General information

What is Rekono?

Rekono is a collective name for a family of state-of-the-art services and products developed and offered by Rekono, sistemske integracije, d.o.o., intended for individuals and commercial providers of electronic or online services.

Rekono services and solutions are designed to provide reliable identity verification, simple and highly secure access to various online services from different providers, electronic document signing, and enable user-friendly, efficient, and trustworthy online business from any device, anywhere, at any time.

What is a Rekono account?

A Rekono account is a means of electronic identification that clearly verifies an individual’s identity online when conducting business. It is similar to verifying identity in the physical world using an ID card, passport, or driver’s license.

Since the Rekono account contains unique personal identification data, it enables registration or authentication when logging into various online and mobile services offered by different providers, such as banks, insurance companies, energy companies, municipalities, and systems connected to the SI-PASS.

In the past, various providers, such as shops and banks, independently managed confidential data about individuals, including usernames, passwords, email addresses, digital certificates, credit card numbers, tax numbers, PINs, and registration codes.

This proved to be extremely impractical and posed a high risk of fraud and abuse.

With a Rekono account, these shortcomings are eliminated, as users enter their confidential data only into the Rekono system, where it is securely stored on dedicated computer equipment. Individuals (natural persons) can have only one Rekono account, which does not expire and does not need to be renewed.

Using a Rekono account is simple and provides a pleasant, consistent user experience.

Why do I need a Rekono account?

With a Rekono account, you can access various electronic or online services from different providers in a simple, efficient, fast, user-friendly, and secure way, anytime and anywhere, from any device, including mobile devices.

By registering a Rekono account, you create your own authentic electronic identity, which is verified in multiple registers and trusted data sources in accordance with the EU eIDAS Regulation and local legislation. This ensures that service providers you access with your Rekono account can be certain of your identity.

Where can I use my Rekono account?

You can use your Rekono account to access a wide range of online and mobile services and applications offered by various providers, banks, insurance companies, energy companies, municipalities, and electronic services connected to the SI-PASS system.

We are trusted by the largest Slovenian companies: https://podpora.rekono.si/#kontakti-ponudnikov.

What is a digital certificate?

A digital certificate is a computer record that contains information about the holder and their public key, as well as information about the issuer and the certificate’s validity period. It can be stored on the holder’s computer or, preferably, on a dedicated secure medium, such as a card or USB stick. An example of a secure medium for a digital certificate is the electronic ID card.

Does a digital certificate serve the same function as a Rekono account?

It is difficult to directly compare a digital certificate and a Rekono account. Although both verify the holder’s identity, they differ significantly in technology, practicality, and possible uses.

Digital certificates are still used to verify users when logging into various electronic services, but are primarily used for electronic document signing. Proper or legal electronic document signing is only possible with a digital certificate and no other method. For practical reasons and to ensure the highest level of protection for the confidential elements of digital certificates, we no longer store them on users’ computers or devices, but instead on secure infrastructure – specifically, on dedicated security devices (HSM) of service providers such as Rekono.

When logging into a specific electronic service with a Rekono account, using a digital certificate is just one of the available login options. The choice is entirely up to the user.

Rekono offers the highest level of security and an excellent user experience, as it works on all devices owned by the user and does not require any dedicated software, hardware, or locally installed digital certificates.

What is the security in the Rekono system?

Within the Rekono services framework, data security – including user passwords and one-time codes – is ensured through dedicated computer infrastructure, specialized hardware and software, and robust cryptographic algorithms.

All security-sensitive data is protected by cryptographic algorithms, including hash functions (SHA-256 or stronger), HMAC (a hash function verified with a 256-bit symmetric key), and encryption with AES-256 symmetric keys. All cryptographic key operations are performed in hardware security modules (HSMs).

All computer equipment supporting Rekono services is located in dedicated, appropriately technically secured premises at various locations in Slovenia.

The adequacy of Rekono’s infrastructure and service management is verified through regular compliance assessments with ISO 27001, ISO 20000, and relevant national and EU regulations for trust service providers.

Rekono’s services are trusted by the largest Slovenian companies and their clients.

eSignature and trust services

All security-sensitive data is protected by cryptographic algorithms, including hash functions (SHA-256 or stronger), HMAC (hash function verified with a 256-bit symmetric key), and encryption with AES-256 symmetric keys. All cryptographic key operations are performed in hardware security modules (HSMs).

All computer equipment supporting Rekono services is located in dedicated, appropriately technically secured premises at various locations in Slovenia.

Rekono’s services are trusted by the largest Slovenian companies and their clients.

What types of electronic or digital certificates does Rekono issue as a provider of qualified and non-qualified trust services (Rekono TSP)?

Qualified certificates for:

advanced electronic signatures created with the Rekono Sign remote digital signature service,
qualified electronic signatures created with the Rekono Sign remote digital signature service,
advanced electronic seals created with the Rekono Sign remote digital signature service,
qualified electronic seals created with the Rekono Sign remote digital signature service,
the Rekono QTSA qualified electronic time stamp service.

Non-qualified certificates for:

advanced electronic signature created with the Rekono Sign remote digital signature service,
advanced electronic seal created with the Rekono Sign remote digital signature service,
the Rekono TSA electronic time stamp service,
electronic authentication,
OCSP servers,
managing the internal infrastructure of the Rekono TSP trust service provider.

What is the purpose of using Rekono electronic or digital certificates?

Qualified and non-qualified Rekono certificates for electronic signatures or electronic seals are intended for electronically signing or sealing data or documents in digital form.

Authentication with a Rekono account of medium or high assurance level allows users to create the following using the Rekono Sign remote electronic signature service:

advanced electronic signature,
advanced electronic signature with a qualified certificate, or
qualified electronic signature.

Where are private the keys for remote electronic signatures, Rekono Sign or Rekono Seal created and stored?

An electronic signature or electronic seal is created on the Rekono Sign remote electronic signature system using single-use keys.

For each electronic signature request, after the user is successfully authenticated with a Rekono account in the Rekono Sign solution for remote electronic signatures, which operates on a dedicated hardware security module (HSM), a new public and private key pair is generated, and a corresponding digital certificate for the public key is issued. The private key for electronic signatures is destroyed immediately after the electronic signature is created, using the mechanisms of the hardware security module (HSM), which prevents any subsequent use of this private key. The digital certificate for the corresponding public key is stored after the signature is created and is used only to verify the created electronic signature.

What requirements must an advanced electronic signature meet?

The eIDAS Regulation states that an advanced electronic signature is a set of data in electronic form used by a signatory to sign electronic documents and other electronic data, and that it meets the following requirements:

a) it is uniquely linked to the signatory;
b) it is capable of identifying the signatory;
c) it is created using electronic signature creation data that the signatory can use with a high level of confidence and under their sole control, and
d) it is linked to the electronic documents or data so that any subsequent change to the electronic documents or data is detectable.

What requirements must a qualified electronic signature meet?

The eIDAS Regulation states that a qualified electronic signature is an advanced electronic signature created by a signatory using a qualified electronic signature creation device and a qualified certificate for electronic signatures.

What are the legal effects of different types of electronic signatures?

By law, only a qualified electronic signature has the same legal effect as a handwritten signature. A signature based on a qualified certificate issued in one of the EU Member States, is recognized as a qualified electronic signature in all other Member States.

Data or documents signed with a qualified electronic signature directly and permanently contain all information necessary to determine whether the requirements for advanced electronic signatures are fulfilled.

A qualified electronic signature must be used when a valid regulation requires that data or documents in digital form be signed with an electronic signature equivalent to a handwritten signature, and when data or documents that must be signed by hand in physical form are created and sent in digital form.

An electronic signature that does not meet the requirements for a qualified electronic signature may be used as evidence in legal proceedings. However, the signatory must be aware that if the authenticity and integrity of the unqualified electronically signed data or document are challenged, or if the electronic signature is denied, the authenticity of the contested data, document, or signature must be proven through business control procedures that create a reliable audit trail linking the signed data or document to the related business events, actions, or records. These audit trails and other evidence must be stored until the retention period for the electronically signed data or document expires, in a form and manner that enable the long-term preservation of their authenticity, integrity, and usability.

What is the 3-D Secure service?

Rekono 3-D Secure is a service that securely confirms online payments.

If you have a smartphone, you can confirm online payments using the Rekono OnePass mobile app. If you do not have a smartphone or do not wish to use the Rekono OnePass app, you can confirm online payments using a static password combined with a one-time Rekono SMS OTP, which you will receive on your mobile phone.

To use the latter solution, first set a static password in the lower section of the Rekono account control panel, then complete the bank activation process to activate your selected bank’s payment cards for secure confirmation of online payments with 3-D Secure.

What should I pay attention to when registering a Rekono account?

It is important to use the mobile number you provided to your bank for card transaction notifications (SMS OTP) when registering your Rekono account. If you have different mobile numbers for your business and personal accounts, add the card linked to the mobile number you entered during Rekono account registration.

You can, of course, change the number – most easily in the Rekono account control panel – where you can add another card.

If you have a mobile number registered in your Rekono account that receives notifications for transactions with private cards, first add your private card and you will automatically be able to use your business card as well. You can also change the mobile number registered in your Rekono account and then activate secure payments with your business card. However, as mentioned above, the activation will also apply to personal or private cards.

It is not possible to have separate Rekono accounts for confirming payments for business and personal cards, or different Rekono accounts for different banks. You can have only one Rekono account, as it is linked to your tax number. All cards assigned to you, regardless of type, will be linked to a single Rekono account. There is no distinction between cards, nor is there any need for one, as this is a single secure payment confirmation process.

The mobile number used to register your Rekono account must match at least one mobile number linked to your bank cards. If it does not, you can change the mobile number in your Rekono account through the Rekono control panel, which you can access online, or at your bank through an official, time-consuming procedure. Changing the mobile number at the bank is necessary if you no longer have access to the mobile number linked to your card.