Swisscom All-in Signing Service
Swisscom created a service allowing customers to sign legally binding documents electronically. Upon creating the All-in Signing Service, they needed to build the means to authenticate users. Under Swiss law, this registration process required personal identification to ensure the highest signature class (qualified). To do so, they envisioned a process where accredited registration authority (RA) agents would identify users personally and register them. Today this process is based on an application that was developed with the help of Open Web Technology. The RA Agent uses an IOS/Android App to enter the user’s personal information (first- and last name, address, date of birth, email, etc..), photograph the user’s identity card, photograph the user himself and verify the ownership of the provided phone number. The Agent also has the possibility via a web admin tool to see, edit, or remove the repository of registered users.
Open Web Technology was mandated by Swisscom to build the backend architecture of this service and develop the web admin portal. Designing the architecture involved identifying the scope of the project. One challenge was the different characteristics of the process based on the environment it will be used. This need may be client specific (local) where registered users will only be able to sign documents within one limited entity (e.g. bank) or it may be valid on a global scale across multiple services and/or several countries. For legal purposes, the identity storage is managed using a combination of symmetric and asymmetric encryption standards. The asymmetric encryption is used to store the complete user information in one document. Only Swisscom has the ability to decrypt this type of document for regulated audit processes.