In a previous blog we talked about how strong identities like BankID & eID can be used to digitally sign documents. Today, we go more in depth how to add extra identity to the digital seal encapsulated in a digitally signed document.
For example, a typical use case where a qualified digital seal can be used is e-invoicing. Companies sending out the e-invoices will do so in a digital pdf version signed by a qualified digital certificate that’s been issued to the company name. Because of the verifiable integrity and non-repudiation of a digitally signed document, customers are assured that they are receiving and paying an invoice from the company.
But is that identity information in the certificate enough? Is the consumer happy with the basic static identity information that a certificate provides?
The subject field still captures the same basic information.
CN:Common name, O: Organisation, OU: Organisation unit,
L: Locality, S:State, C:Country
Instead, let’s create a better ecosystem and give the customer the opportunity to check a live company identity database to not only verify which company signed this document but also who owns who.
To do this we’re adding the LEI number in a company seal providing that extra information.
What is LEI and why is it a good extra identity source?
LEI stands for Legal Entity Identifier and is a globally verifiable unique code that confirms your company’s identity and group structure. The number refers to an open Database of company details to verifiable level 1 ‘who is who’ business data and level 2 ‘who owns who’ parental structures. LEIs are updated at least once a year in a live database and could be considered as an improved alternative to the static information given today in multi-year certificates.
Local QGIS (i.e. a local Companies House) give only information about the first level of identity information ‘who is who’ but it’s missing to ‘who owns who’ data that an LEI is providing. They are also limited to just 1 jurisdiction. LEI on the other hand is a global Identity source available in an internationally agreed structured format backed by the G20 supporting ISO standards such as ISO 20275 and ISO 17742.
Today, LEIs are often used to meet an increasing amount of regulation (e.g. MiFID II,MiFIR) and are essential for any company conducting financial transactions worldwide. It gives previously unavailable corporate identity transparency and are used by over a million companies around the world.
LEI is a great additional Identity information source which can be added in signed or sealed documents. The consumer can see live identity data so he or she can immediately identify who signed or sealed that document, who owns who. The document remains valid for the long term. The certificate information will show you the static information of the company information only at the moment of signing. The LEI number will give you the information about who is who and who own who updated regularly so at any time you can consult your document and identify the company that signed the document.
The end goal is clear. We want to improve the ecosystem so that relying parties immediately identify who they are doing business with today and in the past. Adding extra identity to document signing is a step in the right direction to achieve this.