Skip to content

Identity Proofing Service under ETSI

Welcome to our Identity Proofing Service under ETSI. This section includes our Trust Service Practice Statement (TSPS) and the Terms & Conditions (T&C) (These T&Cs are also available in Spanish), both compliant with ETSI TS 119 461. This standard is based on ETSI TS 319 401, providing a comprehensive framework for managing and protecting information security, ensuring that our practices and procedures align with the highest international standards.

The TSPS is a key document detailing how we manage and operate our services securely and reliably, ensuring compliance with established security and quality standards.

The T&C describe the access and use of remote identity verification services provided by Veridas for the Client. They outline the verification methods, data protection measures, and the responsibilities of the provider, client, and user, regulating the relationship between the Client and the individual undergoing verification.

Our commitment to these standards reflects our dedication to security, transparency, and continuous improvement. We invite you to review our trust service practices and terms and conditions, showcasing our commitment to the highest levels of security and trustworthiness.

Attributes based on context

Requirements

When it comes to the issuance of qualified digital certificates under the eIDAS Regulation in Europe, security requirements are reinforced due to the critical and sensitive nature of the service. Qualified digital certificates are essential for authentication, signing, and encryption in the context of secure electronic communications, so their handling must strictly comply with high-security standards.

Regulatory Context

eIDAS Regulation: Qualified digital certificates in Europe are regulated by the eIDAS Regulation (910/2014), which establishes requirements for trust in electronic services, including qualified electronic signatures. This regulation defines Certification Service Providers (TSPs) as responsible for issuing qualified certificates.

Attributes

Service providers engaged in the issuance of qualified digital certificates must collect certain personal attributes from citizens to ensure the authenticity and validity of the certificates issued. These attributes are essential to ensure that the certificates are reliable, correctly associated with the citizen, and meet the requirements of the eIDAS Regulation and data protection legislation such as the GDPR.

Attributes that can be Extracted from Identity Documents

  1. Full Name: The full name (first name and surname) is one of the key attributes extracted from any official identity document. This information is essential to uniquely identify the holder of the qualified digital certificate.

  2. Personal Identification Number: Depending on the country and the document presented, the personal identification number can be extracted. This number is essential to link the certificate to a verifiable and unique identity. In Spain, this would be the DNI (National Identity Document) or the NIE (Foreign Identity Number). In the case of non-EU citizens, the passport number may be used.

  3. Date of Birth: The date of birth is another attribute that can be directly extracted from the identity document. This information is used as part of the identity verification of the holder.

  4. Nationality: The nationality of the holder can also be extracted from certain documents, such as the DNI, NIE, or passport. This is relevant to verify the status of the citizen within the jurisdiction where the certificate is being issued.

  5. Issuance and/or Expiration Date of the Document: Although not a personal attribute itself, the issuance and expiration dates of the identity document may be important to validate that the document presented is valid at the time of certificate issuance.

  6. Photograph of the Holder (for biometric comparison): Although not extracted as a direct attribute, the photograph on the identity document is used by the service provider to perform a biometric comparison to ensure that the person presenting the document matches the photograph on it.

  7. Address: Although not a personal attribute itself, it can be used to verify that the citizen resides in the country and cross-check that address against third-party databases.

Types of Documents from which These Attributes Can Be Extracted

Certification service providers must require official and valid identity documents that reliably verify the identity of the certificate holder. These documents must comply with national and international regulations to be accepted. In general, the types of documents that may be requested are:

  1. ID (Identity Document): This is the main identity document, in Spain it's called DNI. The ID includes the full name, identification number, date of birth, photograph, and issuance and expiration dates.

  2. NIE (Foreign Identity Number): For foreign citizens residing in Spain, the NIE is the official document that allows their identification. It includes the identification number, full name, and relevant information of the foreign citizen in Spain. It is considered equivalent to the DNI for foreign citizens.

  3. Passport: Foreign citizens who do not have an NIE, such as those residing temporarily or visitors, can use their passport as a valid identity document. Passports include the full name, passport number, date of birth, nationality, among other details.

  4. Residence Card: In some cases, providers may also accept the residence card or residence permit as an identity document, especially if it is the primary document allowing the identification of the citizen within Spanish or EU territory.

  5. Driving License (in specific cases): In certain situations and depending on the type of certification, service providers may accept the driving license as a complementary document. However, since it does not always contain all the necessary information, it is generally used in combination with another official document (DNI, NIE, or passport).