Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

<TODO: Finalize with the team>

  • Start with the use case. refer the scope once to be clear.

Definitions:

eSign, also known as eSignature or an electronic signature, is a way of signing documents digitally, without needing to print them. It’s sort of like an electronic version of a pen and paper signature or stamp, specific to a person or organization and is both secure and legally binding.

In our context, eSign will mean cryptographically validatable signatures.

Objective:

<TODO: update after discussion with the team during kickoff>

  • The ability for anyone to sign

    • Jürgen: one-time signature with OTP (i.e enter code sent via SMS) - weaker security

    • Jürgen: signature with hardware device (smart card, phone etc) - stronger security

  • Use ID BB to authorize and sign a document.

    • Jürgen: ID BB is probably good for cloud platforms (i.e signing portals)

    • Jürgen: Should be possible to sign with standalone app, without ID BB

  • Auditability

  • Validatable

  • Revoke signatures.

    • Jürgen: Is it meant to be revoke certificates? Revoking signatures I think very hard to do.

  • Highly secure.

  • Preservation of esignature

  • Jürgen: Non-Repudiation

  • Jürgen: Lawful/qualified e-signatures (i.e made equal to hand written signatures by law)

Assumptions:

  • Has an ekyc or authentication service.

  • Bulk signing is out of scope.

  • Collaboration in the signature is limited by the type of the document and the support of the document.

Challenges:

  • Central service vs Distributed model

  • What if there is no eKyc/auth available?

  • Phone-based signature?

Scope:

  • Government signing the document G2P

  • End user signing the document. P2G

  • Bussiness signing the document. B2B or B2C

Key principles:

Flow:

Sign using a cryptographic key and explain

How do we verify? explain here

How can we make it easy for everyone in the country to use it?

Kassy - preservation means the ability to use a digital signature and validate the same digital signature

Let us add one or some of the sample digital signatures.

https://tcab.eu/eidas-assessment/seal-preservation/

Differentiate validation vs creation of digital signatures.

Sample Use cases: - Priority 1

Kassy use cases

  • Local signature - Cryptographic token

  • Distance signature - sign your own

  • Before you get a key you should get the kyc from the certificate authority.

  • Gtax generates the key and certificate to sign and then returns the application.

Reference:

Introduction to cryptographic digital signature - https://www.youtube.com/watch?v=704dudhA7UI

India e-sign paper - https://cca.gov.in/sites/files/pdf/ACT/eSign-APIv2.0.pdf

India Other modes: Device based.

Estonia e-sign:

Estonian citizens can choose a suitable method for digital signing themselves. Nowadays, there are four common ways to do so:

  • An ID-card, which is a mandatory identity document for all Estonian citizens. The PINs required for electronic signing are issued to you in a security envelope with the card. In order to use your ID-card, you also need a card reader and ID-software.

  • digital ID card: Estonian citizens can use their digital IDs in parallel with ID-cards while foreigners are issued e-resident’s digital IDs.

  • mobile-ID is a SIM card-based solution for electronic authentication and digital signing with a mobile phone. Mobile-ID SIM cards are issued by mobile network operators.

  • Smart-ID is a SIM-independent device-based solution for smartphones.

  • No labels