Authentication means
The security level of authentication determines the legal validity of the signature
Zynyo provides all services for advanced and qualified digital signatures. Both are 100% reliable and have the same legal validity as a wet written signature provided certain conditions are met.
In part because the methods used by Zynyo to authenticate signers are sufficiently reliable, the identity of signers is guaranteed and Zynyo's advanced and qualified electronic signatures are reliable and legally valid.
Electronic signature law
In the Netherlands, a document with a digital signature has the same legal validity by law as a document with a wet written signature, provided certain conditions are met. These conditions are laid down in the "law on electronic signatures. This law says that a digital signature has the same legal validity as a handwritten signature, if the method of authentication used in doing so is sufficiently reliable.
Authentication means
An authenticator is a digital key that people use to log on to electronic services. It serves as a security measure so that only the owner of the key can use the service. In the case of digital signatures, authentication means are used to establish the identity of the signers. There are different types of authentication means. And each with a different level of security.
Zynyo supports the authentication means
- iDIN
- SMS-TAN
- DigiD
- Yivi
- eRecognition
- Passport (CheckedID)
- Personalised PKI certificates
- Organisation-specific PKI certificates
Authentication by passport or driving licence
Zynyo offers the ability to digitally sign documents based on an ID document. Your passport is the highest proof of a person's identity. Verifying the passport and the holder of that passport with the CheckedID app provides maximum security at the time of signing a contract. The ChedkedID app can verify ID documents from more than 200 different countries. Digital signing with an ID document facilitates maximum legal security with a global application.
Authentication for qualified signing
The qualified electronic signature uses a qualified personal or organisation-specific PKI certificate to authenticate the signatory.
This certificate guarantees to the highest degree the identity of the signatory. A certificate is issued after physical identification by a body accredited by the Dutch government.
STORK framework
To determine the reliability level of electronic identification and authentication, the European STORK framework has been developed. Internationally, we want to be able to compare identification and authentication means to determine which means from one country can be used to purchase a service in another country. In this framework, reliability levels range from QAA (Quality Authentication Assurance) Level 1 to level 4, with level 4 being the highest level of reliability. In the STORK framework, Dutch authentication means such as DigiD level 2 iDIN, level 3 and PKI (Overheid) have STORK level 4.
User name and password
User authentication is established through a username and password. This is the most common means of authentication and at the same time the least secure method of authentication.
User name, password and one-time password
The authenticity of the signer is established using a username and password and an additional one-time password (e.g. an SMS on a cell phone, a card or token). Think of electronic banking payments and iDIN.
Authentication based on a PKI certificate
PKI stands for Public Key Infrastructure. A PKI-based person-based certificate is proof to anyone that a public key belongs to a particular person. The person-based PKI certificate is the most secure method of authentication.
Authentication in digital signatures
All three means of authentication can be used in digital signatures. In the advanced digital signature, a PKI certificate is also used. The service providing signing authority then has such a certificate. A step further in security is the qualified digital signature. Then one of the signatories has its own personal PKI certificate. This occurs for example in professionals where the identity must be assured, such as notaries, chartered accountants and mayors.
