Signing from the mobile is a reality that has been around for several years, but not all signatures are the same. That is why today we are going to explain what types of electronic signatures can be made from a mobile device and what are the main differences between them.
One of the main advantages offered by the electronic signature is mobility. Thanks to this technological advance, it is no longer necessary to even be in the same room to terminate an agreement. This has as a consequence a very important economic and time saving.
That is why, in recent years, the way in which business is done has changed and the effectiveness of the companies that have embraced this digital transformation has improved considerably. Therefore, it is no longer a question if it is appropriate to carry out this change, but when to do it so that it is implemented as soon as possible.
As for the electronic signature, there are several types with different characteristics and considerations to take into account to know what we are capable of doing from a mobile device.
What types of electronic signature are there?
Within the territory of the European Union, Regulation (EU) nº910 / 2014 of the European Parliament and of the Council (eIDAS) is the legislation that is in charge of regulating the electronic signature within its member countries and establishes the following classification:
- Simple electronic signature: Refers only to the electronic data used by the signatory to carry out the signature. Although it is perfectly legal and can be presented at a trial, you may need additional proofs because it is the least secure signature possible.
- Advanced electronic signature: Refers to the signature that meets the conditions contained in article 26 of the eIDAS, which are the following: the signature must be linked to the signer in a unique way, must allow to identify it, must have under its control the data used for the creation of said signature and it must be possible to detect if there has been any modification after having signed.
- Qualified electronic signature: This is an advanced electronic signature that has been created by a qualified device and with a qualified certificate. Its legal value is exactly identical to that of the traditional handwritten signature.
It should be noted that all of them are perfectly legal. The requirements of the process or document in question will be those that determine the signature that will be used in each of the cases.
Taking into account these conditions, let’s see what types of signatures can be made from a mobile device.
Electronic signature WITHOUT certificate
By not having a certificate, we need additional evidence to get the signer’s identification and thus achieve all the necessary requirements to have an advanced digital signature.
There are numerous types of evidence. One of the most frequent is the SMS OTP, that is, a temporary password that is sent to the signer’s phone. In this way, since the mobile is personal and belongs exclusively to said person, identification is established. In addition, both the access to the signature request (sent to your email) and the SMS code (sent to your phone), are under your full control.
Therefore, all conditions are met to have an advanced electronic signature from a mobile device without the need to use a certificate. In any case, there are secure solutions that do not require carrying the certificate always with you, such as a centralized signature or cloud signature. We’ll talk about this case later.
Electronic signature WITH NO qualified certificate
Signing digitally with a certificate makes the process easier, since the certificate itself includes all the necessary data for the identification of the signatory and is exclusively linked to it.
Once again, the condition that access to the request and the certificate are under its control is fulfilled, and the document allows, together with other evidences, to know if any modification has been made a posteriori. Following this method, we have an advanced electronic signature.
The difference with a qualified certificate (in the European Union), is that it has not followed the certification process that the state regulatory organism requires to consider it as such, although technically it does not have to differ in anything in terms of safety.
Electronic signature WITH a qualified certificate
The same context as the previous signature with certificate is repeated, with the only difference that said certificate is contained within a cryptographic card without the possibility of downloading (for example, the electronic DNI) or generated in a secure server (HSM), such as for example, the one generated by Viafirma by one of its Certification Services Providers integrated in the platform.
Following this last method, we obtain the qualified electronic signature, the signature of the highest possible confidence level nowadays according to the European Union regulation, because it is legally equated with the holographic signature.
This certificate can be downloaded by the user to your device for direct use, or always remain on the secure server (HSM), so that users access it when they want to sign a document digitally, after authenticating their identity in a robust manner, that is, with more than one authentication factor (for example, an alphanumeric password and a code sent by SMS or a biometric feature). In addition to offering a security bonus, the user does not need to have the certificate permanently with him, avoiding possible thefts or losses. It would be a special case of signature with certificate: the signature in the cloud, signature cloud or centralized signature.
In short, from a mobile device you can perform all types of electronic signatures collected in the European regulation. Each of them adapts to a different situation, in which greater or lesser security is needed for the agreement in question.