Stay informed about the latest updates on pan-European regulations and laws and their impact on digital trust service provider
Working with a signature platform TSP and PaaS provider offers many benefits, including improving the quality, efficiency, and security of their signature solutions, increasing the confidence of...
In the case of electronic signatures, an integrated solution can help solve these problems by digitizing process gaps and speeding up and simplifying document processing.
Electronic signatures are an essential part of the digital transformation for the fintech and banking industry. Electronic signatures can help improve the efficiency and accuracy of processes such as...
A TSP for SaaS providers offers many benefits, including improving the quality, efficiency, and security of their signature solutions, increasing the trust of their customers, and reducing risks.
The technical integration of trust solutions in a signature platform offers cloud providers many advantages, e.g. scaliability, latest security standards or standardized APIs.
Enterprises and ERP providers face complex technical challenges, such as company size or internationalization, when implementing e-signature solutions and integrating a TSPs.
Financial service providers can boost conversion rates by seamlessly integrating trust solutions and efficiently navigating compliance requirements.
The technical integration of TSP's digital identity and e-signature solutions enables SaaS and PaaS providers to comply with the latest security and interface standards.
Discover future-proof technological solutions and innovations for your business success.
In our Help Center, you will find the answers to our frequently asked questions.
This section will offer exciting interviews and discussions from various sectors, such as finance, HR, and health. Our experts describe the current challenges in their fields, provide compelling...
Our customers and partners have successfully streamlined their processes and digitized the final step to legally valid contract conclusion. Find out how they benefit from our digital identity, secure...
Learn what an electronic signature is
What types of electronic signatures there are
How to sign a document electronically
The embedded e-signing platform Smart Registration und Signing Service provides qualified and advanced electronic signatures for the EU jurisdiction.
The embedded e-signing platform Smart Registration and Signing Service offer a combined solution of identification and one-time e-signatur for KYC-processes in the European jurisdiction.
The embedded e-signing platform Smart Registration and Signing Service provides qualified and advanced electronic signatures for the Swiss jurisdiction.
The embedded e-signing platform Smart Registration and Signing Service offer a combined solution of identification and one-time e-signatur for KYC-processes in Swiss jurisdiction.
The embedded e-signing platform Smart Registration and Signing Service offer identification via valid Swiss mobile number and advanced electronic signtuare in Switzerland
Learn what an electronic seal is here
What types of electronic seals there are
How a company successfully seals electronically
The embedded e-sealing software Smart Registration and Signing Service provides regulated electronic seal for Swiss public authorities in accordance with ZertES and TAV.
The reptetive e-sealing solution Smart Registration and Signing Service provides regulated and advanced electronic seals for organizations in the Swiss jurisdiction
The embedded e-sealing solution Smart Registration and Signing Service provides qualified and advanced electronic seals for organizations in the European jurisdiction.
Learn what an online identity check is
What current identification methods are available on the market
What the areas of application and advantages of online identification are
The embedded e-signature platform Smart Registration and Signing Service offers a wide range of identification methods to register for eIDAS-compliant e-signatures.
The embedded e-signature platform Smart Registration and Signing Service offers a wide range of identification methods to register for ZertES-compliant e-signatures.
Simple and intuitive Face-2-Face identification hub solution for businesses to register people for electronic signature.
Learn what two-factor authentication is
Why it takes an authentication solution for the electronic signature
The embedded e-signature platform Smart Registration and Signing Service provides a diverse array of authentication methods for approving electronic signatures.
Explore our range of e-signature and e-seal service packages for partners, SMEs, and enterprises. Choose from various packages tailored to your needs.
Here are the frequently asked questions about our products and services.
On our Dev Hub, you will find all the essential information about using the interfaces provided by Swisscom.
Our GitHub page contains Postman examples and four Java/C#-based clients for the signature service that use the iText/PDF Box libraries and the signature service wiki.
In our repository, you will find the documentation on Swisscom CA and PKI, our CP/CPS, and terms of use.
Here you will find a selection of PDF Library providers that support the interfaces provided by Swisscom.
You can inform Swisscom about potential security vulnerabilities here.
You are welcome to contact us via the support page.
Please visit our Help Center.If you can't find an answer to your question, please don't hesitate to contact our support team.
Our products are integrated into ready-made digital customer solutions, enabling processes without media discontinuity. Here is an overview of our solution partners.
Discover how customers are benefiting from our digital identity, secure authentication, and e-signature solutions and services. Our customers are active in various industries
Our partner log-in area is aimed at our solution partners.Are you still waiting for a partner log-in? Get in touch.
Swisscom Trust Services is a leading provider of trust services and provides qualified electronic signatures in the legal areas of the EU and Switzerland.
We are a team of more than 30 experts providing innovative, complete, compliant, and easy-to-integrate identity-based and electronic signature services.
The European Signature Dialogue is an association of the most important European providers of electronic signatures.
Today, the registered association Bitkom represents more than 2,000 member companies - including around 1,000 high-performing SMEs, over 500 innovative tech start-ups, almost half of the 40 DAX...
With around 1,000 member companies, eco is Europe's largest Internet industry association. Since 1995, eco has been instrumental in shaping the internet, promoting new technologies, creating...
The Competence Center for Applied Security Technology, CAST e.V. offers a wide range of services in the security of modern information technologies. It is the contact for IT security issues.
The Bundesverband IT-Sicherheit e.V. (TeleTrusT) is a competence network comprising domestic and foreign members from industry, administration, consulting and science, and thematically related...
We seek experts with an exciting track record who want to contribute to our growth.
In this section, you will find our press contact, the latest press releases, company information, and media content for download.
Stay informed about the latest updates on pan-European regulations and laws and their impact on digital trust service provider
Working with a signature platform TSP and PaaS provider offers many benefits, including improving the quality, efficiency, and security of their signature solutions, increasing the confidence of...
In the case of electronic signatures, an integrated solution can help solve these problems by digitizing process gaps and speeding up and simplifying document processing.
Electronic signatures are an essential part of the digital transformation for the fintech and banking industry. Electronic signatures can help improve the efficiency and accuracy of processes such as...
A TSP for SaaS providers offers many benefits, including improving the quality, efficiency, and security of their signature solutions, increasing the trust of their customers, and reducing risks.
The technical integration of trust solutions in a signature platform offers cloud providers many advantages, e.g. scaliability, latest security standards or standardized APIs.
Enterprises and ERP providers face complex technical challenges, such as company size or internationalization, when implementing e-signature solutions and integrating a TSPs.
Financial service providers can boost conversion rates by seamlessly integrating trust solutions and efficiently navigating compliance requirements.
The technical integration of TSP's digital identity and e-signature solutions enables SaaS and PaaS providers to comply with the latest security and interface standards.
Discover future-proof technological solutions and innovations for your business success.
In our Help Center, you will find the answers to our frequently asked questions.
This section will offer exciting interviews and discussions from various sectors, such as finance, HR, and health. Our experts describe the current challenges in their fields, provide compelling...
Our customers and partners have successfully streamlined their processes and digitized the final step to legally valid contract conclusion. Find out how they benefit from our digital identity, secure...
Learn what an electronic signature is
What types of electronic signatures there are
How to sign a document electronically
The embedded e-signing platform Smart Registration und Signing Service provides qualified and advanced electronic signatures for the EU jurisdiction.
The embedded e-signing platform Smart Registration and Signing Service offer a combined solution of identification and one-time e-signatur for KYC-processes in the European jurisdiction.
The embedded e-signing platform Smart Registration and Signing Service provides qualified and advanced electronic signatures for the Swiss jurisdiction.
The embedded e-signing platform Smart Registration and Signing Service offer a combined solution of identification and one-time e-signatur for KYC-processes in Swiss jurisdiction.
The embedded e-signing platform Smart Registration and Signing Service offer identification via valid Swiss mobile number and advanced electronic signtuare in Switzerland
Learn what an electronic seal is here
What types of electronic seals there are
How a company successfully seals electronically
The embedded e-sealing software Smart Registration and Signing Service provides regulated electronic seal for Swiss public authorities in accordance with ZertES and TAV.
The reptetive e-sealing solution Smart Registration and Signing Service provides regulated and advanced electronic seals for organizations in the Swiss jurisdiction
The embedded e-sealing solution Smart Registration and Signing Service provides qualified and advanced electronic seals for organizations in the European jurisdiction.
Learn what an online identity check is
What current identification methods are available on the market
What the areas of application and advantages of online identification are
The embedded e-signature platform Smart Registration and Signing Service offers a wide range of identification methods to register for eIDAS-compliant e-signatures.
The embedded e-signature platform Smart Registration and Signing Service offers a wide range of identification methods to register for ZertES-compliant e-signatures.
Simple and intuitive Face-2-Face identification hub solution for businesses to register people for electronic signature.
Learn what two-factor authentication is
Why it takes an authentication solution for the electronic signature
The embedded e-signature platform Smart Registration and Signing Service provides a diverse array of authentication methods for approving electronic signatures.
Explore our range of e-signature and e-seal service packages for partners, SMEs, and enterprises. Choose from various packages tailored to your needs.
Here are the frequently asked questions about our products and services.
On our Dev Hub, you will find all the essential information about using the interfaces provided by Swisscom.
Our GitHub page contains Postman examples and four Java/C#-based clients for the signature service that use the iText/PDF Box libraries and the signature service wiki.
In our repository, you will find the documentation on Swisscom CA and PKI, our CP/CPS, and terms of use.
Here you will find a selection of PDF Library providers that support the interfaces provided by Swisscom.
You can inform Swisscom about potential security vulnerabilities here.
You are welcome to contact us via the support page.
Please visit our Help Center.If you can't find an answer to your question, please don't hesitate to contact our support team.
Our products are integrated into ready-made digital customer solutions, enabling processes without media discontinuity. Here is an overview of our solution partners.
Discover how customers are benefiting from our digital identity, secure authentication, and e-signature solutions and services. Our customers are active in various industries
Our partner log-in area is aimed at our solution partners.Are you still waiting for a partner log-in? Get in touch.
Swisscom Trust Services is a leading provider of trust services and provides qualified electronic signatures in the legal areas of the EU and Switzerland.
We are a team of more than 30 experts providing innovative, complete, compliant, and easy-to-integrate identity-based and electronic signature services.
The European Signature Dialogue is an association of the most important European providers of electronic signatures.
Today, the registered association Bitkom represents more than 2,000 member companies - including around 1,000 high-performing SMEs, over 500 innovative tech start-ups, almost half of the 40 DAX...
With around 1,000 member companies, eco is Europe's largest Internet industry association. Since 1995, eco has been instrumental in shaping the internet, promoting new technologies, creating...
The Competence Center for Applied Security Technology, CAST e.V. offers a wide range of services in the security of modern information technologies. It is the contact for IT security issues.
The Bundesverband IT-Sicherheit e.V. (TeleTrusT) is a competence network comprising domestic and foreign members from industry, administration, consulting and science, and thematically related...
We seek experts with an exciting track record who want to contribute to our growth.
In this section, you will find our press contact, the latest press releases, company information, and media content for download.
Entering passwords are the biggest source of frustration when logging in online. According to a recent study comissioned by Okta, 65 percent of consumers feel overwhelmed by managing countless username-password combinations. The study also states, 75 percent of consumers want more control and self-management of their personal data. Requests to renew passwords and high demands on length and complexity add to the frustration. The most popular way out for users, according to the Okta survey, is to log in via social accounts.
On the one hand, there is the fear of large tech-providers expanding their quasi-monopoly on the internet. On the other hand, such an account becomes a kind of master key for a user's most diverse online applications. If criminals get hold of these credentials, they can cause great damage. Passkeys are an alternative option that is convenient for users and is very secure.
In general, a passkey is a method of passwordless authentication. Instead of a Shared Secret between service provider and user, which is what the password represents, passkeys use asymmetric cryptography. The user keeps a private key on his or her personal device and the service provider receives the corresponding public key as part of the registration process for a new account. The authentication works in way that the user receives a data packet, a so-called challenge, from the provider for signature. Then, the user signs this challenge with his or or private key. If the provider can decrypt it, the key pair belongs together and the user is authenticated.
These passkeys have many advantages. First, this solution is much easier and more convenient for users than passwords. All processes run automatically in the background and users do not have to become active themselves. They no longer have to enter passwords and user names, and consequently no longer have to remember passwords and regularly come up with new ones when they've forgotten them. Login processes are tremendously simpliyfied everywhere on the internet. Passkeys also have an advantage for online service providers. Up until now, many users have been put off by the constant creation of new user accounts with new passwords. For those who do not want to use password managers or log in with Google, Apple and others, passkeys are a simple and very secure alternative.
In addition, the lack of a shared secret also means that no valuable passwords can be captured in the event of an attack on the provider's server, but only worthless public keys. The connection between public and private key is established via complex mathematical questions that are difficult to reverse. The complexity is set so high that even with powerful computers it is not possible to calculate a private key from a public key in real time. Last but not least, passkeys are the best protection against phishing. Criminals have nothing to gain. After all, their attacks are aimed at capturing the shared secret, which is omitted when passkeys are used.
In theory, the process sounds very plausible. But when you think about its use in everyday life, a lot of questions arise. For example, with a user name and password, you can log into your own e-mail account from any internet café in the world. Whether this is recommended from a security point of view remains to be seen - but it is possible without any problems. This is not possible in the same way with a device-bound procedure such as passkeys. But there is a fairly simple workaround: you simply use a smartphone as a central repository for the keys. Of cousre, you must equip your smartphone with strong security mechanisms, such as a fingerprint sensor or other biometric features. Authentication on any device works only when user scan a QR code from the device's screen with their phone when logging in, unlocking it and thus triggering the passkey process.
Of course, you can lose, destroy, or get your mobile phone stolen. If that's the case, you need recovery procedures in place or a reset oppportunity for your account. This can work, for example, via another account, similar to when you forget a password today. Google and Apple have set up synchronisation mechanisms on their systems that keep all smartphones and tablets in sync with regard to the used passkeys, without Google or Apple getting hold of them. The private key always remains on the device.
Almost everywhere on the internet where new accounts are created today, a new digital identity is created that is not linked to the real identity of the user. Technically, it is of course possible to draw conclusions about who is behind a certain user name. However, an initial link between real and digital identity does not usually take place on the internet. In some cases, this is exactly a requirement, for example when opening an online banking account or using qualified electronic signatures. Could you also use passkeys for these applications?
The answer is yes, because the authentication means plays no role at the technical level for the link. In these cases, providers such as banks or trust service providers must check the identity of new users according to legally regulated procedures and create a secure digital record linked to it. Which procedure (password + multi-factor authentication or passkey) the users then use to log in to the service or approve an e-signature is irrelevant. Swisscom Trust Services has already approved the passkey procedure for the use of its e-signatures and is already using it with a partner solution. To activate the passkey, all that you need is a fingerprint, face recognition or a PIN, which you already use for unlocking your smartphone or laptop.
The use of passkeys very interesting, to trigger e-signatures in environments or IT-infrastructure where mobile phones are prohibited for data security reasons or SMS cannot be delivered. In today's common methods, the mobile phone is used as a second factor to trigger the signature. This method is accordingly problematic in critical areas such as highly secure data centres, shielded production facilities or similar environments. With passkeys that are either directly on devices or on separate data carriers (e.g. USB stick), users could also sign there with a qualified electronic signature.
09.10.2024
Read blog post
03.10.2024
Read blog post
29.08.2024
Read blog post
29.08.2024
Read blog post