Signed statement

925 views May 2, 2019 May 9, 2019 2

Signicat Signature with signed statement enables the end-user to use a supported ID method to digitally sign a short text statement. The statement expresses the end-user’s consent for the contents of one or several, separate documents to be signed, and is constructed in such a way as to include the description of the documents or their title. The end-user only needs to sign once, regardless of the number of documents.

For ID solutions that support non-visible properties as part of the data to be signed, a data structure containing cryptographic digests of the documents to be signed is also included. This further enhances the connection between the documents to be signed and the signed statement.

The signed statement, as well as each original document, audit trails, and other evidence collected during the signing ceremony, is combined into an LTV-SDO (Long Term Validation extended Signed Data Object) which is then digitally sealed by Signicat. One LTV-SDO is created for each original document.

From the end-user’s perspective, providing a signed statement is not much different from signing a document. The documents can be viewed as usual in Signicat’s signing solution, the only difference is that the user will be asked to confirm that they have read a statement and agree with it before entering their credentials. It might look something like the image below (this example is specific to Norwegian BankID).

Different levels of Signicat Signature

  1. Direct authentication-based signature
  2. Simple signed statement
  3. Signed statement with non-visible properties

Common for all these levels is that the main piece of evidence (SAML response, Signed Statement) is combined with other pieces of evidence into an LTV-SDO and digitally sealed by Signicat. For more information about sealing, see Get started with long-term validation.

Was this helpful?