The question that often arises is? “Can digital signatures be forged, or used by unauthorized persons?” Unlike ‘wet’ signatures, which can be easily imitated and misused by unauthorized individuals, digital signatures (TTE) have multiple layers of security to prevent and eliminate their use by unauthorized individuals. TTE also feature convenient user-ready verification, and time and location of execution, and it is not difficult to prove their authenticity, unlike wet signatures.
A TTE contains the following layers of security:
The TTE is executed using an “electronic certificate” issued by an Electronic Certificate Provider (PSrE). The PSrE serves to guarantee that the electronic certificate matches the user's identity and can only be executed by the registered user. VIDA uses Identity Verification technology with the most advanced biometric technology based on official national population data, which makes for a fast, secure and easy identity verification process.
The TTE contains an audit trail in the form of electronic data records that show when the document was opened, viewed and signed. VIDA also records the methods and platforms used.
When a document is signed, it is secured with Public Key Infrastructure (PKI), a technology that is becoming a standard in the TTE industry. This technology will show that the document is original, and has not been tampered with since the TTE was executed.
When a user wants to make a TTE, VIDA as PSrE is required to carry out an authentication process to ensure that the TTE was executed by the user. VIDA applies biometric-based authentication technology equipped with liveness detection to eliminate identity fraud.
TTE service providers offer various options for verifying identity before users can execute the TTE, such as email, mobile phone or ID-based verification.
The identity verification process carried out by VIDA has a higher level of certainty by verifying identity data using more comprehensive data, in the form of:
Verification of this standard data includes verification of phone numbers, emails and emails.
VIDA verifies user data based on population document data (KTP) to ensure that the documents used are actually the property of the registered user.
After verifying the user’s ID document, VIDA also cross-checks the user’s data as recorded in the government-owned census records.
In addition to verifying users’ personal data, VIDA performs biometric verification - unlike other TTE providers - by comparing the user's biometrics with biometric data recorded in the national census records. This biometric verification also features liveness detection, which is useful for detecting that the user is genuine.
Through the various layers of verification carried out by VIDA, VIDA guarantees that the issuance of electronic certificates will only be issued by authorized users and with officially registered identities.
Security is the main function of a TTE, and VIDA has implemented multiple security protocols that have become global industry standards backed by globally recognized security certifications:
An internationally recognized certification and standardization in Information Security Management
An internet transaction security certification
VIDA is the first PSrE in Indonesia to receive Webtrust certification
A consortium of industry players and academic organizations to implement digital-signature security standards in the cloud to meet global compliance standards
VIDA is the first Indonesian member of the Cloud Signature Consortium
VIDA is the only and the first PSrE to achieve Trust Service Provider status for the provision of digital signatures supported by an electronic certificate to software industry leaders such as Adobe, Docusign and emSigner