Autenti / Blog / What methods can be used to authenticate people who place an electronic signature?
What methods can be used to authenticate people who place an electronic signature?
Electronic signature is an extraordinary convenience and simplification in running a business.
Before we move on to explaining the methods of electronic signature verification, it is worth starting with the basic issue - what is an electronic signature and how does it work?
A legally binding definition is contained in Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market, commonly known as eIDAS. According to the provisions of this document, the signature must display four properties:
it must be in electronic form,
it must be placed by a natural person,
it must be associated with the signed content,
it must be consciously used by the signing person to sign the document.
Electronic signature makes it possible to conclude contracts without the need to meet with someone in person. The entire process can be carried out remotely, via the Internet. The party who signs the document confirms that he or she has read and accepts its content. A contract bearing an electronic signature has a legal power and may be used in evidence proceedings before a court. Therefore, it is very important to verify the data of the person who places the electronic signature. How to do that?
Identification and verification
The first step before signing a contract or another document is to identify the other party who will sign it. The person to whom you will be sending the document should supply their details enabling you to clearly identify their identity. For this purpose, the first name, surname, email address and telephone number of the other party are most often used. The next step is identity verification, i.e. checking whether the data used for identification is correct. It is the sender who verifies whether the person who signs the document uses the data used for authentication (e.g. has access to a given email address or telephone number).
In the case of concluding traditional, paper contracts, the verification of the identity of the other party usually consists in comparing the data contained in the document with data visible on an identity document - personal ID or passport. It is also possible to compare the image of the other party with the photo in the document, as well as to match the signature on the contract with the model from the ID card. This way, the identification and verification process of people signing the contract or another document takes place "live". How should such a procedure be performed in virtual space? The Autenti platform provides several methods of authenticating the person placing the electronic signature on a document.
The simplest and most common method of verifying the other party is to use their email address. If you are the sender of the document and you send it via the Autenti platform, you must provide the other party's email address before sending. A link will be sent to the email address used by the other party. The link will redirect the recipient to a signature panel, where they can confirm their identity and thus place an electronic signature on the document. The data used for verification, i.e. the name, surname and email address, are linked to the IP address of the device that was used to place the electronic signature. All information will be attached to the signed document. It is possible to verify the information in the Signature Card at any time.
Text message code
The second method that you can use to verify the person signing the electronic signature is a code send by a text message. To use this solution, in addition to the email address of the other party, you also need their phone number. The other party, apart from the email send with a link, will also receive a text message with a unique code that must be entered in order to sign the document. This way, an email address and telephone number as well as the IP address of the device used by the recipient of the electronic document are assigned to the first name and surname.
The third method of verifying the identity of the person who places the electronic signature on the document is to use a qualified electronic signature. A qualified signature has the same legal effects as a handwritten signature – for this reason people applying for a qualified certificate undergo a rigorous verification process. It may take the form of a remote video conversation with an employee of the company that issues the certificate or a personal meeting. The identity of the person who applies for a qualified signature is verified on the basis of an identity document - personal ID or passport.
After verification, the recipient of the document may place an electronic signature on the received electronic document. The actual electronic signature has the form of a sequence of bits - so it is completely unreadable for people. In the case of electronic documents, the signature is not visible as an element of the document content, which may cause confusion among users who, through many years of dealing with paper documents, have become accustomed to the fact that the content of the document should be signed by hand. Autenti has developed a solution that removes this inconvenience. The platform automatically generates a Signature Card with a signature made by the other party, as well as information on the time of signing and the authentication methods used. After opening a signed file, the Signature Card is visible as the last page of the document. You will also find electronic seals verified with a qualified certificate, placed by Autenti. The first seal is made when the electronic document is sent for signature, the second – when all electronic signatures have been placed. Each seal contains information about the time of its creation and is a guarantee that from the moment of issuance, the content of the document has remained unchanged and all parties signed the same version.