In this article we will thoroughly analyse the requirements an electronic signature must meet in order to be considered advanced e-signature under the eIDAS standards. We also compare other types of available e-signatures as well as explaining the different options to obtain and manage a digital signature effectively.
The world of both digital and electronic signatures comprises a set of rules and technical aspects that can give you a headache if these are not properly explained.
This article will define the types of electronic signatures covered by current European legislation, focusing on advanced electronic signatures.
We will go into detail on its features, on what differentiates it from the other types, as well as on the ways of signing. Finally, we will look at other international regulations on electronic signatures which are interesting for Viafirma, and we will conclude by presenting our tools in terms of advanced digital signatures.
Types of electronic signatures according to eIDAS Regulation
Electronic signatures are regulated throughout Europe by Regulation (EU) No. 910/2014 on electronic identification and trust services for electronic transactions in the internal market, know as eIDAS.
According to these regulations, specifically in Article three, three types of electronic signatures are established. These are:
- Electronic signatures
- Advanced electronic signatures
- Qualified electronic signatures
eIDAS Regulation defines electronic signatures as:
‘’The electronic signature which meets the requirements set out in Article 26’’.
But what are these requirements? To find out, we refer to Article 26, which sets out the requirements for advanced electronic signatures:
- It is uniquely linked to the signatory;
- It is capable of identifying the signatory;
- It is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and
- It is linked to the data signed therewith in such a way that any subsequent change in the data is detectable.
Here, the term “electronic signature creation data” refers to unique data used by the signatory to create an electronic signature, a definition also contained in Article 3 of eIDAS.
Qualified electronic signature
The qualified electronic signature contained in these EU rules can be considered an extended form of advanced electronic signature:
‘‘Advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures’’.
What differentiates the advanced digital signature from the rest?
For someone who is not very familiar with the world of both digital and electronic signatures, these technical definitions can lead to confusion and lack of clarity on the pros and cons of each type of electronic signature. Let us clear up your doubts.
The electronic signature, or simple electronic signature, differs from the advanced electronic signature as the latter secures the identity of the signatory. This is a key point when it comes to signing important documents containing sensitive information.
Simple electronic signatures are those handwritten signatures which have been scanned or captured on a tablet without capturing biometric data (pressure applied, stroke speed, etc).
In both cases, the signature can be easily forged and does not ensure that the person who claims to have signed the document is indeed the real signatory. Therefore, both levels of security and legal guarantees are considered to be low.
Advanced electronic signatures and qualified electronic signatures can have the same high level of technical security. The only difference is that the latter requires an institution (authorized by eIDAS) to certify both the signature and the software that supports it.
How to get an advanced electronic signature?
There are several ways to meet the requirements set out by eIDAS for an electronic signature to be considered advanced. Generally speaking, either with or without a digital certificate.
eSignature without a certificate
An advanced electronic signature does not require the use of a certificate. We will therefore need other types of evidence.
One-Time-Password (OTP) can be used. These are sent to the signatory’s smartphone or email address and other type of evidence may also be included.
We should also consider the use of biometric signatures which, as mentioned earlier, captures biometric data (rubric, stroke, etc)
In all these cases, the requirements set out in the eIDAS on advanced electronic signatures are met (i.e. unique linkage to the signatory, under his sole control and preventing subsequent changes).
Non-qualified certificate-based signatures
These certificates include all necessary data for creating the signature, they are managed by the signatory and can detect changes for invalidation.
It is important to make a clear distinction between electronic signatures involving the use of qualified certificates.
Qualified signature certificates are stored on a peripheral device (e.g. SmartCard reader), or are generated and stored on a secure HSM (Hardware security module). If we choose the last option, we can access the server through robust or two-factor authentication so these certificates can be used like those ones installed on your device.
The advanced electronic signature in other countries
While this Article is based on advanced electronic signatures within the European regulatory framework, there are also other legislative frameworks in which this concept is embodied.
In this article, we will only analyse those countries in which Viafirma currently offers its authentication and signature solutions, namely in Latin America and the Caribbean.
We can start by mentioning the legislation in Colombia. This type of industry is governed by Law 527 of 1999 and Decree 1747 of 2000. According to these regulations, 2 types of signatures can be distinguished:
- Digital signature: ‘’Numerical value which is attached to a data message and which, using a known mathematical procedure, is linked to the originator’s key and to the text message’’. If we read the conditions set out to achieve this qualification, we will also see that they are similar to the requirements of the advanced digital signature in Europe.
- Electronic signature: this type of signature is similar to the simple European electronic signature.
Another country worth studying on the American continent in terms of electronic signatures is Mexico, where we find the advanced electronic signature or FIEL. It should be noted that, although FIEL is known as the advanced electronic signature, in fact this is not the signature directly, but a device for creating the signature.
Finally, we shall also consider the Dominican Republic, which has recently passed Resolution 071-19, updating Law 126-2 on digital signatures, making it similar to European eIDAS regulations by introducing for instance the concept of advanced signature. This simplifies business and commercial relationships between the Dominican Republic and other countries which are technologically more developed in this type of industry.
At Viafirma we offer digital signature solutions to create and manage advanced electronic signatures for companies, public bodies and citizens. These tools allow both face-to-face and remote signatures carried out biometrically, with or without the need of a certificate.
But Viafirma solutions go far beyond, offering the most fundamental features of advanced electronic signatures in terms of legal and security guarantees. They also allow to set signature workflows, create smart forms or the possibility of including a timestamp stipulating when the signature was executed, exact time and date, etc.
In case the advanced electronic signature is carried out with a certificate, we also have a cloud signature solution in charge of both storing and managing certificates so that we can have access them whenever, without the need of installing our certificates on a device.
The Advanced Electronic Signature is an alternative to secure identification, a comfortable solution and it’s indeed widely supported by international regulations. Whatever the type of electronic signature you may require, Viafirma can help you find it.
This document was composed with the free online HTML converter. Click here to give it a try.