Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 17 Next »

<TODO: Finalize with the team>

  • Start with the use case. refer to the scope once to be clear.

Definitions:

An E-Signature or an electronic signature is a way of signing documents digitally, without needing to print them. It’s sort of like an electronic version of a pen and paper signature or stamp, specific to a person or organization and is both secure and legally binding.

In our context, E-Signature will mean cryptographically validatable signatures.

Scope:

  • Government signing the document G2P – Priority

  • The end user signs the document. P2G - Priority

  • Business signing the document. B2B or B2C, G2B, B2G - last

  • Quantum resistance - Not in scope as of now.

Objective:

  • The ability for anyone to sign

    • One authentication based E-signature

      • OTP

      • Biometrics

      • PIN

    • One Time Signature

      • WOTS+ - Not supported

      • XMSS - Not supported

    • Long-term signature

      • Smart cards

      • Smart Phone.

    • HD Signature

      • Smart Phone

  • Use ID BB to authorize and sign a document.

    • Should be possible to sign with a standalone app, without ID BB.

  • Auditability

  • Validatable

  • Revoke certificate.

  • Highly secure.

  • Preservation of E-Signature

  • Non-Repudiation

  • Long-term validatable.

  • Inclusive

    • Supports multiple social economic backgrounds.

  • Presentation

    • Can we support multiple signature types and let verifiers provide presentation layers?

Assumptions:

  • Has an ekyc or authentication service.

    • Registration/KYC should be possible to be performed online or face to face

    • Should be possible to perform via phone call/SMS

  • Bulk signing is out of scope.

  • Collaboration in the signature is limited by the type of the document and the support of the document.

  • Countries are expected to have digital signature law’s that consider e-signatures as equivalent to handwritten signatures.

  • No support for printing the digital document and validating the signature.

Challenges:

  • Central service vs Distributed model

  • What if there is no eKyc/auth available?

  • Phone-based signature?

  • Online and/or Offline validation

  • Can we use JSON-LD signatures so we can validate a linked PDF or HTML or image etc.

Key principles:

Flow:

Sign using a cryptographic key and explain

How do we verify? explain here

How can we make it easy for everyone in the country to use it?

Kassy - preservation means the ability to use a digital signature and validate the same digital signature

Let us add one or some of the sample digital signatures.

https://tcab.eu/eidas-assessment/seal-preservation/

Differentiate validation vs creation of digital signatures.

Solution:

  • There should be levels of how strongly KYC is done and how good is the signature creation device

  • How do we take care of the machine signature? Is this in scope?

Sample Use cases: - Priority 1

Use case 1: Payroll signature

Can we have the payroll statement signed before its sent for the payment block.

Type:

G2B or B2B or B2G

Sequence Diagram:

Related use cases

  • Sign you invoice.

  • Sign an RFP

  • Sign a business agreement.

Use case 2: Signing and verifying a document using a desktop computer or mobile phone

<Description by Jürgen Niinre .

Type:

Sequence Diagram:

Related use cases

Use case 3: Signing a consent form

<Description by kadio.kassy >

Type:

Sequence Diagram:

Related use cases

Kassy use cases

  • Local signature - Cryptographic token

  • Distance signature - sign your own

  • Before you get a key you should get the kyc from the certificate authority.

  • Gtax generates the key and certificate to sign and then returns the application.

Reference:

Introduction to cryptographic digital signature - https://www.youtube.com/watch?v=704dudhA7UI

India e-sign paper - https://cca.gov.in/sites/files/pdf/ACT/eSign-APIv2.0.pdf

India Other modes: Device based.

Estonia eSignature mobile application - https://www.id.ee/en/article/ria-digidoc-mobile-application/

Estonia eSignature desktop application - https://www.id.ee/en/rubriik/using-digidoc4/

Estonia eSignature creation and verification libraries - https://www.id.ee/en/article/digidoc-libraries-overview/

Estonia eSignature timestamp service - https://www.skidsolutions.eu/en/services/time-stamping-service/

Estonia eSignature validity confirmation Service - https://www.skidsolutions.eu/en/services/validity-confirmation-services/

Estonia eSignature(container) format - bdoc-spec212-eng.pdf

Estonian citizens can choose a suitable method for digital signing themselves. Nowadays, there are four common ways to do so:

  • An ID-card, which is a mandatory identity document for all Estonian citizens. The PINs required for electronic signing are issued to you in a security envelope with the card. In order to use your ID-card, you also need a card reader and ID-software.

  • digital ID card: Estonian citizens can use their digital IDs in parallel with ID-cards while foreigners are issued e-resident’s digital IDs.

  • mobile-ID is a SIM card-based solution for electronic authentication and digital signing with a mobile phone. Mobile-ID SIM cards are issued by mobile network operators.

  • Smart-ID is a SIM-independent device-based solution for smartphones.

Standards

PAdES - PDF

https://www.etsi.org/deliver/etsi_en/319100_319199/31914201/01.01.01_60/en_31914201v010101p.pdf

https://www.etsi.org/deliver/etsi_en/319100_319199/31914202/01.01.01_60/en_31914202v010101p.pdf

XAdES - XML

http://www.etsi.org/deliver/etsi_ts\101900_101999\101903\01.04.02_60\ts_101903v010402p.pdf

CAdES

https://tools.ietf.org/html/rfc5126.html

Timestamping

https://datatracker.ietf.org/doc/html/rfc3161

  • No labels