eID
The security level of authentication determines the legal validity of the signature
Zynyo provides all services for advanced and qualified digital signatures. Both are 100% reliable and have the same legal validity as a wet written signature provided certain conditions are met.
In part because the methods used by Zynyo to authenticate signers are sufficiently reliable, the identity of signers is guaranteed and Zynyo's advanced and qualified electronic signatures are reliable and legally valid.
Electronic signature law
In the Netherlands, a document with a digital signature has the same legal validity by law as a document with a wet written signature, provided certain conditions are met. These conditions are laid down in the "law on electronic signatures. This law says that a digital signature has the same legal validity as a handwritten signature, if the method of authentication used in doing so is sufficiently reliable.
Authentication means
An authenticator is a digital key that people use to log on to electronic services. It serves as a security measure so that only the owner of the key can use the service. In the case of digital signatures, authentication means are used to establish the identity of the signers. There are different types of authentication means. And each with a different level of security.
Zynyo supports the authentication means
- iDIN
- SMS-TAN
- DigiD
- Yivi
- eRecognition
- Passport (CheckedID)
- Personalised PKI certificates
- Organisation-specific PKI certificates
Authentication by passport or driving licence
Zynyo offers the possibility to digitally sign documents based on an ID document. Your passport is the highest proof of someone's identity. By verifying the passport and the holder of that passport with the CheckedID app, maximum security is provided at the moment a contract is signed. This ChedkedID app can verify the ID-documents of over 200 different countries. Digitally signing with an ID-document facilitates maximum legal certainty with a worldwide application.
Authentication for qualified signing
The qualified electronic signature uses a qualified personal or organisation-specific PKI certificate to authenticate the signatory.
This certificate guarantees to the highest degree the identity of the signatory. A certificate is issued after physical identification by a body accredited by the Dutch government.
STORK framework
The European STORK framework has been developed for determining the reliability level of electronic identification and authentication. Internationally, we want to be able to compare means of identification and authentication to determine which means from one country can be used to purchase a service in another. In this framework the reliability levels vary from QAA (Quality Authentication Assurance) Level 1 to level 4, where level 4 is the highest reliability level. In the STORK framework, Dutch authentication methods such as DigiD and SMS-TAN have level 2, iDIN level 3 and PKI (Overheid) STORK level 4.
User name and password
User authentication is established through a username and password. This is the most common means of authentication and at the same time the least secure method of authentication.
User name, password and one-time password
The authenticity of the signer is established using a username and password and an additional one-time password (e.g. an SMS on a cell phone, a card or token). Think of electronic banking payments and iDIN.
Authentication based on a PKI certificate
PKI stands for Public Key Infrastructure. A PKI-based person-based certificate is proof to anyone that a public key belongs to a particular person. The person-based PKI certificate is the most secure method of authentication.
Authentication in digital signatures
All three means of authentication can be used in digital signatures. In the advanced digital signature, a PKI certificate is also used. The service providing signing authority then has such a certificate. A step further in security is the qualified digital signature. Then one of the signatories has its own personal PKI certificate. This occurs for example in professionals where the identity must be assured, such as notaries, chartered accountants and mayors.
