Advanced electronic signature based on authentication

​The E-Signing service include functionality for producing advanced electronic signatures (PKI-based signatures) by use of non-PKI based eID services (typically One Time Passcode or token authentication services).

Nets E-Signing service utilizes the different eID’s authentication service for issuance of a short-term signing certificate. The short-term certificate is used to create a strong PKI-based signature attached to the document. The short-term certificate is issued by a Nets CA. The short-term certificate is valid for 15 minutes and it is only used for this particular purpose. The certificate and a certificate validation (OCSP) are added to the SDO. In this way non-repudiation and integrity protection can be maintained for non-PKI eID services.

Note:  Nets are also offering a possibility for customers to setup their own CA that issues the short-term certificates. For more information, use the Contact us form.

Advanced electronic signature.jpg 

  1. The signer will in its first step be directed to the page showing the document. The document can either be a TEXT or a PDF document. When the signer has read the document he/she will need to click on a “Sign” button. 
  2. The signer is directed to the eID’s authentication service where he/she is prompted for his/hers authentication credentials (similar as a usual authentication). 
  3. When the signer has been authenticated, E-Signing is creating a short-term certificate which is used to get an advanced signature on the document. A SDO is generated if this is the last sign process in the sign order. The signer is redirected back to either a sign ok page or to the customer’s web page.