Authentication

Two-factor authentication as the release method for the electronic signature

Contact us

What is 2-factor authentication?

What is 2-factor authentication?

Particularly sensitive personal data must be protected when using digital services on the net. The use of 2-factor authentication is suitable for its protection. 2-factor authentication is a security standard for verifying a person online in a two-step process. For example, when logging in as a customer, the person enters a combination of two independent components: factors. The first factor is often based on knowledge. This includes, for example, the person's understanding of a secure password. The second factor, on the other hand, is based on possession or biometrics. This can be either possession of a mobile phone number or confirmation with a fingerprint or Face ID on the smartphone. The second factor provides an additional barrier that makes it more difficult for unauthorized persons to acquire personal data on the network.

Why is two-factor authentication needed for the qualified electronic signature?

The EU Regulation eIDAS and the Swiss Federal Law ZertES require an authentication solution for releasing an electronic signature in a signature application/app. The reference here is the ISO standard EN 419 241-1, which requires that the signing key may be used with a high trust level under the sole control of the signatory. In other words, the requirement states that the authentication solution provider and the trust service provider should protect and secure the process and the protocol so that the signing person can control the signature process. In the technical context, this is also called the Sole Control Access Level (SCAL).
 
Legislation requires a 2-factor authentication, the so-called "SCAL-2," for initiating and releasing a qualified electronic signature. This means a signing person must release a QES with two-factor authentication in the signature process.
 
On the other hand, the advanced signature requires authentication according to SCAL-1, i.e., authentication with only one factor is sufficient to release the signature process. For example, the factor can be guaranteed by possessing an e-mail address or a telephone number.

The signature process with two-factor authentication

Display digital contract

1. Display digital contract

In a signature application, a digital contract is displayed to the person signing it, and they are requested to sign it electronically.

Signature request on the smartphone

2. Signature request on the smartphone

Provided that identification and registration for the signing service have taken place in advance, the signing person receives a request for the registered authentication solution of his smartphone.

Authentication solutions from Swisscom Trust Services

3. Authentication solutions from Swisscom Trust Services

In the authentication solution, the signing person confirms their second factor and thus releases the electronic signature. This can be done in an authentication app by entering a pin or sending an SMS code to the mobile number. Various solutions can be connected here.

Electronic signature on a digital contract

4. Electronic signature on a digital contract

After authentication and approval, the signature application creates the electronic signature on the digital contract/document. In the background, the signature app sends a request with the document's hash to the Swisscom Trust Services trust service. Swisscom verifies the person's signature clearance, issues the signature for the hash, and provides a qualified signature certificate and time stamp. The signature application creates a signed document from the signed hash. The content data of the document is never sent to Swisscom.

Our product portfolio for your electronic signature release solution