Achieve Electronic Signature Legitimacy for Affidavit of Identity in European Union

How to eSign a document: electronic signature legitimacy for Affidavit of Identity in European Union

what is eads hi my name is alexis konosage welcome to blockchain state eids is the name of the european regulation of digital identities and electronic signatures it postulates technological neutrality and allows the use of any technology as electronic signature and at the same time it introduced non-reputable qualified electronic signatures based on asymmetric cryptography if alice creates her qualified signature under a legal transaction she cannot deny it she cannot say it wasn't me that gives a counterparty say bob a certain confidence he can interact with alice remotely they don't even need to know and meet each other beforehand a transaction eids especially when we talk about qualified signatures is both a regulatory and technological framework and here is the typical scheme if alice wants to get her digital identity and be able to generate digital signatures to interact with services online and with other people for example with bob she needs to visit dave's office dave is a trust service provider there are many such trust service providers tsp across all european countries and she can choose anyone as they got an official authorization alice needs a protected cryptid device it can be a usb or a smart card she can buy it or dave maybe will give it for free it's a special device the purpose of of it is to securely store alice's private key and to generate digital signatures at this point i have to know that if you think that the digital signature is this or this then you should stop watching this video as i am referring to a cryptographic digital signature if you don't have knowledge about asymmetric cryptography i suggest you watch my educational video first basics of cryptography so dave first verifies that it is truly alice he checks her paper id and then he creates a record in his database and adds his digital signature to this record his signature shows that he is an authorized provider and he verified the identity alice identity the signature leads to a root signature maintained by a special government agency i am simplifying it a bit as in reality there is a hierarchy of authorized cryptographic keys so dave using his authorized private key signs so-called qualified certificate this certificate is based on the x-549 standard technical standard so basically it is a file that keeps alice's public key her name some identification number provided by the government and her date of birth it's a minimum set of personal data ing to the regulation usually the certificate expires in two years after that she will need to visit dave's office again and create a new private and public key with the private key she can sign transactions signing here also means signing up and logging into online services the advantage of this system is that the service provider say some online application doesn't need to check alice's identity when she signs up say on bob's website eids regulation gives bob the legal right to believe data that is stored in that qualified signature in fact this certificate is her digital identity so to log in or sign a legal agreement she had to generate her digital signature which leads to this certificate and here how it works first of all like i said it doesn't matter if it is a legal document or a login on a website in all cases your computer gets a short string a hash sum of a file she needs to sign or a verification string for authentication on a website she takes her crypto device say smart card plugs it into a card reader and the application sends the string to the cryptographic processor on that device the device asks alice her pin code it is the first authentication factor and also the provider sends an sms text with a code which she must input in the application to get through this second factor there can be multi-factor authentication and they can use other channels for verification of your identity not only sms when a provider dave made sure that it was truly alice who wanted to sign it he authorizes the transaction and sends a timestamp i'm simplifying here also a bit as a timestamp provider can be another actor in this system but but here we will think that it's dave when the device gets authorization its cryptoprocessor generates a digital signature it's an encrypted string that her computer sends to bob's servers as a reply then bob's system requests alice qualified certificate from dave extracts her public key from it and decrypts this digital signature and in fact if it can be decrypted it proves that it was created with the private key that belongs to alice no other public key will be able to decrypt it because private and public keys are mathematically connected and because dave verified alice's identity and authenticated at the moment of signing bob now can be sure that he is dealing with alice what does happen if alice's private key is stolen alice calls dave and asks him to make her public key invalid to to market invalid so if eve got that key and somehow managed to use it to generate a digital signature bob when requesting lss certificate will see that it was invalid so whatever eve is signing with this key doesn't make any sense nobody will trust these signatures that's it i hope it is clear now that the digital identity and the digital signature are two sides of the same metal if you like the video hit like and subscribe see in the next video [Music]