Дослідження електронного підпису як елемента цифрової ідентичності

Ivanna Khomych; Anastasiia Shvets; Solomiia Soroka; Roman Kuten

doi:10.33445/sds.2025.15.3.17

Ivanna Khomych Lviv Polytechnic National University https://orcid.org/0009-0005-3307-6276
Anastasiia Shvets Lviv Polytechnic National University https://orcid.org/0009-0008-5148-761X
Solomiia Soroka Lviv Polytechnic National University https://orcid.org/0009-0001-8124-647X
Roman Kuten Lviv Polytechnic National University https://orcid.org/0000-0002-5688-2976

DOI: https://doi.org/10.33445/sds.2025.15.3.17

Keywords: Electronic signature, Digital identity, qualified electronic signature, authentication, content provenance

Abstract

Purpose: to identify the key technical and legal mechanisms that ensure the reliability of electronic signatures as a component of digital identity, particularly their ability to guarantee user authentication, document integrity, and the legal validity of signatures. Special attention is given to the role of qualified trust service providers, the protection of private keys, and the potential use of electronic signatures to combat misinformation.

Method: comparative analysis of legal and technical frameworks.

Findings: The study revealed significant differences between electronic signature approaches in the USA and the EU: in the USA, legal validity is based on the signer’s intent, while in the EU it relies on high security standards and qualified electronic signatures (QES) equivalent to handwritten ones. Ukraine has integrated the European model by adopting the qualified electronic signature (QES), compliant with eIDAS, ensuring the legal validity of digital identity. Qualified trust service providers ensure user identification, key protection, and certificate revocation, minimizing risks. It was found that QES is effective in combating disinformation by guaranteeing authenticity, integrity, and non-repudiation. The implementation of AI and international interoperability are key to advancing digital identity development.

Theoretical implications: The study consolidates digital identity and e-signature definitions across NIST, eIDAS, and Ukrainian frameworks, bridging technical standards with legal interpretations into a unified perspective.

Practical implications: Electronic signatures are effective tools for user authentication, verifying document integrity, and combating misinformation by authenticating the source of content.

Value: The study highlights the dual significance of the Qualified Electronic Signature (QES) as both a legal instrument and a cybersecurity tool and reveals its role in ensuring the authenticity of digital content.

Future research: Future work should explore biometric integration, AI-driven signature verification, and cross-jurisdictional interoperability of e-signature systems.

Papertype: theoretical.

Downloads

Download data is not yet available.

References

National Institute of Standards and Technology. (2017). Digital identity guidelines (NIST Special Publication 800-63-3). Available from : https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63-3.pdf

European Parliament and Council of the European Union. (2014). Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS). Available from : https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32014R0910

On electronic identification and electronic trust services: Law of Ukraine dated 05.10.2017 No. 2155-VIII [Electronic resource]. Available from : https://zakon.rada.gov.ua/laws/show/2155-19#Text

Digital identity / Educational module on the portal “Diya.Osvita” [Electronic resource]. Available from : https://it-osvita.diia.gov.ua/educational-unit/1.1_cifrova_identichnist

United States Congress. (2000). Electronic Signatures in Global and National Commerce Act (ESIGN Act). Federal Deposit Insurance Corporation (FDIC). Available from : https://www.fdic.gov/resources/supervision-and-examinations/consumer-compliance-examination-manual/documents/10/x-3-1.pdf

European Telecommunications Standards Institute. (2016). Electronic Signatures and Infrastructures (ESI); Policy and security requirements for Trust Service Providers issuing certificates; Part 1: General requirements (ETSI EN 319 411-1 V1.2.2). Available from : https://www.etsi.org/deliver/etsi_en/319400_319499/31941101/01.02.02_60/en_31941101v010202p.pdf

Organisation for Economic Co-operation and Development. (2009). The role of digital identity management in the internet economy. Available from : https://www.oecd.org/sti/ieconomy/42753181.pdf

Cloud Signature Consortium. (n.d.). Technical Committee. Available from : https://cloudsignatureconsortium.org/about-us/technical-comittee/

Content Authenticity Initiative. (n.d.). Content Authenticity Initiative. https://contentauthenticity.org

On time. (n.d.). What is an electronic signature? Available from : https://vchasno.ua/en/shcho-take-elektronnyi-pidpys/

Nguyen, T. H., Do, T. T., & Nguyen, N. T. (2023). Various factors affecting the implementation of digital signature technology in organizations. Sustainability, 15(6), Article 5008. Available from : https://www.mdpi.com/2071-1050/15/6/5008

On electronic digital signature: Law of Ukraine dated 22.05.2003 No. 851-IV [Electronic resource]. Available from : https://zakon.rada.gov.ua/laws/show/851-15#Text

Cybersecurity and Infrastructure Security Agency. (n.d.). Understanding digital signatures. Available from : https://www.cisa.gov/news-events/news/understanding-digital-signatures

XtraTrust. (n.d.). Various types of digital signatures and its uses. Available from : https://xtratrust.com/index.php/blog/digital-signature/various-types-of-digital-signatures-and-its-uses

SSH Communications Security. (n.d.). How digital signatures work. Available from : https://www.ssh.com/academy/secure-information-sharing/how-digital-signatures-work