In 2017, Swisscom Trust Services created a service allowing customers to sign legally binding documents digitally. Upon completing the Signing Service, they needed to build a method to authenticate users. Under Swiss law, this registration process required a personal encounter to ensure the most robust signature. To do so, they envisioned a process where accredited registration authority (RA) agents would personally identify and register prospective users. They do so today using a digital tool that Open Web Technology (short: OWT) helped develop. The RA agent uses an IOS/Android App to enter the user’s personal information (first- and last name, address, date of birth, email, etc..), photograph the user’s identity card, photograph the user himself, and verify that the phone number provide is indeed associated to the user. The RA agent can then view the repository of clients registered through a web admin portal. They can also choose to edit a user’s information or remove a user.
Open Web Technology was mandated by Swisscom Trust Services to build the backend architecture of this service and construct the web admin portal. Designing the architecture first involved determining the scope of identification possibilities. Indeed the registration process only occurs based on a specific need. This need may be client specific (local), where registered users can only sign documents within one limited entity (e.g., a bank). Elsewise, it may be valid globally across multiple services and several countries. For legal purposes, identity storage was managed using a combination of symmetric and asymmetric encryption. Asymmetric encryption is used to store the entirety of the user’s information in one document. Only Swisscom Trust Services can decrypt this type of document solely used for legal purposes. OWT’s software uses symmetric encryption to match a claimant with a registered user.