When you need a qualified electronic signature, you often come across the terms “identification” and “authentication”. But what do the expressions mean? And why do I need it for digital signing? How do I get a QES and how does the identification process work? In this article, we explain!
How to get a (qualified) electronic signature (QES)
What is an identification? Identity verification via video identification
In order to be able to ensure that the document has been signed by the right person during digital signing, their identity must be verified. For example, if only an image of the signature is placed on a document, the identity cannot be verified and ensured. Therefore, a qualified signature is required for important documents in order to maximize evidentiary value and legal validity. In order to be able to sign with a qualified electronic signature (QES), you have to go through an identification process once.
Identification is understood to mean the determination of one’s own identity. In most cases, this is done by presenting an official identification document (e.g. passport or identity card). For example, when opening a bank account, identity is verified by comparing the biometric features of the photo ID presented with the natural person standing in front of the bank employee or present via video call. Identification only needs to be carried out once at registration.
Identification is understood to mean the determination of one’s own identity. In most cases, this is done by presenting an official identification document (e.g. passport or identity card). For example, when opening a bank account, identity is verified by comparing the biometric features of the photo ID presented with the natural person standing in front of the bank employee or present via video call. Identification only needs to be carried out once at registration.
In our case, the user is identified before receiving a qualified electronic signature. This can be done, for example, online with a trust service provider of your choice using a video identification procedure (Videoident). Personal data must be provided beforehand and a photo ID must be presented during a video call. If the data provided matches the ID data and the biometric data from the photo ID with the person in the video call, the identity can be verified.
What is authentication
After you have been identified and “know” each other, you “only” have to authenticate yourself from now on. During authentication, you have to prove your identity every time. This can be done on the basis of various authentication factors. For example, using
- of a password/PIN (knowledge)
- a smartphone that can receive a one-time verification code, or
- a fingerprint scan/Face ID (biometrics).
The factors can also be combined, such as: in two-factor authentication and multi-factor authentication to increase security.
Authentication is therefore the verification of the given identity.
Two-factor authentication comes into play with qualified signing. After logging in to sproof sign (factor 1 password), you have to confirm your identity using a mobile phone app (factor 2 fingerprint or Face ID) for qualified signing.
Identification vs. authentication – what’s the difference?
Identification/identification establishes the identity of a person and links the digital identity to a natural person and their name. Identification only needs to be done once as a first step, e.g. user registration with proof sign or identification procedures to obtain a QES.
Authentication/authentication is the process of proving identity. The specified identity is compared with the specified data. This authentication process has to be done again every time, e.g. logging in to sproof sign or 2-factor authentication when signing with QES.
Identification and authentication therefore go hand in hand and cannot do without the other.
Identification and authentication for qualified signing
In short: To receive a qualified electronic signature (QES), you have to identify yourself once and set up a 2-factor authentication (duration: 15 minutes once). For qualified signing, all you have to do is authenticate (duration: <1 minute each time).
How do I get a QES (at sproof sign)?
- To get a QES, you must first provide your personal information.
- Before you start the video identification procedure, you will have your official photo ID ready.
- In the video call, you must show your official photo ID. As a result, the trust service provider compares your provided data with the ID data and the biometric data from the photo ID with you in the video call. If all the information matches, their identity is verified.
- Next, you need to download a mobile phone app (e.g. Mobile ID) and log in.
- In the app, their digital identity is stored by the trust service provider and a second security factor (e.g. fingerprint scan or Face ID) is set up.
- From now on, you can sign in a qualified manner and only have to authenticate yourself in the app (push notification) before qualifying signing.
