Support of PDF/A documents version 1-a (ISO 19005-1:2005) Free format selection of files to be signed for external/attached signatures Common-PKI ver.1.1 and 2.0 PKIX Certification format X.509v3 (qualified) Legal qualifications: Limited power of attorney for the generation of qualified electronic signatures (to be established as part of the order) Timestamps The following additional information must be considered for requesting and verifying timestamps: High-volume request of qualified timestamps from the accredited AuthentiDate trust center for electronic invoice documents and data Timestamps are generated as external file. Timestamp format: RFC 3161 Free format selection of files to be timestamped Large-scale checks of qualified timestamps including online validity checks for the timestamp certificate (OCSP) Allocation of file, timestamp and verification report through file names Multi-language check reports available in German, English, French as well as Danish, Italian, Dutch, Spanish and Swedish Signature verification The following additional information must be considered for signature verification: Large-scale checks of qualified signatures including online validity checks for the signature certificate (OCSP) Allocation of file, signature and check report through file names Check report compliant with German accounting (GDPdU) Multi-language check reports available in German, English, French as well as Danish, Italian, Dutch, Spanish and Swedish The availability of the service depends on the availability of external information services (OCSP responder), operated by the issuing certificate providers Legal qualifications Limited power of attorney for the check of qualified electronic signatures (to be established as part of the order) 2011 AuthentiDate Deutschland GmbH. All rights reserved. - Version: 3.7 Page 4 / 5
TECHNICAL SPECIFICATION Archive & Document Management System (DMS) The information about the general service scope, standards, interfaces, system requirements as well as the following information is required for archiving data in the SIGNAMUS Online Archive: Archiving of data on a storage medium, which has been reviewed and certified by an international independent auditing firm as an orderly storage media for the unalterable storage and retrieval of electronic data in accordance with German, Austrian and Swiss principles for orderly IT supported accounting systems Alternatively archiving of data on a secured storage area on an access protected and double redundancy storage medium with regular, separately stored backups. Timely unlimited storage of the electronic data and signatures during the duration of an active contract or user account Long-term, system independent storage scheme in accordance with year, month, day (customizable on request) Redundant storage and frequent safeguarding of data in the secure SIGNAMUS data center. Frequent transfers of secured data to an especially secure save deposit box stored Protected access (read only) only through an encrypted connection (HTTPS) and secured access identification Separate storage and access for each user account Minimum archive capacity: 1GB (1024MB), additional capacity available in steps of 1GB Optional available as long-term archiving in accordance with German 17 SigV (Signature directive), including long-term signature preservation using qualified time stamps for evidence value conservation of electronically signed, time stamped data or other (non-signed) data. Optional: Tenant-capable archive access incl. tenant management via administrator account. Optional: Setup of a dedicated archiving system. Other services: Other services such as data conversion, data formatting, imaging, conversion of transmission channels and other services are available on request. Please contact us. Interfaces SOAP interface: SOAP interface with encrypted connection (SOAP RPC via HTTPS) for transmission, pickup and status query for data/documents to be signed and checked Authentication via account credentials. Certificate-based authentication available as option. SMTP interface: e-mail interface (Proxy) through SMTP protocol using encrypted connections (START TLS) via mail relay or smarthost Authentication via account credentials. SFTP interface: SFTP interface with secured file transfer. Authentication using account credentials or certificates. WebDAV interface: Virtual network drive (file directory) through WebDAV protocol with encrypted connection (HTTPS). SIGNAMUS access software (will be made available free of charge only for Windows XP2+ or higher) Alternative: Manual WebDAV access through WebDAV protocol with identification (all operating systems) Additional information about the WebDAV protocol can be found under www.webdav.org CMIS interface to SIGNAMUS Online Archive: Standardized CMIS* interface to connect ERP/invoice systems directly to the SIGNAMUS Online Archive. Retrieval of documents from the SIGNAMUS Online Archive. Document research in SIGNAMUS Online Archive. Archiving of additional documents SIGNAMUS Online Archive. Maximum technical file size for retrieving documents and archiving additional documents in the archive: 1024 MB * Further information regarding the CMIS interface can be found here: http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=cmis Browser interface to SIGNAMUS Online Archive: Browser-based multi-language (German, English, French, Italian and Spanish) encrypted Web interface (HTTPS) with comprehensive full text search engine. Retrieval of documents from the SIGNAMUS Online Archive. Document research in SIGNAMUS Online Archive. Archiving of additional documents SIGNAMUS Online Archive. Maximum technical file size for retrieving documents and archiving additional documents in the archive: 200 MB AuthentiDate Deutschland GmbH Fon +49 211 43 69 89 0 Email info@authentidate.de Web www.authentidate.de 2011 AuthentiDate International AG. All rights reserved. Duplication allowed only with the prior written approval of AuthentiDate International AG. All trade-marks are trademarks of their respective owners. All rights reserved regarding errors, changes and availability of products, services, features and usage. Products and services are provided by AuthentiDate Deutschland GmbH. AuthentiDate accepts no liability whatsoever for the correctness of information of third parties concerning features, services or availability. In the course of product development AuthentiDate reserves the right to make changes to products and services without prior notification. No statement or wording is intended to represent, or may be construed as legal advice. Legal statements are on no account binding. In case of deviations to contractual documents relating to this document or AuthentiDate s general terms and conditions, the contractual documents or AuthentiDate s general terms and conditions always have priority over this document. Version 3.7