Swisscom All-in Signing Service
In 2017, Swisscom created a service allowing customers to sign legally binding documents electronically. Upon creating the All-in Signing Service, they needed to build the means to authenticate users. Under swiss law, this registration process required personal identification to ensure the highest signature class (qualified). To do so, they envisioned a process where accredited registration authority (RA) agents would identify users personally and register them. Today this process is based on an application which was developed with the help of Open Web Technology. The RA Agent uses an IOS/Android App to enter the user’s personal information (first- and lastname, address, date of birth, email,etc..), photograph the user’s identity card, photograph the user himself, and verify the ownership of the provided phone number. The Agent also has the possibility via a web admin tool to see, edit or remove the repository of registered users.
Open Web Technology was mandated by Swisscom to build the backend architecture of this service and develop the web admin portal. Designing the architecture involved identifying the scope of the project. One challenge was the different characteristics of the process based on the environment it will be used. This need may be client specific (local) where registered users will only be able to sign documents within one limited entity (e.g. bank) or it may be valid on a global scale across multiple services and/or several countries. For legal purposes, the identity storage is managed using a combination of symmetric and asymmetric encryption standards. The asymmetric encryption is used to store the complete user information in one document. Only Swisscom has the ability to decrypt this type of document for regulated audit processes.
Visualize all companies utilizing the platform
This tab is the starting point of the admin console where one can see all the companies using the platform. This is also the place where the admin can add new clients (only the company not the user themselves). Adding a user is done by the agent through the mobile app.
Visualize the agents and their expertise
This tab displays all the agents eligible for registering new users. Their role, assurance level and the customer(s) they are responsible for.
Search for users based on their phone number
The admin can search for users based on their phone number. The level of assurance, evidence id, creation date, serial mobile number, name, validity, ID expiry, and status are displayed.