Pages

Thursday, August 21, 2025

Signi.com & Electronic Signatures

Foundation – eIDAS Signature Levels

Under EU law (eIDAS 910/2014), electronic signatures can be:

  • SES – Simple Electronic Signature (basic: typed name, click-to-sign, tickbox).

  • AdES – Advanced Electronic Signature (cryptographically bound to the signer, integrity-protected).

  • QES – Qualified Electronic Signature (requires a qualified certificate + secure signing device; legally equivalent to handwritten signature in the EU).

👉 Signi supports SES, AdES, and in certain cases QES (e.g. with BankID or qualified certificates).

SMS-Based Signer Verification

How It Works

  1. Signer Identification

    • Signi asks for the signer’s mobile number.

    • The system sends a one-time code (OTP) via SMS.

  2. OTP Entry

    • The signer enters the OTP on the Signi platform.

    • If the code matches, Signi confirms the signer’s control of that phone number.

  3. Binding to Document

    • Signi records:

      • Mobile number used

      • IP address

      • Timestamp of verification

    • The verification is stored in the audit trail attached to the signed document. 

Signature Level

  • SMS verification alone is considered “Simple Electronic Signature (SES)”.

  • It does not use a cryptographic certificate by default.

  • Legally:

    • SES is sufficient for internal approvals or contracts between trusted parties.

    • SES is not automatically QES or advanced (AdES) — i.e., it may be challenged in court if the signer’s identity is disputed.

3️⃣ Combining SMS with Stronger Methods

  • Some platforms combine SMS verification with cryptographic signatures or BankID:

    • The SMS ensures the signer received the document.

    • The crypto certificate binds the signature to the document securely.

  • This approach increases legal weight, approaching AdES.

4️⃣ Security Considerations

  • Pros

    • Easy to use, no special device required.

    • Lightweight and fast.

  • Cons

    • SMS is vulnerable to SIM swapping or interception.

    • Not legally equivalent to handwritten signatures in most EU jurisdictions on its own.

✅ In short: SMS authentication in Signi is a convenient way to verify signer control, but it doesn’t replace a qualified or advanced electronic signature if strong legal enforceability is required.

 

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)