With a personal signature, the signature certificates are only generated for the electronic signature and lose their validity after approx. 10 minutes. At this moment, Swisscom avoids the notification of a compromise of the certificate by the signatory, i.e., a certificate cannot be compromised. The procedure has several advantages:
- The end user does not need to contact Swisscom (e.g., a user account to revoke certificates).
- The recipients of signed documents do not have to deal with revocation lists and an online certificate validity check (OCSP)
- Security problems with applications that only rely on regular revocation list updates are avoided.
- OCSP queries lead to time delays for the recipient.
- In addition, a short-term certificate always provides a positive response – an OCSP query can only ever give a negative response.
The qualified electronic signature with a short-term certificate is still valid, regardless of the certificate's validity period.
The short-term certificates are issued based on registrations of the registration service, i.e., they are based on strong authentication. A short-term certificate is only generated if a two-factor authentication solution is available as a signature approval method.
Example for analogy in the paper environment: I sign a contract with an ink pen. The ink in the pen is empty after the signature. The contract remains valid, of course.
When signing with a qualified electronic signature, the following evidence archival periods apply:
The retention periods for the identification evidence and the activity journal for EU signatures in Austria are 35 years and ten years in Switzerland. Swisscom is an accredited trust and certification service provider in Austria and Switzerland.
Due to the PAdES long-term validation standard (LTV), you can validate qualified electronic signatures after their short-term electronic certificates expire.