In Visma Addo our first priority is security. People choose digital signatures for being the most secure type of electronic signature, thus digital signatures differ from a normal signature because digital signatures provide you with the highest level of assurance about the signers’ identity and the authenticity of the documents they sign.
Technical Security Surrounding the Signature in Visma Addo
For a signature to be valid, either digital or physical, the signature must meet the following three basic requirements:
- Signer Authentication
- Content Integrity
These three basic requirements will be described below and also explain how Visma Addo meets these requirements with digital signature.
This requirement stipulates that we have security for signer’s identity. Visma Addo provides different authentication methods i.e. NemID, SMS code, BankID or SITHS to authenticate the signer's identity and demonstrate proof of signing.
To further increase security, when you use Nemid, the unique PID (Personal Identifier) is also printed on the document, assuring that the signer’s certificate is cryptographically bound to the document.
Furthermore, the signed document will always be locked for any changes no matter the signing method, the document has a timestamp with a certificate from a trusted third-party. All the cryptographically signing proofs are embedded in the PDF, in case it should be used to validate the signing in the future.
In Norway and Sweden, BankID is the most widely used solution, and in Denmark, NemID is the most secure way of attaching a digital signature to a physical person. These signing methods are all supported by Visma Addo.
Visma Addo is designed to keep your documents secure and prevent tampering of the documents. When a document is signed using Visma Addo, a unique Visma Addo identification number is printed on the document. Also a “checksum” is created based on the document content including the unique identification number. Visma Addo acts as a kind of notary on the signed document. Every step is captured in a secured audit trail and makes it extremely easy to verify if the signed document has been modified since it was signed. If the document changes after signing, the digital signature is invalidated.
Non-repudiation is important for Visma Addo. In this section, it is explained how non-repudiation is achieved using Visma Addo.
Non-repudiation can be achieved using one of the official public signatures (Nemid, BankID, etc) - either signing directly with a public signature or in combination with other forms of signature in Visma Addo.