The digital signature encompasses an important set of terms, definitions and concepts, some of them quite technical which can result very confusing for those entering this new path and for the general public.
In this industry we find expressions such as digital signature, electronic signature, digital certificate, biometric signature and more terms that all have different meaning.
If we look around, it is understandable that we have this confusion, often created by the companies themselves. For example, confusing definitions are found in the banking sector when the digital signature is defined as a numerical key or the one that is made with the mouse.
Another very common and important mistake that we must clarify is to believe that digital and the electronic signature are the same, when they are similar concepts but have substantial differences.
The purpose of these signature are to simplify and streamline the processes for private individuals, companies and public agencies. Each one will be more suitable for a particular personal or business circumstance, with the best tools in every case.
Below, we will discuss about the main concepts in the field of digital signature, associated procedures, as well as more technical aspects and the entire legal framework in which it operates.
It is important to note that, unless otherwise indicated, that we will be talking at all times about terms and definitions within the European framework, because outside of this context we find significant divergences depending on the country, causing greater confusion.
What is a digital signature
Technically, digital signature means the cryptographic signature procedure that meets the following characteristics:
- Authentication: That is, whoever signed can be recognized.
- Non-repudiation: the signatory cannot deny that he has digitally signed the document.
- Integrity: it is verified that the document has not been altered after being signed.
Electronic signature is an electronic dataset that is linked to a document to identify the signatory and to ensure its integrity. According to the eIDAS Regulation, which regulates at European level the processes of electronic identification, authentication and trusted services, three types of electronic signature can be found, sorted in increasing order of its level of security:
- Simple electronic signature: This data used for signing are logically linked with others, such as with a document signed on piece of paper, scanned and sent by email (the rubric is linked to the email address).
- Advanced electronic signature: Allows to uniquely identify the signatory and prevents from any alteration, using evidence like timestamps, GPS coordinates or biometric information, among others.
- Qualified electronic signature: created by a qualified signature creation device which is based on a qualified certificate for electronic signatures, such as de DNIe ( Spanish electronic ID document).
The digital signature is integrated within 2 out of the 3 existing electronic signature types, in particular the advanced and qualified, but not of the simple electronic signature.e.
Digitized or biometric signature
What is biometric signature? This concept defines the process of signing on a graphic tablets intended for this purpose, on tablets (iOS, Android or Windows) or on signature pads from manufacturers such as Wacom or Topaz.
The biometric signature goes far beyond the calligraphy stroke of the signature itself. The device also collects information related to the pressure and speed applied and other factors of the manual rubric.
This type of signature can be classified as advanced electronic signature, ensuring signatory identity, non-alteration once signed, when was it signed and that the same signature will not be used again for other documents.
Some widely adopted solutions offer the ”finger signature”, especially in the United States but also in Europe. They use devices that only collect the stroke and have a weak legal and technical security but are suitable for low-risk procedures. They are classified as simple electronic signatures, according to eIDAS regulation.
Differences between the digital certificate and the digital signature
Now it’s time to face one of the most common questions that come up in this industry, as is what differentiates the digital signature of a digital certificate.
Digital signature has already been defined before, but what is a digital certificate? The digital certificate is a computer file that allows the identification of the person making the digital signature.
It is an essential component of the qualified electronic signature, thus granting it the same legal validity as the handwritten signature.
Digital certificates are issued by Trust Service Providers, for instance the Royal Mint (FNMT) in Spain. It can be used for very different purposes, to sign private documents for all kinds of contracts, and official ones like those related to tax payments, or to access Social Security information or data from employment offices, among others.
The valid digitized signature
We’ve already talked about the concept of digitized or biometric signature. Within this topic, the question about the legal validity of this type of signature is recurring , so we will try to resolve this issue.
For the digitized signature to be legally valid, it must meet the following conditions:
- Capture biometric data, such as stroke pressure or speed, so that the signatory can be uniquely identified
- Unique linkage to the signer and the signed data.
- Ability to detect any post-signature changes.
- Ensuring that only the signer can generate that signature
Digitally sign documents at once
For those people that sign a lot of electronic documents every day this can be very tedious and wastes their time. To address this issue, two different kinds of signatures were developed:
- Signature in batch. Allows one user to sign documents at once
- Multi-signature in batch. Same as the one above but including several signatories.
Digital signature security
In the case of qualified signature, the burden of proof lies with the one who rejects the validity of the signature, since one of the features of this signature is the non-repudiation (you cannot deny the completion of a transaction digitally signed with a qualified certificate).
In all other cases, the burden of proof rests with the signatory. That is, in this case we will have to prove that we are the author of that signature.
To achieve this, it will be necessary to gather all necessary piece of evidence to prove us right in a court of law. These tests are based on features that clarify “how was the document signed”. In addition, this data must be duly preserved and its analysis should be accessible.
Digital signature in the countries
How is digital signature regulated in European Union member countries? In this context it’s key to mention the importance of The Regulation (EU) N°910/2014, also known as eIDAS. It sets out the definitions of the types of electronic signature that we have previously discussed, as well as the legal qualities thereof.
The case of the electronic signature in Spain
When looking at the national level, in addition to the eIDAS Regulation, we must take into account the following laws:
- Ley 59/2003 de Firma Electrónica.
- Ley 11/2007 de Acceso Electrónico de los Ciudadanos a los Servicios Públicos.
Orden HAP/800/2014, with specific rules on the use of the electronic signature with electronic, computer and telematic mechanisms in tax relations with the Spanish Tax Agency.
Types of digital signature
What type of signature is used for each file
The digital signature can be presented in different formats, basic and more advanced, which we will see later. As you might assume, depending on the use and context in which the signature is made, it will be more advisable to use one or another. Generally speaking, we recommend the following ones:
- For the general public, it’s advisable to use the PADES format, an advanced e-signature in PDF format.
- For integrated systems, any XAdES format.
- To sign electronic invoices, you are forced to use the XAdES format, according to the Resolución de 24 de agosto de 2017 de la Secretaría de Estado para la Sociedad de la Información y la Agenda Digital y de las Secretarías de Estado de Hacienda y de Presupuestos y Gastos.
Electronic signature formats
Depending on the circumstances and the demands of the situation, basic or advanced electronic signature formats can be used.
Let’s define the latest signature formats:
- XML Signature. Apart from XML, anything that is accessible via a URL can be signed. Its advanced version is XAdES.
- PDF Signature. Complies with ISO-32001 standards. Embedded signature in PDF documents, easy-to-read. Its upgraded version is PAdES
- CMS (Cryptographic Message Syntax). Uses PKCS. For encrypted documents. Its advanced version is CAdES
Digital signature methods
There are many ways to digitally sign one or more documents:
- Unattended signature: Automatic signature that does not need human intervention, placed when the agreed conditions have been met.
- Attending signature: All interested parties are present, either physically or telematicaly
- Signature in batch. Several documents are signed simultaneously.
- Multisignature. A document signed by more than one person
- Multisignature in batch. Several documents signed by several people
- Centralized signature. The certificate that is used to sign is stored in a Hardware Security Module (HSM) thus allowing its access from anywhere.
How to digitally sign
Depending on the type of digital signature we are going to use, it might be necessary to install some specific software for the signature. This will depend on the technical, legal or functional requirements of the client, situation or process.
If a biometric signature is to be made, it’s key to have devices that have the ability to collect biometric data, such as tablets and others; for some types of electronic signature, we will be asked for a digital certificate; in other cases, this certificate will not be a requirement.
In some cases for instance the signature in PDF format a proof of signature is generated.
Advantages of the digital signature
What are the advantages of digital signature over the traditional handwritten signature?
Later we will talk about the advantages to each specific business sector, but, in general, these are the ones:
- Allows you to sign from anywhere at any time, facilitating mobility of the signatories
- Greater security and integrity of the documents as the content of the signed electronic document cannot be altered
- Ensures confidentiality, as it will only be viewed by those who are authorised
- Going Paperless. Increasing material efficiency and reducing administration and storage costs.
What is the universal signature
Universal signature is a concept that greatly facilitates the use of the signature both by those who have to frequently sign a significant amount of documentation, and for those who sign occasionally.
Thanks to the universal signature, you can sign documents regardless of our location, device or operating system we are using. The universal signature complies with the principle of technological neutrality, which states that citizens have the right to choose the most suitable technology for their purposes.
Sign with certificates for mobile devices on-the-go
What is it and where is the mobile e-signature made
As we have seen, electronic signature in a mobile device has been a clear advantage in terms of mobility. Whether if the signature is made on the device itself or on a server will depend on where the certificate is hosted, if case this is requested.
In Viafirma solutions, the signature is fully executed from the mobile device and not from the server.
Can I sign electronically with certificates from my mobile?
Yes, whether they are qualified or unqualified certificates. In the first case, we can get an advanced electronic signature and in the second case, a qualified one.
Is it possible to sign a document without a digital certificate
Of course, but some evidence is required to meet the conditions of advanced digital signature, for instance OTP SMS, which is sent to the phone of the person that will sign, so he can then be identified.
How does the Viafirma electronic signature on-the-go work?
Viafirma allows you to to sign electronically using digital certificates, smartcards and specific signature apps for smartphones.
With Viafirma it’s possible to use web, desktop and native phone applications
Can we sign in iOS and Android?
That’s right, Viafirma is available in both operating systems.
The digital signature in the company’s departments.
The digital signature is present in most of the parts of a company. So it’s worth seeing how it affects the most common sectors of a company.
There’s plenty of paperwork and red tape in the HR department. From contracts to non-disclosure agreements, payrolls, leaves and huge amounts of different type of non-stop documentation to be signed.
That is why the digital signature is set as a powerful tool to streamline these business processes and presenting a modernization image towards both the outside world and employees.
To switch from paper to digital has become an essential element for the sales department.
As a result of digital change, documents are constantly updated and they can all be signed, if necessary, from the same device, reducing wait times an processing times.
Finance and accounting
Balance sheets, budgets, bills… are just three examples of documentation that this department has to deal with.
Everything related to a company’s capital flows must be thoroughly screened and authorized, process in which the digital signature can make it simpler.
The executive board and others with a high level of responsibility do not have much time during the day to do what they want. They also need to sign a lot of documents, a very repetitive process that can take time.
Here the digital signature comes into play with the signature delegation, a powerful tool in which the authorized person can deal with this operation.
Digital signature for business sectors
Insurance companies can benefit from the digitized signature. Many of those advantages are already familiar to us:
- Greater mobility.
- More productivity.
- Less paper
- It has legal validity.
- Provides competitive differentiation
- It’s a more satisfying experience for the customer.
In this field we must highlight the role of the fintech companies that provide online financial services, including those traditional banks which have also adopted this type of service.
The digital signature helps to streamline and protect delicate business operations
We can consider the digital signature in the telecom companies from three different perspectives:
Business to Consumers (B2C): Easier to close a sale and sign contracts. Very useful in telephony companies.
Business to Business (B2B): Agreements with other companies that offer useful services, such as cloud-based, cybersecurity, research and development, etc. All of these business processes involve the use of the digital signature.
Business to Government (B2G): Boosting digitization initiatives, such as the development of smart cities, makes telecommunications companies a powerful ally of public institutions.
The advantages of digital signature in distribution companies, besides the general benefits of the digital signature, are mainly the elimination of the need to use a courier service to sign a contract or any other changes in the service, in the event that there in no delivery nor goods receipt.
In addition, it also prevents the risk of fraud in deliveries as the signatory can easily be identified, as well as the timestamp and location of the delivery.
How does the digital signature influence on the international expansion of companies? We must certainly take this into account in how to take a company global.
Business processes that involve the digital transformation and the creation of a Single Digital Market have boosted those companies that had some doubts on accessing foreign markets.
This is where the concept of mobility is inherently associated to the digital signature, preventing large and frequent movements, and thus opening the door to close deals from anywhere.
The laboratory industry may be one with the greatest levels of bureaucracy . This is due to the fact that they are constantly treating with sensitive information, including confidential informations related to their researches, for instance medical history, results on both tests and methods and informed consents.
Bear in mind that we are talking about a very collaborative working environment, which usually causes delays to be taken into account.
For all these reasons, the digital signature helps to simplify this documentation burden.
Digital signature with Viafirma
What signature formats does Viafirma support and which one best suits my needs?
In previous sections, we have already discussed about the different available electronic signature formats. Viafirma solutions deals with the following digital signature formats:
- XML Signature.
- PDF Signature.
- CMS (Cryptographic Message Syntax) / PKCS#7
- XAdES – XML Advanced Electronic Signature. Set of signatures designed to “discuss among computer systems”. Within this set signature formats were created to meet different needs and scenarios and are sorted according to their characteristics:
- XAdES-BES. Basic Electronic Signature meeting legal requirements to be considered advanced signature.
- XAdES-EPES: It is a XAdES-BES but adding information about the signature policy.
- XAdES-T (timestamp). It is a XAdES-EPES but also covering information on the exact time and date of the signature.
- XAdES-C (complete). Its a XAdES-T but adding references to verification data (certificates and revocation lists).
- XAdES-X (extended). It’s basically a XAdES-C but adding information about the time and date of the entered data for the C extension.
- XAdES-XL (extended long-term). It is an XAdES-X when certificates (public key only) and validation sources used are incorporated.
- XAdES-A (archival). Covers all above information including meta-information related to re-signaturing policies. For documents with long validity periods.
- PAdES: PDF Advanced Electronic Signatures. Just like XAdES, there are several formats:
- Basic. Basic profile that simply meets ISO 32000-1 standards.
- PAdES-BES Profile (Enhaced). Based on CAdES-BES and incorporates option of including a timestamp (CADES-T)
- EPES Profile (Enhaced). A signature policy identifier is added and, optionally, a reference to the type of commitment
- PAdES-LTV Profile (Long Term). This profile allows you to extend the validity of signatures, so in this case we’re talking about a long-lived signature.
Signing with Viafirma
With Documents you can digitally sign documents in any format anywhere, anytime, as this works in the cloud. Depending on the device, you can even make qualified or biometric signatures.
You can upload documents from a PDF, cloud, a pre-designed form and combining the last two options.
It also integrates characteristics for easier use, creating smart forms and compulsory required reading clauses
Our Fortress solution allows the centralized signature, management and control of certificates from the same app in the cloud.
Viafirma Fortress supports robust authentication, delegation of the signature and the management of necessary permissions.
Inbox is our signature inbox or digital signature folder (portafirmas). It allows to use all signature formats supported by Viafirma.
It’s designed to allow signature delegation, signature flows, it’s integrable with any document management system. It can create several web portals, metadata, timestamps and it’s compatible with Viafirma Fortress to increase its features.
Legal framework for Viafirma’s digital signature solutions
In the EU, the digital signature is based on EIDAS Regulation. But Viafirma solutions are also valid in other countries, that’s why we offer all necessary information on digital signature regulations for non-european nations.
The digital signature has established itself as a powerful and versatile tool with important advantages for individuals, companies and public bodies. It has enabled the streamlining of processes that were previously much more complex, it has brought security and legal guarantees what gives an added value to take into account.
Viafirma provides digital signature solutions suitable for any possible business scenario, complying with the current regulations.