Versions Compared

Old Version 17

changes.mady.by.user sasi

Saved on

compared with

New Version 18

changes.mady.by.user sasi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • The ability for anyone to sign

    • One authentication based E-signature

      • OTP

      • Biometrics

      • PIN

    • One Time Signature

      • WOTS+ - Not supported

      • XMSS - Not supported

    • Long-term signature

      • Smart cards

      • Smart Phone.

    • HD Signature

      • Smart Phone

  • Use ID BB to authorize and sign a document.

    • Should be possible to sign with a standalone app, without ID BB.

  • Auditability

  • Validatable

  • Revoke certificate.

  • Highly secure.

  • Preservation of E-Signature

  • Non-Repudiation

  • Long-term validatable.

  • Inclusive

    • Supports multiple social economic backgrounds.

  • Presentation

    • Can we support multiple signature types and let verifiers provide presentation layers?

Assumptions:

  • Has an a digital ekyc or authentication service.

    • Registration/KYC should be possible to be performed online or face to face

    • Should be possible to perform via phone call/SMS

  • Bulk signing is out of scope.

  • Collaboration in the signature is limited by the type of the document and the support of the document.

  • Countries are expected to have digital signature law’s that consider e-signatures as equivalent to handwritten signatures.

  • No support for printing the digital document and validating the signature.

...

Sample Use cases: - Priority 1

Use case 1: Signature of the resident on the consent form to share his details for the government subsidiary

Actors:

Consent Building Block, Resident, Workflow Building block, Agent, ID Building Block

Type:

G2C

Steps for Approach online:

  1. Agent opens up the consent form.

  2. Describes the services to the resident.

  3. Resident authenticates to the ID Building Block

  4. The resident is redirected to the workflow building block

  5. The workflow building block gets the necessary consent form and shows it to the agent/resident.

  6. The resident chooses to sign the consent form with a button click.

  7. The workflow building block sends the consent form and the bearer token of the user to the e-signature building block api.

  8. The e-signature building block validates the bearer token with the ID building block.

  9. Creates the key on the fly and timestamps & signs the document. (different types of signatures are allowed). The key is valid only for a short duration.

  10. The e-signature building block sends back the signature in the requested format (XAdES, CAdES, ASIC, JWS)

  11. The workflow building block decides to embed or attach the signature data.

  12. The workflows building block sends the signature to the consent building block.

  13. The workflow building block shows the user that consent is signed and he can download it from a link given.

Steps for Approach offline:

Prereq:

  1. Resident visits the e-signature portal.

  2. Authenticates using ID building block with biometrics

  3. Uses a USB token or Mobile phone to create a secure key pair and send the CSR to the server.

  4. The CSR is signed with the user details and sent back to the USB token.

Steps:

  1. Agent opens up the consent form.

  2. Describes the services to the resident.

  3. Resident authenticates to the ID Building Block

  4. The resident is redirected to the workflow building block

  5. The workflow building block gets the necessary consent form and shows it to the agent/resident.

  6. The resident chooses to sign the consent form with a button click.

  7. The workflow building block redirects to the e-signature building block.

  8. The e-signature building block asks the resident to insert the USB token.

  9. The e-signature building block interacts with the USB token and signs the document.

  10. The e-signature building block sends back the signature in the requested format (XAdES, CAdES, ASIC, JWS) to the workflow building block.

  11. The workflow building block decides to embed or attach the signature data.

  12. The workflows building block sends the signature to the consent building block.

  13. The workflow building block shows the user that consent is signed and he can download it from a link given.

Use case 2: Payroll signature

Can we have the payroll statement signed before its it's sent for the payment block.?

Type:

G2B or B2B or B2G

Sequence Diagram:

...

  • Sign you invoice.

  • Sign an RFP

  • Sign a business agreement.

Use case

...

3: Signing and verifying a document using a desktop computer or mobile phone

<Description by Jürgen Niinre .

Type:

Sequence Diagram:

Related use cases

Use case

...

4: Signing a consent form

<Description by kadio.kassy >

Type:

Sequence Diagram:

Related use cases

...

  • An ID-card, which is a mandatory identity document for all Estonian citizens. The PINs required for electronic signing are issued to you in a security envelope with the card. In order to use your ID-card, you also need a card reader and ID-software.

  • digital ID card: Estonian citizens can use their digital IDs in parallel with ID-cards while foreigners are issued e-resident’s digital IDs.

  • mobile-ID is a SIM card-based solution for electronic authentication and digital signing with a mobile phone. Mobile-ID SIM cards are issued by mobile network operators.

  • Smart-ID is a SIM-independent device-based solution for smartphones.

...