Unlock eSignature Legitimacy for Drug Testing Consent Agreement in European Union

  • Quick to start
  • Easy-to-use
  • 24/7 support

Forward-thinking companies around the world trust airSlate SignNow

walmart logo
exonMobil logo
apple logo
comcast logo
facebook logo
FedEx logo

Your complete how-to guide - e signature legitimacy for drug testing consent agreement in european union

Self-sign documents and request signatures anywhere and anytime: get convenience, flexibility, and compliance.

eSignature Legitimacy for Drug Testing Consent Agreement in European Union

In the European Union, ensuring the legitimacy of eSignatures on important documents like Drug Testing Consent Agreements is crucial. With airSlate SignNow, you can easily streamline this process and enhance efficiency. Here is a step-by-step guide on how to use airSlate SignNow for signing documents with eSignatures.

User Flow:

  • Launch the airSlate SignNow web page in your browser.
  • Sign up for a free trial or log in.
  • Upload a document you want to sign or send for signing.
  • If you're going to reuse your document later, turn it into a template.
  • Open your file and make edits: add fillable fields or insert information.
  • Sign your document and add signature fields for the recipients.
  • Click Continue to set up and send an eSignature invite.

airSlate SignNow is a reliable solution that empowers businesses to securely send and eSign documents. It offers a great ROI with a rich feature set, perfect for SMBs and Mid-Market. Additionally, its transparent pricing ensures no hidden support fees or add-on costs. With superior 24/7 support included in all paid plans, airSlate SignNow is the ideal choice for organizations looking for an easy-to-use and cost-effective eSignature solution.

Experience the benefits of airSlate SignNow and streamline your document signing process today!

How it works

Select a PDF file and upload it
Add fillable fields and apply your eSignature
Send the document to recipients for signing

Rate your experience

4.6
1646 votes
Thanks! You've rated this eSignature
Collect signatures
24x
faster
Reduce costs by
$30
per document
Save up to
40h
per employee / month

Award-winning eSignature solution

be ready to get more

Get legally-binding signatures now!

  • Best ROI. Our customers achieve an average 7x ROI within the first six months.
  • Scales with your use cases. From SMBs to mid-market, airSlate SignNow delivers results for businesses of all sizes.
  • Intuitive UI and API. Sign and send documents from your apps in minutes.

FAQs

Here is a list of the most common customer questions. If you can’t find an answer to your question, please don’t hesitate to reach out to us.

Need help? Contact support

Related searches to e signature legitimacy for drug testing consent agreement in european union

Free e signature legitimacy for drug testing consent agreement in european union
E signature legitimacy for drug testing consent agreement in european union sample
eu electronic signature
electronic signature regulations
qualified electronic signature vs advanced electronic signature
electronic signature standards
eidas simple electronic signature
qualified electronic signature free
be ready to get more

Join over 28 million airSlate SignNow users

How to eSign a document: e-signature legitimacy for Drug Testing Consent Agreement in European Union

thank you that you are here we are just waiting for some more minutes because there are a lot of participants uh just joining so uh we will get some minutes for everybody to uh to uh to arrive foreign so welcome everybody uh this is the S final webinar and it's really nice to see the the number growing I'm in the number of participants so we are really glad that there is such a such a strong interest in asva I am Anita cardos uh the communication officer at the European University Foundation and I I have the privilege to to host to moderate today's webinar uh the main topic of the webinar will be the asva module uh as you might know it's uh it's a independent electronic signature validation module which is compatible compatible with the system I think that you are to hear about this this module and it's a very special day for us uh because as the project comes to an end uh this is the this is the final webinar which will conclude the the project and now um this is this is time to uh to show you the results of of our work the project has been run almost uh one and a half years um so no it's a it's a big moment for us to share with you uh what we have done um the project was coordinated by the University of Porto and the Consortium was the composed of um the university the the Aristotle uh University uh of Thessaloniki the digital sign from Portugal Amanda University from Noor and the European University Foundation and the project was supported by a coronation facility of of the European Union so um you will you will uh hear more about the project and more about the uh the products uh the products um later during during the webinar so you can expect a a very intensive uh two hour long uh event today with the interactive Parts uh you can see the the agenda of the day on the screen I hope you see it um we will start by by a short introduction uh we would like to give you some context to the uh to the project and why we uh um found why we why did we found it important to um [Music] produced a module like that why it's important to validate electronic signatures uh then you will hear some words about the project itself um and we would also like to show you the concept in details how the estua fits into the Erasmus without paper and um then you will have a demonstration uh on how to use asva it will be a very practical uh part of the webinar with a lot of examples with a lot of interactivity and before the Q a session you will also get some some users feedback the the some words from from the testers and let's say the first users of the of the module you will have the opportunity to ask your questions at the end of the at the end of the webinar uh before uh starting I have to say some technical information first uh during the the webinar please keep your microphone off uh do not to disturb the the presentations you can ask your questions at the end and when there will be some interactive Parts the the the speakers will will give you some instructions have to have to be interactive and the other uh important thing that Please be aware that the webinar will be recorded and and this recording will be shared on YouTube uh later uh to it will be available for for those who who can't be here with us in in person so um we can we can start now and as I said the first uh part of the of the webinar it's a it's a presentation um about the context um explaining why to use electronic signatures and why validate electronic signatures and I asked seraphim Gomez and Ricardo Martins from digital sign to to give their presentation my screen okay hope that everyone is seeing now okay we'll just connected on this wait you are seeing the spin right let's suppose yes yes yes okay so so let's start about the uh start the presentation thank you uh everyone to be present here so my name is rafin Gomes I'm a CTO here in on digital sign so um we are talking about why do you want to to weld it and to expose some key points about the authenticity okay so in these kinds uh kind of um presentation um electronic let's say interchange of information we need also to do something that usually it's done on the let's say the physical world that is signed documents so in electronics we need also to to do some some signatures and to to trust those signatures so how is it how is it done so here basically what we are doing is in in let's say electronic then the world we are putting some data that is bind to some data that we want to to say that we have signed okay so basically this is let's say the the idea of a signature and so there are several kinds of signatures uh there are simple signatures that uh they are let's say um not trustfully trust because they are very simple so they are called Simple so putting just a name on the email just ticking a box of cardboard say my physical signature put it in the word document and transform it in PDF whatever so those are simple signatures that have let's say not a real secure way of buying let's say my signature to that document because everyone our almost everyone is able to to forge my signature okay it's just a way to do a signature but it has not not a secure way to to bind my signature to the information that I've written before so after let's say this simple signature there are something that is called the advanced nature that has a more a little more Security on on the issues so basically in this after this step uh let's say after a simple signature we go to advance and in this Advanced signature usually there is uh issue a certificate to the user that's going to do us interest okay is basically a piece of software that someone issue and to say that surfing is reaching and it's a software that I have in my computer let's say and with that I can let's say try to authenticate myself okay so with this Advanced signature there are some rules to do that and um but basically they have some that's the idea who is signing and uh and technically we can bind let's say some text or something about in the future where I can sign it and then if something has changed on the data that was signed and let's say electronically someone can check that and can detect that something was wrong okay so this is let's say the next step here uh is let's say we have a little problem not a problem but something that has the issue is in advance signature usually um the certificate the skate has let's say something that is called um a key pair that is a private key and a public key and the private key that is let's say something that binds me as let's say the owner of that certificate is star not usually on the computer and we need let's say to make sure that that piece of let's say software that is installed on your computer is just accessed from from let's say to me okay no one else can pick that private key and sign something that is not let's say myself so in that case there are some uh let's say an extra steps of security layer that is the qualified electronic signature so basically in this let's say qualified electronic signature what is done is the the this the private key is held on the hardware device so and in that error address let's say a smart card probably an aid that they are let's get cards from some countries already have let's say an aid that is a certificate and a private key that is on inside let's say that device and with that we can what what we can do the signature is always done in one device uh and it's not uh capable of doing a a clone of that device so if I have let's say an Hardware where I have my private key there is no way that I can have let's say that share to someone else so basically uh this qualifies signatures is let's say the next step where we also give let's say is our security layer on on let's say how the signature is made and to make sure that everyone and trust that so here um meaning that what we have done is we have [Music] um at least let me try to show you some some something else but what we have done is a list of let's say trusted service providers where we can trust let's say that that certificate that was issue is from someone that is capable of doing that and if he says that he has something interesting uh you can trust them and this analytical European commission is equivalent to handwrite it and it's all uh it is recognized and all member states so this is let's say the most secure way of doing signatures um so uh and here let's say there's let's say one of the issues that we want to to make uh let's say uh some difference here that is usually when we sign electronic document probably you already have another another file where you have let's say something like this where have you have let's say a YouTube panel and then you you see all the signatures at the end of the the representation we will show some documents for you to see but meanwhile and uh on that usually the the the the common person uh who doesn't understand what's what's the technical part of all these signatures um we'll just trust what he says here okay and here is let's say the big problem because uh how the computer is let's say configured because some of you have are working on organizations and that organization have can have let's say your computer confused in some way or don't have something that will not let's say the real uh validity of the signature okay so sometimes uh you can see something like this that says all signatures are valid but it cannot be it can be other ones so this is what we intended to like say to put this uh to work where you can double check that and to see some context of the signatures so like I said we have a certificate on this kind of signature okay I'm going to focus now on the qualified certificate okay so we have a certificate we have the content and the issue of that certificate okay and in the qualifier like I said it's important to see where the the the the the signature are made if it's a smart card that is a hardware also this HSM is a hardware it's a server-side hardware the cryptographic device or for instance in advance that is in software so this one what we have let's say in terms of sexual Securities after a private key is created on one of this device that private key cannot be exported on the software it's not like that if I have a private key I can copy it and pass it to another one or if my computer gets compromised they can be export the private keys and then and use them so that's why for the qualified certificates they usually usually and they they use the let's say a cryptographic device to make sure that the private Keys is just one and it belongs to to the person that that that that we are expecting to to to to be signed or something like that so this is let's say the context of example of a certificate okay so a certificate has can have this information publicly so basically it has always the name of the person of the company right here for instance this is a standard so here we can see the organization is digital sign the common name is let's say the name that is on the on the skate and to him to whom is issued and certificate and then some extra information like email for instance is about number of the company someone is internal uh information so this is more or less the the information and this information is sometimes critical when we are validating signature because we want to see who signed it and that that is let's say one of the important steps for doing the validation another it's very difficult for us to to do that kind of validation because we have the signature panel okay so we need to click here we see something like this where do we have let's say the name okay we already have it the name but I want more details I have to click here and to expand this to get this information so it's not let's say straightforward when we see some signatures and we can have several one that we cannot see let's say who sign it and some context information about who sign in okay so um that's one of the problems this is case this case is something that is technically possible to anyone to issue certificates so here we have let's say a trusted list that uh was done presented by aides that uh um that let's say does that role for us what's the problem is I can issue associate to myself saying that I'm for instance Cristiano Ronaldo okay and myself I can do that and if I sign something Cristiano Ronaldo let's say sign send that document but if someone receives that signed document they will see Cristiano Ronaldo but they can they make they need to make sure that let's say if that information is correct that's why there is let's say address at least that will let's say tell us that if that certificate can be trusted and then if that the information that was that is on that certificate is something that is valid or not okay so for you just to make to share this you can use the link but so the there are many countries um that has that have these uh there's at least in here in New York so for instance this is our our example what we we do we can we can issue for instance uh conference certificates for electronic with signatures for these seals that is uh kind of certificate qualified time stamp that is the time for instance in the signatures is important sometimes to have let's say the time of the signature when it was made and if that time is let's say uh something that is from the trust source so it's something that someone didn't change their website with the hour and the computer just sign and to be let's say on time to deliver something for instance okay some other for instance in the check they check the um uh there's a list so there are several several several points where the distance can can check so in validation okay making a little uh resume on that it's important also to check who signed it and if where we can trust that information to check if it's valuable or not so where the signature is made so like I said it's important uh for you to for you to be aware if if you can trust it or not trust let's say this mutual and this is let's say in terms of security is the most I'd say a wanted type of signatures that is the qualified certificate okay so graphic device basically the private key is generated on a device the private key cannot be exported okay the cryptographic device usually needs to let's say to be compliant with with this okay because they are some let's say cryptographic device that allow uh exported private keys but that's why they are they need to compile to some some let's say uh regulations and this let's say confession device this com compliance is one of the things that we need to to to to make sure okay so basically here for instance uh qualified certificates an advanced uh are more or less the same in terms of technically the the big difference is the advance is not or can be not on a qualified service provider okay it's not just the the only difference for instance in the qualified certificate in the events even the let's say the valuation of the information is different okay I'm not focused on that but yes for instance in unqualified certificate every information that goes to the to the to the certificate needs to be confirmed by the issuer of the certificate so that's why for instance digital sign we do the validation of all that information and it's one of our obligation to do that and to visual certificate okay in advance they can have let's say a simple validation that and let's say all the information can not be awkward but yeah and so so I'm ending um here the presentation so what we wanted to to show here is basically the valuation is the important step of doing these signatures also so doing a signature nowadays we can we uh everyone receives sometimes uh signatures uh documents signed by by someone but usually there are always problems on how to evaluate that to check if not say the validation is correct or is not correct so um if you can trust let's say that signatures and if whose sign it is is the let's say the person who who must sign okay so Ricardo I don't know if you have some let's say examples over there probably I will let's say as the word for you to to start um naturally some real documents yeah thank you hello everyone let me try to share the screen also share screen okay I don't know if you guys are addition yeah okay so the the exercise that my name is sorry my name is Ricardo I'm also from digital sign I'm a developer and we helped on this size of projects by creating some validation modules okay and what we want to what I want to do now with you guys is a very brief test so show you some some documents and I'd like to have your input whether they are valid or not they they that they say that I am designer of the document they say that someone signed the document they say absolutely nothing so I wanted to have a feedback from you um for each document and for that if possible I think that you guys can use the the chat feature to say I will show the documents and you guys enter on the chat it is a valid or it is not a valid document okay so to start I have here one document with a handwritten signature my question for you is if you receive this document on your email would you consider it valid or not not valid okay okay I'm I'm with you okay totally right what if we receive a document like this would we consider it valid would we consider it we would be accepted as a document in our in our company or our University or from our student that is on the erasms I can show also here the panel and show you the okay not valid oh let me try to change the resolution to see if it gets a little bit bigger for you so okay is it better so this one looks more more legitimate right let's move on to a third signature so this says that is from digital side well noted but our student can be from digital from Spanish no from Spain I think that has no problem the main the main point is if these documents are legitimate or not if they authenticate the assigner or not no this one not okay this one this one is mine Ricardo Sanchez okay we have some yes okay I'm I'm enjoying your input guys and finally we have a fifth example that it is also signature on my own this one either qualified or not okay what I'm going to show you now is that although the the the otherwise shows us that many of these documents uh are valid they they should they show us the the green check and in some cases you you you you gave me a right answer so actually some of these arguments were not totally valid but others were okay and what we want to show you is why evaluating his signatures is important okay so one of the key component key comp component of this project is exactly the the validator module this document this module can show us so not just looking at the signature and tells us it is good or it is not this document actually inspects the PDF document and tracks if the document was changed if it was not changed who signed it which certificate where the private key is I said if you just spoke a second ago and here we can see a more in detail uh evaluation of the document so for example this last document that I showed yes this one we actually can see that it is a qualified electronic signature so this document actually uh represents my own signature my handwritten on signature the second document that some of you guys said that it was good it is absolutely not good this the second signature Sam said not valid others said that it looked better this is not the net qualified certificate this is an advanced signature I myself created this certificate for my own I customized the image and I signed the document so this signature has absolutely no value foreign the third one that many of you told me that it was not valid it is valid and it is a qualified seal okay this does not authenticate a person this instead of indicates a company more or less that's uh one of the key differences between a signature and a seal but the the end of the story is that the thing that the seal is truth it is it was produced by digital sign and it is a qualified one and finally the last one or this one although it here shows in in a green too this is also not a qualified signature it may look sometimes the other back robot may think it is uh valid but it is not valid okay so this is just a very fast preview of why validating these singers is important why whenever I receive a signed document I should validate against a trustworthy framework like the Azure validation module I hope you you have understood this very brief presentation that I just made and I think and now I can now pass the the word to the next speaker an important part of validation and Francis just wanted to check to say something about the issues where you saw let's say the company nowadays we are seeing a lot of let's say issues by organization because for instance here in Portugal all invoices are the money now to be issued with the qualified issues and if you think a little bit if you receive the invoice with the information to do a payment you want to do that payment to someone that you you trust okay because there are a lot of problems where usual they receive invoice with information to do the payment and they do the payment and they say that's not let's say you know a legit company that made that that that's a request so just want to to give you more a little bit more context because how important is this and if we see there are lots of frauds that usually some of people don't know but it's very important okay so from digital sign now I can share the world okay thank you Anita thank you Ricardo thank you seraphim uh I think that uh I hope that these examples were very convincing that the validating of electronic signature is an issue that we have to deal with uh there are some questions from the audience but I suggest to uh to uh to ask your questions at the at the end of the webinar in the Q a section because we have a lot of presentations and I'm sure that you will have a lot of questions so um at the end of the event we can we can answer all your questions together so now we can go to the other uh to the next presentation uh which is about the project itself so I think that it's clear that there was there is a clear need for for validating electronic signatures and in the next presentation uh you will hear about the process that how we got from the idea to the implementation and what are what are the what are the objectives uh of the project and what what it's it's its scope so I give the floor uh to Philippe address on behalf of the University of Porto uh uh stop your sharing yeah thank you thank you Anita good good morning everyone thank you for attending or as a webinar my name is Philly Bausch I'm speaking on behalf of University of Porto and on behalf of the as well Consortium so let's start um we find out to to develop this as a module because we found a problem very similar to this one related to this question should we address another reader so I will make a short introduction and let's see how we get there so many Administration processes in our education especially those related to the international cooperation are already digital like ewp digitization will become even more common in the future in paperless Solutions simplify and speed up procedures but at the same time they involve the question of authenticity of electronic signatures and the verification of the identity of the signatory so diesel project aims to solve this issue which has been mentioned by several liger education institutions linked to the ewp network and this project intended to develop an independent validation model integrated with Erasmus without paper Network this model will validate electronic signatures and electronic seals of the documents and the data exchange through the uwp network so the esport project was built in plan after holding several conversations with different education institutions connected to the ewp and that's why we get to know Mando de sonici and other agis involved um and these agis are already exchanged student information so they WP Network and they are finding these kind of issues that are raised uh related to the authenticity of the documents so the session for the need of a validation model was a natural consequence of the digital transformation responsible for the flow of millions of digital documents from institutions to institutions every day and as soon as personal and sensitive data start to be exchanged in digital format there was a need to properly verify and validate such information unfortunately although the signatures as we have previously seen on Ricardo's presentation it may look valid at first the signature may not be the one from which we intended to read from and this validation cannot be done by a human eye and with some Difficult by the Acrobat Reader and other tools we cannot do this with another percent off sure so a signature at the first site may look valid but can in fact be a signature issued by an unauthorized machine or entity which the names of the persons we should expect so what is asthma as well is an agnostic easy natural validation mode so capable of integrate with deadlasms without paper but you can use this but without integrated with with Erasmus without paper you can use it instead of using Acrobat Reader or other tools you can drag your documents there you can collect your results and you can ensure that these documents are more secure uh and wife validity signatures because because with this model you'll be capable of verifying the identity of the person that is signing the document this will increase the level of trust and once we are developing this model to be capable of integrating with the wp we will increase the security of the document say exchanged inside the network and of course this is secured uh secured and aligned with Ada's regulation so during the first phase of the module uh um we start to to to extract the data from the electronic signatures uh and verify these data ing data's regulation and its standard we can do this by analyzing not only PDFs but but also xmls and extract the attributes from the signature like the name of the person who signed the role the contacts and any other information that may be present so in the second phase after a build a module that is capable of extracting this data and analyze it we built another piece of software capable of integrate this model with awp network so we can match the information that we extract from the validator with the data that is exchanged inside in the ewp network and with this we can compare if the person who signed is the person that is in charge in a certain AGI a and if the data the signature is valid if it's an advanced or not if the the certificate related to that signature has been revoked or not so we can do a a a number of validations or matches and give this information to to the user so presenting the partners of the project uh we start for the European Foundation University Foundation that is a network of 75 University universities for all from all over Europe focusing in Five Pillars students staff Mobility Digital Library education policy Innovation employability and active citizenship uh relating to agis involved we have University of Porto Aristotle University of Thessaloniki in Mendel University of berno which are all part of the ewp network using different systems these institutions were careful issues and because they are you there's a huge need for the network to validate the data that arrives at their service even before getting to the end user so Mandel and Thessaloniki they are dashboard users but Mendel is migrating now to to a known system and they will have their own note ewbnote and we University of Port we have our own system connected to an ewp node as well so this will be capable to integrate with uh institutions that are using their own systems connected to the awp network and to the institutions that are using dashboard so this diversity allows us to make to make all the tests needed to make sure that the Integrations will work for any egi or organization that wants to use this model regardless of their connection to the awp network so the Targets in the main goals the main target groups were the leaders of the agis the administrative administrative staff the academics and students and for each Target group there were specific goals in mind for the leaders of the agis the validation model will confer special emphasis in the secure digitization of institutional procedures for the academic for the academic or the administrative staff it would allow them to effortlessly verify the authenticity of the signatures as the documents as well General academics will be offered a tool that could help enhance address of the international documentation and lastly but not less important the students the process of validating their paperwork will be effortless quick and intuitive so next finishing steps later on we will have another colleagues from the Consortium presenting about the module and showing how it works and during December we will start with the first phase of launching asba which will be the portal so we will invite everyone or at least the persons that are participating participating in this webinar to start implementing asva on their side the portal so they will be able to test the documents validate these documents and start to extract some data instead of using acrobat readers and other tools or other online tools to evaluate their documents and next after a sort of tests we will develop the or deploy the second part of as well which will be the model that will be capable to integrate this portal this UI and its API with the awp network either it's an ewp node with a known system or a dashboard system so thank you for your time this was this was a presentation about the Consortium and I give the floor to an it again thank you thank you Felipe um yeah so uh I I I hope that this this overview was was useful for all of you and it was highlighted also in this presentation that compared to to other validation tools the the main special feature of the asva module is that it's compatible with Erasmus without paper so this is the main main idea but but how how how it works and uh what's the concept uh behind this idea uh we we will get an Insight uh to this in the in the next presentation so I give the floor to tether us uh Alex Andrew from the University of testaroniki arrest the Aristotle University of testaloniki so tell the floor is yours thank you Anita for the introduction hello everyone thank you all for being here it's it's our pleasure to have you in our final webinar for 2022 let me share my screen so my name is theodos Alexandro I'm working at Aristotle University of saloniki and today I'm going to present you how how does esba module works and fits into the awp network this is the agenda we'll say a few words about the wp Network the SVA module and the available apis inside the ewp network first of all what is the nwp network and the the main purpose of the awp network is to link all higher education institutions so in an overall electronic network network in order to manage Mobility more efficiently exchange information with each other in the code that of student mobilities swiftly and securely improve efficiency of Labor and access to student data across Europe and of course to enable the permanent migration from the paperwork to the electronic world of student data as you can see in the picture we have three institutions of which A and B are in the nwp network and C is not in the awp network we have the main host registry with a catalog which contains all the institutions that are on the network the apis that they have implemented and the the RSA Keys per host we have host one which it might be an institution itself or a third-party provider who covers some universities if institution a wants to communicate with institution B to exchange for example let's say learning agreements with the institution B both of them have to implement the ls apis and publish them in the awp register catalog institution a will ask the main host in WP registry what are the URLs for the LA cpis for institution B the registry will reply back with the URLs and the institutional will send the request to B and will get a response from it which is not the wp network will not be able to communicate with any institution in the nwp and this is an example of the nwp infrastructure where we can see all the institutions within the awp network communicate with each other through the main host the awp registry service awp network has common standards as it knows it's known in the awp specification so that all these institutions exchanging data with each other even if they have different implementations or host and of course the institutions without any Mobility tool can use the wp dashboard now which AI which apis are available in the wp Network and what are these apis the awp network that interconnects a multitude of student information system whether individual universities or third-party providers which represent multiple institutions through the through the use of apis which specifically are the connectors between the network and the users some of these apis are the institutions API which contain the shock code of the University some Irish conducts and of course the list of the Union organizational units the faculties of the institution the their units API has the value has the faculties of a specific Institution API for the is between two institution interstitutional agreements the mobilities apis for the student agreements for example the learning agreements application nomination Etc and the transcript of Records apis what are the documents that we can exchange in the awp network the document could be an XML or a PDF as you can see in the pixel design XML response with a PDF attachment and base64 format and its type of the speed if it's a trust group of Records now let's say a few words about our resver module as Philippe said our module is an agnostically signature validation module capable of integrating with awp network and why we should use this module then WP because we have the capability of verify the identity of the person who size the document because we don't want to know only if the signature is valid we want to know specifically if the person who signed the document is actually the right one the nwp uh and also increasing the level of trust of the document exchange and nwp Network now let's see an example where our module gets in this whole process on the left side is the process of the student and on the right side is the process of an iro in the dashboard let's say that the student wants to to fill his delay and signed in via the whole application one student signs the LA via the awp node and through the awp network iro who is the responsible person of the receiving and the standing institution receive the sign delay in dashboard and is able to manage or sign it now between this process as the module is verifying validates all the electronic signatures in the document not in the learning agreement the document of the learning agreement and checks if the person who signed this agreement is actually the right person in the learning agreement and the institution API Oro units if it's the responsible person okay now inside our module we have two parts the third the first part is the signature verification validation and the second part is the attribute validation and content that check inside the awp we will explain of course these parts more and more detail in the next slide now in the first part of the module we receive the document the signed document PDF or XML and we analyze it because we want to know who signed the document what is the type of the signature cell site qualify the sale or any skills the date of the signature because we want to know if it expired or not and of course if it's valid then passed for example in this picture we have three out of three valid signatures so all this information provides the the asva module part 2. which receives the attribute information for further analysis checking the awp network for a similar information from the PDF to the wp Network establish correlation between the formation we have retrieved from the nwp and the attributes we have in the electronic signature in the PDF from the validated and of course it creates an evaluation report for final trust the level assignment this is an example of we have explained the slides before the document is received we have the part one one analyze the document and check the signature that the electronics signature the PDF the part two take this attributes and check into the aw through the awp network in the institutions API or all units API for the or for for the person who signs the document we create evaluation table and show the information to the end user okay let's see the information that are available in the nwp what information we have about the person's awp on the left side we have the information given by the validator the esva validator for the electronic signature in the PDF file and on the right side we have the information from the apis that are available with WP okay we know that the signature is valid from the validator and qualified but also we want to know as we said also if the signature fields uh in the PDF marks the signature fills in the learning agreement and also the next step the institution API Oro unit I will explain this in more detail let's say let's say this is the receiving institution signature okay uh is valid but is there is there a signature with this attribute with this in in the learning agreement with the same name email or short code yes the receiving signature in the landing agreement is you as you can see has the same attribute this is my signature we have the theodos Alexandro the same name and also the same email and for the last step we have we have the the same attributes using the learning agreement to sign the document but we want to know if this person who signed who signed the learning agreement uh is in the institution API is the responsible person for this institution or the fight so we want to check in the with with the hey ID for example house.gr investitution API if there is a person with this name if there is load we can check also with the old unit ID which is the Fidelity ID in their own units API we can search for this person in the conduct and of course if all matches the signature is valid and the person who cites the document is the right one and the last Slide the the evaluation report presents the Chic natural type as we said if it's a self-assign advanced qualified sealed Etc and the formation that we have retrieved from the nwp the name they mail their own position of the iro the person who has a document the shock code which is unique in the wp and or anything else that's all that's all from me thank you for your attention I will give the floor again to to Anita thank you uh thank you for this uh overview so uh I think that we have now a very very rich uh into the into the background informations of how how this I.T background and how the mechanism works and how asthma is integrated to the ewp and now we will focus on the other side the user side so we will have a a demonstration uh with a very practical approach from the from the user's perspective so your perspective it will be a really interactive session uh has by Bruno Pereira from University of Porto and Ricardo Martins from digital assign and also theodoros will will have a role in this demonstration I saw the question of uh that if the if the presentations will be available and yes they will be available after the after the webinar but now uh we will jump to the to the demonstration okay thank you hello everyone um well I first introduce myself as Anita mentioned I'm Bruno I represent you Porto and I've been developing uh these past few months some of the work done in the esva module and so I wanted to show you what what users can expect when using the the validation module um so to first start off I wanted to review with you what is the roadmap that the asthma [Music] in the context of eswa and it all in the validation module most of the work as theodorus presented this image most of the work is done in this second part so while the first part is basically uh to verify the signatures to verify the the validation of the signatures in the PDF and extract the attributes the second part is indeed the the part where it connects with with ewp so what can we do in this part well the first the first things that we can do here is to analyze the information in the signatures so this is the uh let's suppose that I received a file and this file contains a signature uh first I want to know like who signed it what is the email if the signature expired uh all that like a preliminary analysis of the documents then we need to understand what is the file type that we are handling if it is uh because for example evaluation can be different for the learning agreement can be different for a letter of acceptance and can be different for an interstitutional agreement because the attributes change the valuations change so we need to understand what has one needs to understand what is the document that we are handling uh after that we need to contact the document specific Services of ewp what is that I will explain in a bit a little bit uh later as well as we need to contact ewp to fetch information about the institutions that are present in the signatures of the document and all after we have all this information we have all these matches done then we can generate a correlation with all the collected information and present to the user so step by step first of all analyze the information on file signatures this is a very um straightforward point we receive a document we have for example three signatures uh this was signed by person a by person via by person C they are qualified they are uh Advanced electronic signatures one is from for example Portugal and the other is from the Czech Republic for example uh some if the if if we have the seals it may gives us some hints of what is the shock code of the institution uh and it can also gives us the expiration date and the the idea is that the module will take upon all this and analyze this and create a uh some some messages and some logs for the user to know uh if the the signatures are indeed correct or or not or if they are missing something after this we can understand what file type we are handling because for example if we have a letter of acceptance or an Ola the most accurate API in ewp that contains information that these files may contain is for example The Lax apis well for example if we are handling a transcript of Records then we have a specific API for the transcript of Records so the the why we need to identify this to contact the ewp specific API and fetch the most accurate information so you can make a match uh how the module know what the file type it is well we can do this in Two Steps either the user indicates in the as well I am using an Ola or I am using an iaea or I'm using a tour or we can create a PDF template for each of these file types that the the user can can access and can fill in information and can sign and then submit to as well and whenever receives the document you will know this is since this is a an Ola then I will contact the lazpi and what if I have different files what if I use in my Erasmus and Mobility process different files from the ones that are here present well this is why as also has an awareness component um because we need to push for a standardization in this process of mobilities across Europe if you want to make sure that all the information is standardized everywhere if if there's this homogeneity of information in in the network and in the signatures and the institutions then the closer we are to a more common process in mobilities uh the better the less room for error there is as we can see here we can also then after knowing the file type we can contact the specific service of ewp uh Theo did a good job in explaining what information we can fetch from each API this is ours just some examples for example analysis you can extract information about the haze like the shot codes the associated inter institutional agreement we can extract information about the student that is going to perform the mobility we can extract information about the persons who signed the [Music] the mobility uh and so on and so forth then we can more make even more extended validations for example uh the the the information that is present in the in the learning agreement API may say uh that the person who signed the LA is for example Brun prayer which is me but if I contact the institutions API from ewp maybe Bruno prayer will not be in the contact list of that of that institution so these are some other further more intense verifications we can make uh for example in this case to to make sure if the person who is signing the the learning agreement is indeed the person that is present as a Mobility contact in the in the institution in this case of University of Portland we can also make these validations in the EO units API and check if for that specific faculty if the person within the contact of the learning agreement for example is a person from The Faculty and regardless of the file type that we are having handling like the IAS or dlas we can make this validation because the information will will be also will most likely be present in every other API uh in the end we will have something like this you know we'll have this is what we have in the documents in the signatures of the document and that's this is what we have in the apis and we can we can make matches for example between document and an API or as I mentioned between between apis you know so for example if I have a document and the in the signature I have a designer's name I can compare if this signer's name is equal to the name in the contacts of the institutions API or if it is equal to the name in the context or in the signatures in the LA's uh so we will create like this sort of table uh this sort of uh what matched and what didn't and show to the user so we can have a um an understanding of uh of this uh so this is now a section for the live demo so the live demo will be composed in three steps uh first of all I I will pass the ball to Ricard Martin so we can show you the user interface that has been developed in network and where we can see uh this first section to verify and validate and expect the attributes of the of the signatures then I will show you a module and the validations occurring and then I will pass the ball to fail so we can show you a more practical example in the in integration with the dashboard so I possible to um my colleague Ricardo and thank you for your attention thank you Bruno so let's go back to the Cs validation module screen two okay I will maybe make it a little bit bigger again maybe too much okay so we are we are back to this um to to to the validation module uh I will now go a little bit more in deep what this uh web service can gives to the to the user to that wants to validate a signature I'm not what's right yeah um so first of all and starting by the the signature that we saw previously made by me the qualified certificate okay we have here this summary of the information what what else can the platform give us at any time it can give us details on the certificate okay and the rest of the the answer modules can collect this information from here to know who signed to document the emails some companies nifs or universities all of those informations can be gathered from here okay so this is a first very important step where the where the TS modules can retrieve information about the signer who he really is so in in summer if it says here that this is a qualified signature and it is total pass it means I can trust the data on the certificate in in a resume what else can we see we can see some reports here okay foreign we can see a very brief summary of the the signature okay for example the policy that was used to sign the document it was a qualified policy we can see here for example the certificate chain so where is my certificate holding his trust anchors I can see here that is under qualified say Azure that is the qualified say that is also on the trust list of Europe Union as we spoke earlier uh we can see here signature times and best signature times the best signature time is a very important requisite on a signature it tells us the last uh proof of the existence of a signature okay so this was the last time that the signature was truly a verified all the detailed reports so it is more into these panels we go more into the signature we get okay so this is not important for every user but these are some data that can be used by the as the modules and by the viewer the the user to see why a signature is not okay as this one the qualified total past we don't expect to see anything uh at least relevant around here so everything will be okay but uh when the scissors are not total past we can see here why they are not total past sometimes a crl the crl is is missing sometimes the certificate is revoked sometimes it is not a qualified sometimes we cannot find the ca we will have some examples on this further further later uh in the in that Civilization reports we can see although this is not very uh this is not a common point to to check uh the infrastructure that we are using to validate the signatures is an infrastructure provided by eithers so Adis also gives us this validation report that has the information about the signature the timestamps the seals everything we need to know about the filter okay although this one has everything checked okay if we go to another signature this one for example we can see here some problems so why isn't this signature valid we can check here unable to build certificate chain output trusted list so it means that this this signature was performed as a certificate that we cannot ensure what CA issue that certificate so the signatures classified as an indeterminate age digital signature an advanced one okay for example another thing that I want to call your attention uh no before that this is from the this is from digital sign okay the seal we can see it is a total past also we can see the root as we spoke previously uh we can see here that it is not a signature it is a seal and we have we we can further see the information about the about the seal naturally everything is okay as it is qualified all of these reports can be exported on XML or npdf to cyber to later reuse okay so anytime I issue a a document I can bring it here to the validator to check whether it is valid or not and if you want to save the proof that the document is valid we can export it this exported document will have a Nash a Nash is a unique string that will identify the PDF being verified okay so by doing a Nash on the a Nash operation on the PDF and comparing the Ash with the one presented on these reports we can have a fully trustworthy notion that the document that I have on my end corresponds to the validation document that I have in my other end foreign one thing that I want to catch up with you is this for example we have here a signature that was performed with a qualified certificate but the certificate this private key is not stored in a kscd a seraphin said in the beginning of the webinar it is possible to have certificates that are qualified that are not qualified and we can have the private keys inside kscd module or not or on software there are some certificates that are qualified although their private key is on software not on a Kia CD these types as certificates although they are qualified they produce an advanced signature this is one of the most common ways to or this is one of the most known documents that usually the Adobe Acrobat accepts as valid and here the validator can tells us explicitly the signature is all okay so it is performed correct it has no errors but it is an advanced electronic signature not a qualified one so we cannot say that Melody Castro Valley uh we cannot take him to the court and make him responsible at least as a as a qualified signature can that email this signature foreign we have here the detailed message the private key does not reside in the key SCD at the time of the signature okay uh furthermore well I think it's uh this is all the this is all the the information we can gather also another another notion that um another important thing that the the validator can give us uh I don't have here any example look but I can I can tell you another thing that is very important when we validate the signatures for how long the signature will be valid so usually some certificates have a validity of let's say one here but sometimes you may want to sign a contract and you want him to remain valid for much longer than a year okay this digital is insured by the long-term validation signatures okay and this tool although I don't have here any example on my hand this tool can also check whether the documents are LTV enabled or not so basically when we see here the signature format is on the b b is the Baseline parameter of the signature it means that this signature will expire as soon as the certificate itself expires so if I download my certificate and open I can see here that my certificate will expire on uh 30 March of 2024 from this date on this document will no longer be considered valid okay but if this document was on LTV instead of looking to those to the to the expire date of the certificate I would look to the expired date of the ca that gives you the certificate and many times we can achieve validation times like 10 20 years much more than one year or two this is also very important to to check when we value evaluate the signature because if a user or a student sends a document signed with his certificate and it is on the B format probably that signature will not be valid through the whole process or through the whole time of the Erasmus process I don't know how many times the user can be on Erasmus but there's a possibility that the signature expires very soon and that will invalidate the the process of the rhythmic process of the signature and I think that from the UI it's it's all that it's all that I have to show you okay uh just give me a second Yeah you mentioned the timestamper the actor the the okay can you send me the document on teams because of the vpns anything like that yeah sorry everything yeah so um also uh I mentioned about the the hour time steps if how they can check the [Music] so another another document that I have here so to validate document you can see that I just need to drag him here to the to the UI and this is another certificate this is a certificate issue signed by uh surfing the organization is the digital sign you can see here the entitlement and things like that and we see now here that the patch Baseline LTA is the format of the signature this means that this signature will be valid I believe I can see here at least until 2046 okay so it will be valid as as uh as long as this root CA remains valid another thing that the value that also gives us is the timestamp so when we also perform a signature it is also important to see where the the source of the time was captured it can be either from the local computer of the user so when I perform a simple signature uh or any kind of signature I can have it checking the time locally for example this one was the time was collected locally from the computer by the signing time this one the time was collected by a timestamp service also it may be a qualified or non-qualified timestamp service although ideally it should be a qualified timestamp service this ensures that it is totally impossible to change the date on any signature or anything like that um and this is the the last thing that I have to to show you so how can we check if a mod if a document is actually fully trustworthy and in on its best template it must be a qualified it must have a timestamp and ideally it should be on the LTA format either if it is a signature or if it is a seal uh I think now that everything I don't know if someone wants to add anything okay uh I think we can go back to to Bruno yeah okay everyone you're ready I will then stop the share then um uh then after after we we have the information about the signatures um it's time for us to contact ewp and how will this work so uh it depends I think the main question here is what do I why do I want to contact ewp and what documents can I uh can I send to the validation module it really depends the the reason why we want to contact TWP is that we don't just want to know if the signature is valid if the signature is a spy expired and who signed it we want to know more than that we want to know um why the if the person who signed the document is indeed the right person to to sign the document because sometimes it cannot it may not be it may be a person that is that is not qualified as a net albums and Mobility officer to to sign it and at the first glance having so much Technical and so many attributes um regarding the signatures can be a bit overwhelming for uh for for users with other company that are not obliged to know everything about this but it all depends on the scope that you want uh if you if you just want to know if the signatures have passed if the expiration dates have passed uh you can may just need to look into the simple reporters Ricardo that Ricardo was showing which should help you uh quite a lot you can he can show you just what you what you want if the signature is password or not we'll sign it and who didn't but if you want to know more and you want to consult ewp Network then it's a little bit more tricky because you cannot just send any documents uh DW if you want to contact DWP if you want to contact an institution for example if I if I if I want to contact the University of Porto and ask for information regarding the Mobility I will need to know to to let the employer know what is the mobility and who are the the partners between that Mobility so and that all that information how will esva know uh the if the idea of the mobility and the partner institutions uh this is why we need a a a special PDF this is why we need to to to to create a PDF in which we can specify uh what the information that we want and then sign it so what is the idea here the idea here is that for example if I could in in the demo that I will show that I will show you um we started by creating an agreement between uh you Porto and Thessaloniki uh so we have a Mobility uh on once with a particular IV on one side we have uppt uh your portal and the other side we have unifoundation.tu which is uh the dashboard um that is uh Thessaloniki is representing it and after this agreement was created then we can uh open the PDF fill in the information sign it and send it to as well that way as well we'll contact ewb we'll retrieve information from the already existing agreement and then compare the information so let's take a look at this screen right here so this is just a a way to to a sort of way to to to simulate uh the request that will be made in the in the Indie as well so the first document that I already I already made a request here uh it's this document called test signs and if you if we open this document uh it's this document it's basically just a a string test and a signature and I asked basically the request that I that I made was let's send this file and it is an oily as you can see here in the in the in the top uh it is an Ola and what will ASLA gives us give us the the the asva will give us an answer like this one if we go step by step we can see that we have a collection of logs so for example we have found three signatures one the signature was uh candida which is an advanced electronic signature and this signature still didn't expire but we have an error that is the required PDF Fields were not found so the validation resulted in a in a failure and we can then follow up and see here the information that we fetch from the ewp response as you can see it's all empty and you can also see the information that we retrieve from the signatures or at least inform which is basically what Ricardo showed but this is just what we need you know this is we just for the validation we just needed the the label we just needed we'll sign it we just needed the country the email the organization uh and all that now let's take a look what we if what we what what if we send and more uh compliance as a document we created this document with which as you can see is a bit more complete uh we specified here what is the mobility ID that we created this is a real existing mobility in development uh environment which which is created between your PPT and uni Foundation as you can see it was signed by theodoros that indeed is a part is a person who signed the the this Mobility on the side of only foundation so this should result in a in a in a in a success let's see how this works then I will send requests and this will take a little bit while a little while so we'll uh we do it uh but yeah the the overall of the response that we will um the overall of this response is that the it will contain the the the the collection of the messages it will contain the information that we fetch on both sides and all that um okay let's wait just a second this normally takes a while because he's trying to find uh what is the the the point of entry to the institution what is the uh and contact that point that that URL what is the point of entry what what the other institution and try to find that URL what is the the the the learning agreement the URL what is the institution URL okay I can see here that is almost finishing uh and of course during the future developments of asthma this can be more quick [Music] since this is just a first approach as you can see now we have more information we have that we we found the signature for theodoros that is an advanced electronic signature it did not expire we found the correct mobility in awp with this ID and we can see that we have two signature two signatures in ewp we have this Clara which is institutional coordinator sign the mobility on behalf of your portal and we have theodoros which is the responsible person at the receiving institution that sign the mobility on behalf of uni Foundation however as we can see in the document we only have theodoro's signature so what as we concluded is that we have a warning the sending uh uh Hey person name what that is Clara was not found in the PDF signatures we also have that her email which is this one was also not found in the PDF signatures however we have two successes we found that theodoro's name matched in both the the PDF and the ewp as is the case for his email however since our eyes already mentioned we only have one signature we don't have any information regarding the students in the PDF nor that that can match in PDF and the ewp then we consulted the institutions API and we can we can we can clearly see that we found these contacts for the university for the University of Porto we are here Clara uh we successfully fetch that information and we could conclude these four things we could conclude that the hey ID in the institutions API is the same so we found in DWP upd and is the same in these documents uppt we could find that the institution uh the the role descriptions however is different because on the on the mobilities uh API it's Coronado institutional but on the institutions API it's each institutional coordinator so it's different it is quite the meaning being the same this means that there is an inconsistency between the information in both apis and we can see that the institution contact names in the institutions API contain the the signature name of the LA so I consulted this what this means is I consulted on one side bla response and on the other institutions response and on the LA's response we I could find that the we can I can see here I can find that clutter here signed the sorry here Clara here signed the the mobility and Clara is a contact of the sending hate as mentioned in institutions API so since this there is this much of information we can conclude that clutter that signed the LA is indeed a a correct person um from University of Porto authorized to sign this so then we have a message here to facilitate the users with this information on we found here that a 5 out of 10 matches with the mobilities with the mobility were found in ewp and this was a success and then we have a compilation as I mentioned with all the information uh that we gathered so that the person if they want if the user wants can make a quick analysis and check if everything is okay and what what information was used uh as you can see we have lots of attributes that can be then the of course this will not be immediately shown to the to the user uh as this is uh this is because this is this is a more technical Json um Json response uh this will later be implemented uh as I will show you in a little bit uh implemented in the user interface for example that Ricardo w

Read more
be ready to get more

Get legally-binding signatures now!