Austria: E-allocation and safe linking by means of hash value

Background
The electronic transmission of tenders in the award procedure is nothing new and was already standardised in the Federal Procurement Act 2006 both for the classical area and for the area of sector contractors. In the implementation of EU public procurement Directives 2014/24/EU and 2014/25/EU, however, communication in the award of contracts by public authorities and sectoral contractors in the upper threshold range must now take place electronically as of October 2018.

Increased security requirements
The current draft of the Federal Procurement Act 2018 should also be seen against this background. Accordingly, in future too, in cases where offers consist of several offer components, the secure linking of offer documents is a method to guarantee the completeness, authenticity and genuineness of the transmitted data records with a quality comparable to the increased security requirements of a qualified electronic signature.

The secure linking of offer documents will therefore continue to play a key role in the future, as it allows tenderers to link non-signable document formats such as Microsoft Word and Microsoft Excel documents with their offers, which in any case must have a qualified electronic signature.

Secure linking by means of hash value
The hash value to be determined by the non-signable document format is of particular importance.

The hash function is a non-reversible algorithm that maps an extensive source set to a much smaller target set in the form of a hash value. Every change made to the source document automatically results in a completely new hash value. A special method for forming the hash value is the cryptological hash function, which has a one-way function due to its collision resistance. Put simply, a hash value formed in this way is nothing other than the fingerprint of the file.

Accordingly, the procedure for forming the hash value of non-signable file formats for secure linking is based on the procedure used for the qualified electronic signature of the main part of the offer. The secure linking then finally takes place in the form that the hash values of the offer components, which were created in non-signable document formats, are specified in the main part of the offer to be signed in a qualified manner. In this way, the authenticity of the documents can be checked.

Conclusion
Although the linking of offer documents using hash values is a complex process from a technical point of view, this does not involve any additional effort for the client or tenderer, as the processes described above are completely automated.

Author: Oskar Takacs