When you need a qualified electronic signature, you often come across the terms "identification" and "authentication". But what do these terms mean? And why do I need it when signing digitally? How do I get a QES and how does the identification process work? In this article we clarify!
In order to ensure that the document has been signed by the correct person when signing it digitally, the person's identity must be verified. If, for example, only an image of the signature is placed on a document, the identity cannot be verified and ensured. Therefore, a qualified signature is required on important documents to maximize the probative value and legal validity. In order to sign with a qualified electronic signature (QES), one must go through an identification process once...
Identification is the process of establishing one's own identity. In most cases, this is done by presenting an official identification document (e.g. passport or ID card). For example, when opening a bank account, the identity is verified by comparing the biometric features of the photo ID shown with the natural person standing in front of the bank employee or present via video call. Identification only needs to be performed once at the time of registration.
In our case, the user is identified before a qualified electronic signature is obtained. This can be done, for example, online at a trust service provider of your choice using a video identification procedure (Videoident). In this process, personal data must be entered beforehand and, in the case of a video call, a photo ID must be presented. If the data provided matches the ID data and the biometric data from the photo ID matches the person in the video call, the identity can be verified.
After you have been identified and "know" yourself, you "only" have to authenticate yourself from now on. During authentication, you have to prove your identity every time. This can be done using various authentication factors. For example
The factors can also be combined, such as in two-factor authentication and multi-factor authentication, to increase security.
Authentication is therefore the verification of a given identity. Two-factor authentication comes into play in qualified signing. After logging in to sproof sign (factor 1 password), qualified signing requires you to confirm your identity using a mobile app (factor 2 fingerprint or Face ID).
Identification establishes the identity of a person and links the digital identity to a natural person and their name. Identification only needs to be performed once as the first step, e.g. user registration with sproof sign or identification procedures to obtain a QES.
During authentication/authentication, the identity is proven. In this process, the given identity is compared with the given data. This authentication process must be performed again each time, e.g., logging in with sproof sign or 2-factor authentication when signing with QES.
Identification and authentication thus go hand in hand and cannot work without the other.
In short, to obtain a qualified electronic signature (QES), you have to identify yourself once and set up 2-factor authentication (duration: 15 minutes once). For qualified signing, one then only has to authenticate (duration: <1 minute each time).
Do you have a great idea for our blog?A community benefits from people who are interested in a topic - who are committed to it. If you yourself have a "soft spot" for sensible digitisation processes and would like to contribute something to this blog, or if you just want to give us a hint on an exciting topic... We would be very happy to hear from you: We definitely take our time 😊
sproof sign as an alternative