Electronic signature options for cell phones

Signing from a cellphone has been around for several years, but not all signatures are the same. That is why today we are going to explain the most common types of eSignatures for phones and the main differences between them.

One of the main features of electronic signatures is to sign on-the-go. Therefore it is no longer necessary to be present to close an agreement. This results in significant savings in both time and money.

Therefore in recent years the way of doing business has evolved and those companies that have embraced this digital transformation have improved their business efficiency. It is no longer a question of if it’s convenient to implement this change, but when to do it.

On the other hand, there are different options for eSigning directly from cell phones, as there are some aspects to take into account to be able to use them correctly.

What types of eSignatures are available?

Within the EU, Regulation (EU) nº910 / 2014 of the European Parliament and of the Council (eIDAS) is in charge of controlling eSignatures within member countries and defines them as follows:

  • Simple electronic signature: Refers only to the electronic data used by the signatory to carry out the signature. Although it is perfectly legal and valid in court, you may need additional legal evidence because it is easy to forge.
  • Advanced electronic signature: Refers to the signature that meets the conditions underlined in article 26 of eIDAS; An advanced electronic signature shall meet the following requirements: it is uniquely linked to the signatory, capable of identifying him/her, it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control, and it is linked to the data signed therewith in such a way that any subsequent change in the data is detectable.
  • Qualified electronic signature: This is an advanced electronic signature that has been created using a qualified device and certificate and has the equivalent legal effect of a handwritten signature.

Note that all of them are legally binding. Depending on the requirements of the signing process or document to be signed we will choose one or the other.

Considering the above terms, let’s see which ones can be used from a mobile device.

eSignatures can also be used in cellphones

eSign without using certificate

Since we do not have a digital certificate we need further legal evidence to be able to identify the signer and thus fulfill all the requirements for an advanced electronic signature.

There are many different types of evidence. SMS OTP is one of the most frequent, i.e. a temporary password sent to the signer’s phone. This allows us to authenticate the signer, as the phone is personal and belongs exclusively to him/her. In addition, both the access to the signature request (sent to the email) and SMS code (sent to the phone) are under the signer’s full control.

eSign using SMS OTP

Sign a document online safely and legally

Therefore, all conditions for advanced electronic signature from a mobile device are met without the need to use a certificate. In any case, there are secure solutions that do not force us to carry around the certificate at all times, such as our cloud-based signature solution.

eSign without qualified certificate

Signing digitally with certificate simplifies the process, since certificates include all necessary data to identify and link the signer.

Once again, both the access to the request and the certificate are under the signer’s control, and the document and other evidence allow to detect if any subsequent modifications have been made afterwards. Based on this, we consider this an advanced electronic signature.

The difference between this and a qualified certificate (at EU level) is that the signing process has not followed the certification process that the state regulatory body requires to be considered as qualified type, though in terms of technical security there is no difference between both.

eSign using qualified certificate

Same context as in the previous case, except that the certificate is stored on a cryptographic card that cannot be downloaded (e.g., the electronic ID card) and it is generated on a secure HSM server.

Using this last method we obtain a qualified electronic signature with the highest level of confidence that is currently available according to EU regulations. In addition, since the implementation of eIDAS Regulation, cloud systems or systems for centralizing digital certificates on external servers are permitted so we are able to connect the HSM directly, thus do not need to export the certificate.

NOTE: Our centralized solution Viafirma Fortress allow users to use their certificates whenever necessary on any device as they are stored on a secure cloud that can be accessed whenever.

In short, any type of electronic signature listed in the European regulation can be made from a cell phone. Each of them fits a different situation, depending on the security level required for the process.

The ease of use and mobility offered by eSignatures are essential for optimizing your business process

All set?

It’s time to handle documents more efficiently