Importance of eID based identity proofing for international digital signatures
By csc |By Margus Pala, Co-founder, eID Easy
Validating the identity of the party signing a document is an essential part of every secure digital signature. At the same time, it is also one of the highest costs and one of the areas with the most friction. However, it does not have to be a ‘high friction’ task because a growing number of users now have some kind of reusable digital identity app (eID) on their phones.
After initial onboarding the eID based identity proofing is significantly easier and faster than biometric passport scanning and selfies. For example, the Estonian government has a “once-only principle”, which means that if you have given your data to the government once then the same data should not be asked again. Similarly, we should not do biometric passport scanning over and over again if we have done it once already. Standards like ETSI 119 461 and WebTrust for Registration Authorities allow using eID-s for identity proofing to issue certificates and it is already used actively for example in Nordics in use cases where risk tolerance is lower. Yet we are still seeing a huge percentage of electronic signatures made in non-interoperable ways where providers are using their own ways of writing the signer information to the PDF that is not automatically processable nor independently verifiable.eID-s can also help with international recognition. If you have your eID from your home country bank, then why not use the same eID to issue certificates from another country and regulation certificate authority.
There are 200 countries in the world with each having their own regulations. There are regions like the EU, Mercosur (Mercosur is composed of six sovereign member states: Argentina, Bolivia, Brazil, Paraguay, Uruguay and Venezuela (suspended since December 2016); six associated states: Suriname, Guyana, Colombia, Ecuador, Peru and Chile; plus two observer states: Mexico and New Zealand and some others that are already mutually recognizing local Certificate Authorities from member states and many such proposals are in the works. If worldwide mutual recognition is achieved, then it is even more important to make sure that the single eID app that you have would be enough for signing any document no matter where in the world it originates.
If you would like to discuss this further, get in touch with Margus Pala, margus.pala@eideasy.com.