...
<Description by Jürgen Niinre .
Type: C2G, G2C, G2B
Steps:
Prerequisites
User has been onboarded, has been issued Qualified Certificate and owns Qualified Signature Creation Device. Onboarding can be performed in following ways
ID card: By visiting designated Government office and is issued ID card
User’s remote signing device: By purchasing special SIM card from Mobile operator and authenticating using ID card
Users' cloud signing provider: By downloading an app from AppStore/Google Play and authenticating using ID card
Signing using standalone Application (i.e mobile/desktop):
User opens application and selects a documents to be signed
Application will authenticate to e-signature BB, using embedded token that allows for e.g 10 requests/month
Application will create a signature
With ID card signature can be created directly by communicating with ID card over smart card reader
Application will communicate with ID card that is directly connected to the device
Application will read the User’s certificate from ID card
Application will perform User verification
Application will ask User’s PIN code and/or perform Biometric check
Application will instruct the ID card reader to prompt for PIN code, in case the ID card reader is with keypad
After user enters the PIN and/or performs the biometric check, ID card is ready to perform the signing operation
Application will forward hash to be signed to ID card
ID card will return the signed hash
Application will contact e-signature BB for validity confirmation and timestamp
With User’s remote signing device (SIM card)
Application will contact an e-signature BB
e-signature BB will contact a OTA backend to send notification to User’s remote signing device, containing hash and text to display
User’s remote signing device will perform User verification and signing
User’s device will ask User’s PIN code
After User verification is completed, User’s remote signing device will sign the hash
Signed hash will be sent back to e-signature BB
e-signature BB will retrieve the User's certificate from CA
e-signature BB will confirm certificate validity
e-signature BB will issue timestamp
e-signature BB will send back a signature with certificate validity and timestamp
With User’s cloud signature provider (App based)
Application will contact an e-signature BB
e-signature BB will contact a Cloud signature provider to send notification to User’s App with text to display
User’s App will perform User verification and signing authorization
User’s device will ask User’s PIN code and/or perform biometric verification
After User verification is completed, signing authorization is given to Cloud signature provider
Cloud signature provider will create the signature and return it to e-signature BB
e-signature BB will retrieve the User's certificate from CA
e-signature BB will confirm certificate validity
e-signature BB will issue timestamp
e-signature BB will send back a signature with certificate validity and timestamp
Application will save the signature, validity information and timestamp together with document, so that document with this embedded information can be validated later
Sequence Diagram:
Related use cases
...