When you need a qualified electronic signature, you often come across the terms "identification" and "authentication". But what do these terms mean? And why do I need it for digital signing? How do I get a QES and how does the identification process work? In this article, we explain!
What is identification? Identity verification via Videoident
In order to ensure that the document has been signed by the right person during digital signing, the identity of the person must be verified. If, for example, only an image of the signature is placed on a document, the identity cannot be verified and guaranteed. Therefore, a qualified signature is required for important documents in order to maximize the probative value and legal validity. To be able to sign with a qualified electronic signature (QES), you have to go through an identification process once.
Identification means establishing one's own identity. In most cases, this is done by presenting an official identification document (e.g. passport or ID card). For example, when opening a bank account, the identity is checked by comparing the biometric features of the photo ID shown with the natural person standing in front of the bank employee or present via video call. Identification only needs to be carried out once when registering.
In our case, the user is identified before receiving a qualified electronic signature. This can be done online with a trust service provider of your choice using a video identification procedure (Videoident). Personal data must be provided beforehand and a photo ID must be presented during a video call. If the data provided matches the ID card data and the biometric data from the photo ID card matches the person in the video call, the identity can be verified.
What is authentication?
Once you have been identified and "know" yourself, you "only" have to authenticate yourself from now on. During authentication, you have to prove your identity each time. This can be done using various authentication factors. For example, using
- a password/PIN (knowledge)
- a smartphone that can receive a unique verification code or
- a fingerprint scan/face ID (biometrics).
The factors can also be combined, such as with two-factor authentication and multi-factor authentication, to increase security.
Authentication is therefore the verification of the specified identity. Two-factor authentication comes into play with qualified signing. Once you have logged in to sproof sign (factor 1 password), you have to confirm your identity using a mobile app (factor 2 fingerprint or face ID) for qualified signing.
Identification vs. authentication - what is the difference?
Identification establishes the identity of a person and links the digital identity with a natural person and their name. Identification only needs to be carried out once as a first step, e.g. user registration with sproof sign or in identification procedures to obtain a QES.
Identity is verified during authentication/authentication. The specified identity is compared with the specified data. This authentication process must be carried out again each time, e.g. logging in with sproof sign or 2-factor authentication when signing with QES.
Identification and authentication therefore go hand in hand and cannot be carried out without the other.
Identification and authentication for qualified signing
In short: To obtain a qualified electronic signature (QES), you have to identify yourself once and set up 2-factor authentication (duration: 15 minutes once). For qualified signing, you then only need to authenticate (duration: <1 minute each time).
How do I get a QES (with sproof sign)?
- To get a QES, you must first provide your personal details
- Before you start the video identification procedure, present your official photo ID
- In the video call, you must present your official photo ID. The trust service provider then compares the data you provide with the ID card data and the biometric data from the photo ID card with you in the video call. If all the information matches, your identity will be verified
- Next, you need to download a mobile app (e.g. Mobile ID) and log in.
- Your digital identity is stored in the app by the trust service provider and a second security factor (e.g. fingerprint scan or Face ID) is set up.
- You can now sign with a qualified signature and only need to authenticate yourself in the app (push message) before signing with a qualified signature.
More blog entries
Digital sustainability in the hotel and catering industry: HOGAST saves measurable resources with sproof signeIDAS 2.0 - The redesign of digital identity and signature in Europe (March 2024)Digital signatures according to FDA (Part 11) create traceability in FDA-regulated industriesDigital signing of prescriptions - teleclinic is a driver of innovation in the field of telemedicineQES, AES, EES: All e-signature standards at a glance