Page Comparison

...

•  Start with the use case. refer to the scope once to be clear.

Definitions:

...

• E-Signature or an electronic signature is a way of signing documents digitally, without needing to print them. It’s sort of like an electronic version of a pen and paper signature or stamp, specific to a person or organization and is both secure and legally binding.

...

• In our context, E-Signature will mean cryptographically validatable signatures.

• Qualified Certificate (EIDAS term) - a certificate in form of X.509 that allows the user's digital signature to be equal to a handwritten signature. It can be issued only according to legally accepted procedures.

• Qualified Signature Creation Device (EIDAS term) - device that allows users to give signatures. Technically follows legally accepted procedure. There are different types:

  • Physical token (ID card, Smart card, USB token)

  • Remote token/EIDAS remote QSCD/Split key ( Cloud + App, Cloud + App + Secure element, Cloud + SIM card, Cloud + App + eSIM)

  • As requirements, we can define this to be:

    • Defined in EIDAS QSCD list https://esignature.ec.europa.eu/efda/notification-tool/#/screen/browse/list/QSCD_SSCD

    • Certified by Common Criteria

    • Certified/Endorsed by FIDO

• Signing Application - 3rd party or Government Application that implements the document signing.

  • Standalone application (Desktop, Mobile App)

  • Embedded application - embedded into another service, e.g web portal, online self-service, product

• Onboarding - the process of issuing a Qualified Certificate and binding it to a Qualified Signature Creation Device, can involve different ways, subject to legislation:

  • Face to face

  • Online + authenticated with existing token

  • Online re-onboarding only

  • Full online

• Signature Requestor - An application that has the artefact that needs the users signature.

• Document/Artefact to be Signed - Data that needs to be signed by User. It can be

  • a Document file (pdf, word, etc) owned/handled by User

  • a Data file in arbitrary format owned/handled by user

  • A Document or Data file handled by a 3rd party Service on behalf of user.

Scope:

• The government signing the signed document G2P – Priority

• The end user signs the document. P2G - Priority

• Business signing the document. B2B or B2C, G2B, B2G - last

• Quantum resistance - Not in scope as of now.

...

• Sign you invoice.

• Sign an RFP

• Sign a business agreement.

Use case 3: Signing and verifying a document owned by user using a desktop computer or mobile phone

<Description by Jürgen Niinre .

Type: C2G, G2C, G2B

Terms and Definitions

• Qualified Certificate (EIDAS term) - a certificate that allows the user's digital signature to be equal to a handwritten signature. It can be issued only according to legally accepted procedures.

• Qualified Signature Creation Device (EIDAS term) - device that allows users to give signatures. Technically follows legally accepted procedure. There are different types:

  • Physical token (ID card, Smart card, USB token)

  • Remote token/EIDAS remote QSCD/Split key ( Cloud + App, Cloud + App + Secure element, Cloud + SIM card, Cloud + App + eSIM)

• Signing Application - 3rd party or Government Application that implements the document signing.

  • Standalone application (Desktop, Mobile App)

  • Embedded application - embedded into another service, e.g web portal, online self-service, product

• Onboarding - the process of issuing a Qualified Certificate and binding it to a Qualified Signature Creation Device, can involve different ways, subject to legislation:

  • Face to face

  • Online + authenticated with existing token

  • Online re-onboarding only

  • Full online

Prerequisites

• The user has been onboarded, has been issued a Qualified Certificate and owns or controls a Qualified Signature Creation Device.

Signing using Applicationuser-owned document:

• The user uses the Signing Application directly by choosing documents to be signed (standalone) or through another service, in which case the service will compile the Document needed to be signed by the user

• The application Signing Application will present the documents or data to be signed

• The application Signing Application will authenticate to e-signature BB, using an embedded token that allows for fixed e.g 10 requests/month

• The application Signing Application will create a signature

  With Physical token

• Application will get list of Qualified Certificates from Physical token, and allows user to choose

• Application will read the User’s certificate from Physical token

Application will perform User verification

Application will ask User’s

with Qualified Signature Creation Device

• User is verified using PIN code and/or

  perform a Biometric check

• After user enters the PIN and/or performs the biometric check, Physical token is ready to perform the signing operation

• Application will forward hash to be signed to Physical token

• Physical token will return the signed hash

• With Remote token

  • Application will contact an e-signature BB

  • e-signature BB will contact a Remote token with hash to be signed and text to display

  • User’s Remote token will perform verification and signing

    • User’s Remote token will ask User’s PIN code or perform biometric verification

    • After User verification is completed, User’s Remote token will sign the hash

    • Signed hash, with users certificate will be sent back to e-signature BB

• biometrics

• Signature and Certificate are sent to e-signature BB to be verified

• e-signature BB will confirm certificate validity

• e-signature BB will issue timestamp

• e-signature BB will send back a signature with certificate validity and timestamp

• Signing Application will save the signature, validity information and timestamp together with document, so that document with this embedded information can be validated later

• The application will present results to user

...

Related use cases

Use case 4: Signing a consent form

...