Guide to understand everything about digital signature

Biometric signature, unattended signature, qualified signature, in the cloud … these are just a sample of the terms covered by the digital signature. At first it can cost to get hold of them and understand them 100%. With this guide you will have a reference with the key concepts to be aware of everything that involves the digital signature.

The digital signature and everything around it form a set of terms, some of them very similar to each other, which can create confusion. For this reason we have decided to create this short guide in which we try to clarify the most basic concepts related to the universe of the digital signature.

We propose it below in a simple and clear way, without too many technicalities, so that those who are introducing to this topic have a starting point from which to continue developing your skills and knowledge. We have focused on the European market and, more specifically, on Spanish, since in other markets such as Latin America, the terms may vary substantially, due to their definition in each legislation.

What is the digital signature?

Signing a document digitally is a cryptographic procedure by means of which the signatory person is identified without error, ensuring the integrity of the document. This is done using the electronic signature, which is nothing more than a set of unique data that are linked to that document.

The electronic signature is a broader concept within which the digital signature is. In fact, the digital signature is an essential part of the advanced and qualified electronic signature, but not the simple one. Concepts we will see later.

How many types of electronic signature exist?

We can classify the electronic signature according to different criteria. One of them is the security of it. According to Regulation (EU) No. 910/2014, known as eIDAS, we distinguish 3 types:

Simple electronic signature

It consists of data in electronic format attached to other electronic data, or logically associated with them, used by the person responsible for the firm. It has the lowest level of security.

Examples of simple electronic signature would be to sign a paper document, scan it and send it by email or sign with the finger on a screen the collection of a package, without incorporating any other evidence.

Advanced electronic signature

The eIDAS Regulation defines the advanced electronic signature as one that meets these requirements:

  • It is linked to the signer in a unique way.
  • Allows the signer’s identification.
  • It has been created using electronic signature creation data that the signer can use, with a high level of trust, under his exclusive control.
  • It is linked to the data signed by it so that any subsequent modification is identifiable.

In the advanced electronic signature, functions are often applied for time stamping, geographical location and even biometric information of the signer.

Qualified electronic signature

This is originated by a qualified device for creating electronic signatures and based on a qualified electronic signature certificate, such as the electronic DNI. This is the electronic signature procedure that presents a higher level of security.

The qualified electronic signature contains all the information necessary to identify the signer: name, unique identity code (in Spain the NIF is used), algorithm and keys of the signature, expiration date and issuing organization.

The qualified electronic signature is used in both the public and private sectors, depending on the level of security required.

Next, we will describe the different types of existing digital signature based on how it is done in the signature process itself:

Biometric signature

This takes place by manual signing on a tablet or any other device that allows it. With the help of biometric technology, the signature is collected, along with other variables such as pressure or speed, and encrypted so that it adheres to the document securely, establishing its validity.

Firma biométrica

Electronic signature with certificates

This is carried out through the use of a digital certificate issued by the appropriate certification authority and that unequivocally identifies the person responsible for the signature. Certificates can be qualified or not, depending on whether they are issued by a Qualified Signature Service Provider or not.

Signature in the cloud

In this case, the digital certificate is generated and stored in a secure server (HSM, Hardware Security Module). To access it and sign, a robust identification method will be required in which at least two identification procedures are involved.

Unattended electronic signature

In this modality the direct intervention of the person responsible for the firm is not required, but this is done automatically. With the unattended signature you can sign large amounts of documents (batch signature), being very useful to expedite routine tasks such as signing invoices or payroll.

One-time code

With this technique you can sign a document thanks to the introduction of a password that will only be valid for that particular signature, that is, it can only be applied once.

This method is known by the acronym OTP (One Time Password), being able to send this password through SMS (OTP SMS) or through email (OTP Email).

Signature with fingerprint

With it we will identify ourselves without the possibility of error thanks to our unique fingerprint. It is one of the most economical and employed biometric identification methods, as well as the most accurate.

In Europe, this procedure must at all times comply with the General Data Protection Regulation, which in matters of biometric data protection is very strict.

Legal validity

Some of the most frequent doubts that appear when talking about digital signature is whether it has the necessary legal support. The answer is a resounding yes.

In Europe, the digital signature is covered under Regulation (EU) No. 910/2014 or eIDAS, regarding electronic identification and trust services for electronic transactions in the internal market.

If we pay attention to the classification of the electronic signature according to its security, we can conclude all have legal validity, but there are certain differences between them. It is possible that the simple electronic signature needs to be accompanied by other evidence, the advanced one has the necessary legal evidence before any repudiation. The qualified one is equivalent to the manual signature.

Digital signature applications

The digital signature is present in many procedures of the daily life of individuals, companies and public administrations. With it we can collect merchandise, pay taxes, make contracts, invoice electronically, carry out procedures with government entities, and give our consent and many more tasks.

The digital signature is also applicable to a wide variety of sectors, such as healthcare, banking, insurance, human resources, commercial, telecommunications, distribution, laboratories, fintech, etc. In addition, in Viafirma we continue to expand our catalog of evidence, as demonstrated by our recent agreement with Biometric Vox, a Spanish technology company specializing in voice solutions with their own technologies in biometrics and vocal signature.

How to digitally sign a document?

In many cases, to be able to sign a document it is not necessary to install or use any additional program or device. The motto of Viafirma, the universal signature, has a lot to do with the concept of technological neutrality and of “disturbing” the user as little as possible, simplifying the signature processes as much as possible.

However, there are certain types of signature, which, due to customer requirements, the scenario or identification procedures, may require these additional elements.

In the case of the biometric signature, we will have to have on hand devices for signature capture, such as specific tablets from manufacturers such as Topaz, Wacom, Symbol, etc., or tablets with capacitive screens such as iPad or some Android models.

If we are going to make an electronic signature, it may be necessary to have a digital certificate, which will have to be issued by a Certification Authority or Qualified Service Provider (QSP), such as the National Currency and Stamp Factory of Spain or any other.

Advantages of the digital signature

Having the digital signature brings with it some benefits over the traditional handwritten signature, the most notable are:

  • Increased productivity, since it can be signed from anywhere and at any time, saving waiting and traveling.
  • More secure, since the document cannot be modified once signed.
  • Confidentiality. The document will only be viewed by authorized persons.
  • Paperless, with the consequent savings in storage and document management.

The digital signature implies a complex set of technologies and legal aspects that can be confusing for those who are entering the subject. However, it is worth making a small effort to control at least the most basic concepts.

Its application entails such advantages for all types of entities and people from all sectors that implementing it is a key step in any digital transformation process. In addition, the different tools developed around the digital signature greatly facilitate this procedure. We hope it has served you and any questions do not hesitate to write to us.