sign-me

We will be pleased to assist you with any questions you may have regarding sign-me. Would you like to know about the sign-me requirements for your system environment? Or perhaps about the sales partners who you can contact? Then you have come to the right place. We can also offer you useful tips, security information and details of the sign-me software.

83957D74-EDC5-464B-BF6C-C02F109A766D

Remote signature with sign-me

Registration

To register in the sign-me portal as an independent or private user, access the portal via www.sign-me.de. You are guided through the process using the following steps:

  1. Click on “Register”.
  2. Enter your data in the registration form and confirm your entry by clicking on “Next”.

Note: Please use your personal data as entered in your ID document, which are later used for identification.

  1. You immediately receive an e-mail with a confirmation link. Open this email in your personal e-mail inbox and click on the link to complete your registration.

Note: If you have not received an e-mail from D-Trust, please check your spam folder.

You are now successfully registered and can log in at www.sign-me.de. Before you can sign with sign-me advanced or qualified, one-time identification is necessary.

Users from the corporate or public authority environment in particular often use sign-me within a predefined signature process. When you use it for the first time, you are usually taken directly from this signature process to the one-time registration and identification (called “in-band” identification).

The following personal data are collected for registration:

  • First name
  • Surname
  • Mobile phone number (including country code)
  • E-mail address
  • Password

The processing of your personal data requires that you agree to the Privacy Policy when registering for your sign-me account. Please enter all personal data as they appear on your ID document that is later used for identification. Other data such as academic title, nationality and residential address are added during identification.

Identification

Independent or private users are identified after logging in at www.sign-me.de via the menu item “Identify”.

Three possible procedures are available:

  • eID procedure (D-Trust AusweisIDent solution via an online ID function, currently free of charge)
  • eID procedure (D-Trust AusweisIDent solution via an online ID function, costs 50 coins)
  • eID procedure (identity.TM solution via an online ID function, costs 50 coins)

Users from the corporate or public authority environment in particular often use sign-me within a predefined signature process. When you use it for the first time, you are usually taken directly from this signature process to the one-time registration and identification.

Four possible procedures are available:

  • eID procedure (D-Trust AusweisIDent solution via an online ID function)
  • VideoIdent procedure (identity.TM solution)
  • eID procedure (identity.TM solution via an online ID function)
  • POS-Ident procedure (on-site identification via trained employees of the organisation)

In the specialised applications, it may be that only a selection of the possible procedures are offered. The costs are usually borne by the organisation from which the signature request was made. Users do not need to purchase credit. A separate registration of users in the sign-me portal is not necessary.

For identification via the online ID function, you need your valid ID card with an activated eID function and your PIN.

You are guided step by step through the identification process. Please start AusweisApp2 on your desktop PC or laptop before use. On mobile devices, the app must be installed and is automatically activated when used.

You must ensure the following on the devices used:

  • AusweisApp2 must be installed on the end device used. This is provided free of charge at the link https://www.ausweisapp.bund.de/download.
  • If you want to identify yourself using a mobile device (smartphone or tablet), this device must have an NFC interface. A list of compatible devices is available at the following link: www.ausweisapp.bund.de/mobile-geraete/.
  • If you want to identify yourself using a desktop PC or laptop, you need a card reader for the ID card.

More detailed help with problems is available at: https://www.ausweisapp.bund.de/faq.

For identification via the online ID function, you need your valid ID card with an activated eID function and your PIN.

On a desktop PC or laptop, the browser first takes you to the procedure page of identity.TM, where you can select eID in addition to VideoIdent. From there, you are guided step by step through the identification process.

  • Please install and launch AusweisApp2 before use. This is provided free of charge at the link https://www.ausweisapp.bund.de/download
  • If you want to identify yourself using a desktop PC or laptop, you need a card reader for the ID card.

On mobile devices (smartphone or tablet), identification via eID cannot be carried out from the browser but only from the identity.TM app, which supports both eID and VideoIdent. In the mobile browser, you are first be taken to the identity.TM procedure page, where you can select both eID as well as VideoIdent.

  • AusweisApp2 does not need to be installed, as its functionality is included in the identity.TM app.
  • If you want to identify yourself using a mobile device, this device must have an NFC interface. A list of compatible devices is available at the following link: www.ausweisapp.bund.de/mobile-geraete/.
  • Make a note of your 5-digit reference number on the identity.TM procedure page. Start the app and enter your name and reference number there. You are now guided step by step through the identification process.

You can also find detailed help with problems at: https://www.ausweisapp.bund.de/faq.

Since February 2022, you can request online activation of this function and ask to be sent a new PIN if you have forgotten it. To do this, install AusweisApp2 from the Google Play Store or the Apple App Store and follow the instructions in https://www.pin-ruecksetzbrief-bestellen.de. The new PIN is sent to you free of charge as a personal registered letter to your registration address.

You can also find detailed help with problems at: https://www.ausweisapp.bund.de/faq.

In addition to the German ID card, AusweisApp2 also supports the electronic residence permit (eRP) and the eID card for citizens of the EU and the EEA.

The identity verification takes place between you and an expert VideoIdent agent in a video conference offered by our partner identity.TM. The VideoIdent procedure is eIDAS-compliant and its security is confirmed. Your personal data are protected at all times.

For the VideoIdent procedure, you need a desktop PC, a laptop, a smartphone or a tablet. You also need the following:

  • Camera and microphone on your end device
  • A stable internet connection
  • Your valid ID document
  • A mobile phone for receiving SMS TANs.

The VideoIdent procedure supports browsers on the Windows, Android and iOS operating systems. Please use on a desktop PC or a laptop:

  • Mozilla Firefox,
  • Safari,
  • Google Chrome,
  • Microsoft Edge or
  • Opera.

Microsoft’s Internet Explorer is not supported.

The use of

  • Chrome for Android devices and
  • Safari for iOS devices is not possible on a tablet or smartphone.

Video identification required for sign-me can be done in German and English at our identification service provider identity.TM. If the browser you use for sign-me is set to a language other than German, you are automatically put through to an identity.TM agent who is able to perform an English identification.

POS-Ident is an identification procedure in which a trained employee of a company or authority identifies users directly on site. In order to offer POS-Ident as an organisation, the following requirements must be met:

  • The organisation has concluded a contract with identity.TM as a D-Trust customer.
  • The person being identified has participated in online training.
  • The person being identified has been personally identified once.
  • The POS software is installed on the terminal device of the identifying person.
  • The user has a mobile phone.

The POS-Ident procedure can usually be completed in a few minutes. To do this, the person being identified logs on to the identity.TM portal via the POS software. The user’s personal data are recorded and his/her ID document is photographed. The user checks the collected data and agrees to their further processing with an SMS TAN. The person being identified matches the photo of the ID document and then transmits the verified data, confirming it with an SMS TAN.

identity.TM checks the collected data and then confirms successful identification of the user.

Note:  For information on costs and the implementation of the POS Ident procedure, please contact vertrieb@d-trust.net.

The identification is valid as long as the ID card which was used, but at least for two years. This identification validity is available in the sign-me portal under the menu item “Identify”. The validity period of the certificates depends on the type of identification. Expired certificates are automatically recreated before another signature if the identification is still valid.

Creating signatures with sign-me

With sign-me, it is possible to sign in the signature levels Simple Electronic Signature (EES), Advanced Electronic Signature (FES) or Qualified Electronic Signature (QES). Please note that only a signature with QES is equivalent to the legal written form in Germany.

After you have been identified via one of the offered identification procedures, you can immediately sign with the simple, advanced and qualified electronic levels.

Sign-me supports the common browsers of the operating systems Windows, Android and iOS. These are:

  • Mozilla Firefox
  • Google Chrome
  • Microsoft Edge
  • Safari
  • Opera

Microsoft’s Internet Explorer is not supported.

Only PDF/A files can be signed in the sign-me portal. They must not be larger than 10 MB.

Note: If your PDF file is not in PDF/A format, you can convert it to PDF/A format using a PDF printer.

When connecting via API to your own process or the workflow of a partner, it is possible to transfer PDF/A data or hash values of documents to sign-me to be signed.

After logging in to your sign-me account on the web portal, the “Signature history” is available in the menu. A document history is displayed here. The last documents signed are still available for retrieval. You can download them again if necessary.

The data included in the history go back a maximum of 5 days. After this period, the documents are deleted from the sign-me system for data protection reasons.

After logging in to your sign-me account on the web portal, the “Signature history” is available in the menu. Here you can call up signature processes that were interrupted before the process was ended and complete them.

The data included in the history go back a maximum of 5 days. After this period, the documents are deleted from the sign-me system for data protection reasons.

Please go to “Sign your own PDF” within the sign-me web portal.

After you have uploaded a PDF document, you can place the signature flexibly. In addition to the predefined options (top/bottom, right/left), you can also position the signature freely (manual placement).

You can then choose on which page the signature is to appear. In addition to the predefined options (first page/last page), you can also specify or navigate to another page at the bottom of the page view when you select “Manual placement”.

Note: You can also skip visual placement of a signature. To do this, simply select “Invisible” under “Position of the signature on the page”. This has no influence on the legal validity of your qualified electronic signature. When creating a qualified electronic signature, only the electronic capture of the underlying signature certificate is important.

If you as a company use sign-me via your own specialist application, you can use API to define where the optical signature field is to be placed. If you use sign-me via an integrated signature workflow from one of our partners, you can specify where the optical signature field is to be positioned in the document.

When using sign-me via the web portal, the PDF documents need to be uploaded.

When connecting via API to your own workflow or the workflow of a partner, it is also possible to upload only one hash value for signing. Some of the partner applications can also be used “on-premise”. The data thus remain on the organisation’s system. There is no need to upload the documents to the partner system or to the sign-me portal.

Approving signatures with sign-me (two-factor authentication)

If you have a user account accessible via the portal, sign-me also offers the use of the sign-me 2FA (two-factor authentication) app to approve the signature. You can find the app for download at Android in the Google Play Store and at iOS in the Apple App Store.

The app must be connected to your sign-me account once. To do so, please open “App registration” in the www.sign-me.de portal. Select a PIN for the approvals and scan the QR code with the sign-me 2FA app.

Using the app is intuitive: When signing, select "Sign with app”. The app automatically opens on your smartphone and prompts you to approve the signature with your PIN.

A locked/forgotten PIN can be unlocked by logging in to the app again. To have a new PIN assigned, please start a new registration for your mobile phone in the www.sign-me.de portal under “App registration”. 

Using the app is intuitive: When signing, select "Sign with app”. The app automatically opens on your smartphone and prompts you to approve the signature with your PIN.

If you want to use a different device, e.g., after changing your smartphone, please start a new registration in the www.sign-me.de portal under “App registration”. This cancels the connection with the old unit. It is not possible to connect multiple mobile devices to the same account.

D-Trust recommends the convenient use of signature approval via the sign-me 2FA (two-factor authentication) app.

If using it is not possible, you can opt for the SMS TAN procedure.

The SMS TAN procedure is preset when you restart sign-me. You do not need to take any additional steps for activation.

If you want to use the SMS TAN procedure again instead of the sign-me 2FA app, please start a new registration in the www.sign-me.de portal under “App registration”.  Please request a TAN but do not complete the process. To cancel the process, select the “Back” button after entering the TAN. You are then redirected to the sign-me homepage.

This reactivates the SMS TAN procedure. Use of the app is disabled. You can reactivate it at any time.

D-Trust recommends the convenient use of signature approval via the sign-me 2FA (two-factor authentication) app. The first alternative to using the app should be the SMS TAN procedure via a mobile device.

If neither the app nor the SMS TAN procedure can be used, a German landline number for two-factor authentication of the signatures can be entered during registration.

If a landline number is specified, a PIN for accessing the landline TAN must also be specified. In this case, the specified landline telephone rings when the qualified signature is triggered. Before the landline TAN for the signature process is announced via voice module, the self-selected PIN must be entered.

There are sign-me customers whose contract specifies mandatory use of the 2FA app. This may affect users in the health sector, for example. For such users, the request for an SMS TAN is rejected with an error message. In this case, please register the 2FA app in the www.sign-me.de portal via the menu item “App registration”. 

A mobile phone number or German landline number must be provided directly during registration and is verified during identification.

It is possible to change to a different telephone number, but this results in a new identification being required. This may incur a charge and cannot be reversed. Only after re-identification are you able to sign again via sign-me.

To change the stored phone number, please proceed as follows:

  1. Log in with your user name at www.sign-me.de.
  2. Call up the entry “Settings” → “Mobile phone number”.
  3. Enter the new call number in the field provided and accept the change by selecting “Save”.

It is not possible to upload and sign an encrypted document in the web portal or via a specialist application.

Security is guaranteed when using the sign-me portal.  Access via the Internet is TLS-encrypted. Furthermore, each PDF file is uploaded to the sign-me server in the security area of the D-Trust data centre. Only authorised administrators have access to the sign-me system. The signed documents are deleted after 5 days.

Security is guaranteed when using the sign-me portal.  Access via the Internet is TLS-encrypted. Furthermore, each PDF file is uploaded to the sign-me server in the security area of the D-Trust data centre. Only authorised administrators have access to the sign-me system. The signed documents are deleted after 5 days.

Personal data, contracts and data protection

You can adjust your personal data at any time in your sign-me account under the menu item “Personal data”. If you are already identified and change your personal data (including your mobile phone number), you need to identify yourself again. This may incur a charge. You are not able to sign again until you have been identified.

If you use sign-me via the portal, select the menu item “Identify” after saving your changed personal data and follow the instructions.

If you are using sign-me via a signature workflow or a specialist application and have lost your identification due to a data change, you are directed to the identification procedure during the next signature process.

You choose your password to your sign-me account yourself. The password must be at least 8 characters long and contain at least one upper case letter, one lower case letter, one number and one of the following special characters: !+-_*$?:#&@;~%. Please also make sure that the characters are not repeated if possible.

If you have forgotten your password for logging in to your sign-me account, you need to re-identify yourself. This may incur a charge. You are not able to sign again until you have been identified. For security reasons, D-Trust is forced to revoke your certificate and request a new identification whenever an access password is forgotten.

In order for your personal data to be processed, it is necessary that you agree to the privacy policy when registering for your sign-me account. Please enter all personal data as they appear on your ID document that is later used for identification. Only data that needs to be collected according to the respective legal basis for establishing your identity is collected and used. For identification service providers, the data are deleted after seven days at the latest; for D-Trust, there is a retention obligation.

As part of the creation of your sign-me account (registration, identification), you must agree to the inclusion of the following documents:

In addition, you must accept the privacy policy of D-Trust and, if applicable, that of identity.TM and agree to the generation of signature certificates for the use of sign-me. Following your registration and identification, you can access all the documents you have acknowledged and accepted in your sign-me account at any time under the menu item “User documents”.

Deleting your sign-me account can only be done by the D-Trust Call and Support Centre. Please inform us by sending an e-mail to support@d-trust.net and use the user name (e-mail address) of your sign-me account as the sender.

Certificates 

As a user of sign-me remote signature, log in to your sign-me account. Please go to “Settings” and “Manage signature certificates”. Here you can select the certificate that is to be blocked. In the certificate’s display, you find the button “Revoke”.

After revoking one or all certificates, they are regenerated if you sign another document and your identification is still valid. You can view the identification status on the start page under the item “Identify”. If the identification is no longer valid, new certificates are only created after new identification, which may be subject to a cost.

You have the option of selecting the menu item “Directory” under “Settings” in your sign-me account. Here you decide whether you want to have your future signature certificates published in the D-Trust directory service by clicking on the checkbox “Publish signature certificates in future”.

Interested partners who want to request a signature from you receive information about which signature certificates you have via the directory service.

The directory contains information about each signature certificate issued. It is like a phone book for signature certificates. Even if you do not publish the certificates in the directory, sign-me is still fully usable.

Users with long-term certificates, such as those issued for identification by eID, receive an e-mail a few days before they expire. If the identification is still valid, these certificates are automatically reissued by sign-me with the next signature request – users do not need to do anything.

Users can see their identification validity in the web portal under the menu item “Identify”. The validity period of the certificates depends on the type of identification.

Certification

D-Trust is a qualified trust service provider according to eIDAS, which is permitted to offer the qualified signature, among other things, and is included in the European Trusted List. The responsible accreditation body is the Federal Network Agency, and the conformity assessment body is TÜV IT – the certificate is available here.

Validation

Open the signed PDF document in a PDF viewer that supports eIDAS validation, e.g., under Windows in Adobe Acrobat Reader DC. Alternatively, the digiSeal reader software from secrypt is available free of charge.

After opening the signature window you see that:

  • the issuer is an eIDAS-qualified trust service provider from the EU Trust List, such as D-Trust,
  • the signatures are at the “qualified” level,
  • they are provided with embedded qualified time stamps, if applicable, and
  • the signatories are the persons indicated.

When Android or iOS mobile devices are used, there may be restrictions in the validation options.

Both for signatures via the sign-me web portal and via connected workflow systems, an embedded qualified time stamp enabling long-term validation of the signature is always used.

Costs & signature credit

sign-me can be used via a company’s workflow application, e.g., for credit agreements, insurance policies, temporary employment contracts or applications to authorities. This application enables third parties to be invited to use sign-me. In this case, the use is usually free of charge for the signatories. This applies both to the signatures being provided and to any identification that may be required. The service is charged to the companies or authorities that offer the application to third parties.

If you use sign-me via the web portal as a private individual, you must register once. Following registration, you receive 10 sign-me coins. You use these coins to pay for signatures within the sign-me portal. Identification is a prerequisite for the signature. You can then sign at the qualified (5 coins per signature), advanced (2 coins per signature) and simple (free of charge) levels.

Identification via the online ID card function (AusweisIDent) in the sign-me portal is currently free of charge.

For the identification procedures via our partner identity.TM (VideoIdent and eID procedures), costs of 50 coins each are incurred.

To add new coins at sign-me, please log in to your sign-me account. You find the “Top up” link in the menu. This takes you directly to the shop of our partner REINER SCT.

Please also enter your sign-me user name (e-mail address) at REINER SCT.

In the REINER SCT shop, select the desired coins package. For example, sign-me signature credit in the amount of 500 coins (equivalent to 100 qualified signatures) or sign-me signature credit in the amount of 25 coins (equivalent to 5 qualified signatures) are available. The package price also includes one-time identification plus the issuance of one certificate each for simple, advanced and qualified signatures.

Once you have completed your purchase, you receive a link by e-mail which you can use to initiate identification if necessary and top up the coins in your sign-me account. REINER SCT is responsible for the ordering, processing and invoicing of this offer. If you have any problems, please contact REINER SCT Support.

Piktogramm für Support
D-Trust
Support
+49 (0) 30 2598 – 0