The digital signature encompasses an important set of technical terms, definitions and concepts which can result very confusing for those who are entering this new path, as well as for the general public.
In this industry, we find expressions such as digital signatures, electronic signatures, digital certificates, biometric signatures, etc, which all have different meaning.
If we look around, it is understandable to be confused, often created by companies themselves. For example, confusing definitions are found in the banking sector when they refer to digital signatures as a numerical key or the signature drawn with the mouse.
Another very common and important mistake that we should clarify is that digital signature and the electronic signature are not the same, when indeed they have similarities but have substantial differences.
The purpose of these signatures are to simplify and streamline the business process of individuals, companies and public agencies. Each one will be more suitable for a particular personal or business scenario, providing the best tools for each situation.
Below, we will discuss about the main concepts in the field of digital signatures, related procedures, technical aspects and the legal framework.
Please note that we will be talking at all times about terms and definitions within the European framework, because outside this zone we may find significant divergences within countries, which may lead to greater confusion.
What are digital signatures?
Technically speaking, a digital signature means the cryptographic signature procedure that meets the following characteristics:
- Authentication: That is, whoever signed can be recognized.
- Non-repudiation: the signatory cannot deny that he/she has digitally signed the document.
- Integrity: it is verified that the document has not been altered after being signed.
Electronic signature is an electronic dataset that is linked to a document to identify the signatory and to ensure its integrity. According to eIDAS Regulation, which regulates at European level the processes of electronic identification, authentication and trust services, three types of electronic signatures can be found, sorted in increasing order depending on the level of security:
- Simple electronic signature: This data used for signing is logically linked with others, such as with a document signed on paper, scanned and sent by email (the rubric is linked to the email address).
- Advanced electronic signature: Allows to uniquely identify the signatory and prevents from any alteration, using evidence such as timestamps, GPS coordinates or biometric information, etc.
- Qualified electronic signature: created by a qualified signature creation device which is based on a qualified certificate for electronic signatures, such as de DNIe ( Spanish electronic ID document).
The digital signature is integrated into 2 out of the 3 existing types of electronic signature, in particular the advanced and qualified e-signature, but not of the simple electronic signature.
Digitized or biometric signature
What is biometric signature? This concept defines the process of signing on tablets (iOS, Android or Windows) or Wacom/Topaz signature pads.
The biometric signature goes far beyond the calligraphy stroke of the signature itself. The device also collects information related to pressure and speed applied, as well other elements in terms of manual rubric.
This type of signature can be classified as advanced electronic signature, ensuring the identity of the signatory, its non-alteration once signed, the date of signature and certifying the signature will not be used again for other documents.
Differences between digital certificates and digital signatures
Now it’s time to face one of the most common questions that come up in this industry, as is what differentiates the digital signature of a digital certificate.
Digital signatures are defined above, but what is a digital certificate? A digital certificate is a computer file that allows to identify the person who signs electronically.
It is an essential element of the qualified electronic signature, thus granting the same legal validity as the handwritten signature.
Digital certificates are issued by Trust Service Providers, for instance the Royal Mint (FNMT) in Spain. It can be used for very different purposes, to sign private documents for all kinds of contracts, as well as official documents like those related to tax payments, or to access to information related to Social Security, employment offices, etc.
The valid digitized signature
We’ve already talked about the concept of digitized or biometric signature. Within this topic, it’s frequent to question the legal validity of this type of signature, so we will try to resolve this issue.
For the digitized signature to be considered legally valid, it must meet the following conditions:
- Capture biometric data, such as stroke pressure or speed, so that the signatory can be uniquely identified
- Unique linkage to the signer and the signed data.
- Ability to detect any post-signature changes.
- Ensuring that only the signer can generate that signature
Digitally sign documents at once
For those people that sign stacks of electronic documents it can be very tedious and a waste of time. To address this issue, two different kinds of signatures were developed:
- Bulk signing. Allows one user to sign documents at once
- Multi bulk signing. Same as the above but including several signatories.
Digital signature security
What should we do if they reject our digital signature?
In the case of qualified signatures, the burden of proof lies with the one who rejects the validity of the signature, since one of the features of this signature is non-repudiation (you cannot deny the completion of a digitally signed transaction with a qualified certificate).
In all other cases, the burden of proof lies with the signatory. That is, in this case we will have to prove that we are the signatory
To achieve this, it will be necessary to gather all necessary evidence to prove us right in a court of law. These tests are based on features that clarify “how was the document signed”. In addition, this data must be duly preserved and its analysis should be accessible.
The digital signature in different countries
How are digital signatures regulated in the European Union member countries? In this context it’s key to mention the importance of Regulation (EU) N°910/2014, also known as eIDAS. It sets out the definitions of the three types of electronic signatures that were mentioned above, as well as the legal qualities thereof.
The electronic signature in Spain
When looking at national level, in addition to the eIDAS Regulation, we must take into account the following laws:
- Ley 59/2003 de Firma Electrónica.
- Ley 11/2007 de Acceso Electrónico de los Ciudadanos a los Servicios Públicos.
Orden HAP/800/2014, with specific rules on the use of the electronic signature via electronic, computer and telematic mechanisms in tax relations with the Spanish Tax Agency.
Types of digital signatures
What type of signature is used for each file
The digital signature can be presented in different formats, basic and more advanced, which we will see later. As you might assume, depending on the use and context in which the signature is performed, it will be more advisable to use one or another. Generally speaking, we recommend the following ones:
- For the general public, it’s advisable to use the PADES format, an advanced e-signature in PDF format.
- For integrated systems, any XAdES format.
- To sign electronic invoices, you are forced to use the XAdES format, according to the Resolución de 24 de agosto de 2017 de la Secretaría de Estado para la Sociedad de la Información y la Agenda Digital y de las Secretarías de Estado de Hacienda y de Presupuestos y Gastos.
Electronic signature formats
Depending on the circumstances and the demands of the situation, basic or advanced electronic signature formats can be used.
Let’s define the latest signature formats:
- XML Signature. Apart from XML, anything that is accessible via a URL can be signed. Its advanced version is XAdES.
- PDF Signature. Complies with ISO-32001 standards. Embedded signature in PDF documents, easy-to-read. Its upgraded version is PAdES
- CMS (Cryptographic Message Syntax). Uses PKCS. For encrypted documents. Its advanced version is CAdES
Digital signature methods
There are many ways to digitally sign one or more documents:
- Server-based signature: Automatic signature that does not need human intervention, placed when the agreed conditions have been met.
- Face-to-face signature: All interested parties are present, either physically or telematicaly
- Bulk signing. Several documents are signed simultaneously.
- Multisignature. A document signed by more than one person
- Multisignature in batch. Several documents signed by several people
- Centralized signature. The certificate used to sign is stored in a Hardware Security Module (HSM) thus allowing its access from anywhere.
How to digitally sign
Depending on the type of digital signature we are going to use, it might be necessary to install some specific software for the signature. This will depend on the technical, legal or functional requirements of the client, situation or process.
If we sign biometrically, it’s key to have devices that have the ability to collect biometric data, such as tablets and others; for some types of electronic signatures, we will be asked for a digital certificate; in other cases, this certificate will not be a requirement.
In some cases the evidence of signature is created, for instance the signature in PDF format.
Advantages of the digital signature
What are the advantages of digital signatures over the traditional handwritten/wet signature?
Later on we will talk about the advantages to each specific business sector, but, in general terms, these are the ones:
- Allows you to sign anywhere at any time, simplifying the mobility of the signatories
- Greater security and integrity of the documents as the content of the signed electronic document cannot be altered
- Ensures confidentiality, as it will only be viewed by those who are authorised
- Going Paperless. Increasing material efficiency and reducing administration and storage costs.
What is the universal signature
The universal signature is a concept that greatly simplifies the use of the signature both by those who have to frequently sign a significant amount of documentation, and for those who sign occasionally.
Thanks to the universal signature, you can sign documents regardless of our location, device or operating system. The universal signature complies with the principle of technology neutrality, which states that citizens have the right to choose the most suitable technology for their purposes.
Sign with certificates for mobile devices on-the-go
What is it and where is the mobile e-signature drawn?
As we have seen, electronic signatures in mobile devices have been a clear advantage in terms of mobility. Whether if the signature is drawn on the device or on a server will depend on where the certificate is hosted, if case this is requested.
In Viafirma solutions, the signature is fully executed from the mobile device and not from the server.
Can I sign electronically with certificates from my mobile?
Yes, whether they are qualified or unqualified certificates. In the first case, we can get an advanced electronic signature and in the second case, a qualified one.
Is it possible to sign a document without a digital certificate?
Of course, but some evidence is required to meet the conditions to be considered advanced digital signature, for instance OTP SMS, which is sent to the signatory’s smartphone, so they can be identified.
How does the Viafirma esignature on-the-go work?
Viafirma allows you to to esign with digital certificates, smartcards and specific signature apps for smartphones.
Viafirma enables to use web, desktop and native phone applications
Can we sign in iOS and Android?
Yes, Viafirma is available in both operating systems.
The digital signature in the company’s departments.
The digital signature is present in most parts of a company. So it’s worth seeing how it affects the most common sectors of a company.
There’s plenty of paperwork and red tape in the HR department. From contracts to non-disclosure agreements, payrolls, leaves and huge amounts of different type of non-stop documentation to be signed.
That is why the digital signature is set as a powerful tool to streamline these business processes and helps companies to modernise their image.
To switch from paper to digital has become an essential element for the Sales Team.
Thanks to digital transformation, documents are constantly updated and they can all be esigned from the same device, reducing wait times and processing times.
Finance and accounting
Balance sheets, budgets, bills… are just three examples of documentation that this department has to deal with.
Everything related to a company’s capital flows must be thoroughly screened and authorized, therefore digital signatures can help accelerate this process.
The executive board does not have much time during the day to do what they want. They also need to sign a lot of documents, a very repetitive process that can take time.
The signature delegation helps streamline the signing process of the board. It’s a powerful tool where the authorised person can handle this operation.
Digital signatures in different business sectors
Insurance companies can benefit from the digitized signature. Many of those advantages are already familiar to us:
- Greater mobility.
- More productivity.
- Less use of paper
- Legally binding
- Provides competitive differentiation
- It’s a more satisfying experience for the customer.
In this industry we must highlight the role of fintech companies which provide online financial services, as well as traditional banks which have also adopted this type of service.
The digital signature helps to streamline and protect delicate business operations
Three ways to use digital signaturs in telecom companies:
Business to Consumers (B2C): Easier to close a sale and sign contracts. Very useful in telephony companies.
Business to Business (B2B): Agreements with other companies that offer useful services, e.g., cloud-based, cybersecurity, research and development services, etc. All of these business processes involve the presence of digital signatures.
Business to Government (B2G): Boosting digitization initiatives, such as developing smart cities, makes telecommunications companies a powerful ally of public institutions.
The advantages of digital signatures in distribution companies, besides the general benefits of the digital signature, are mainly the elimination of the need to use a courier service to sign a contract or any other other changes in the service, in the event that there is no delivery nor goods receipt.
In addition, it also prevents the risk of fraud in deliveries, as signatories can easily be identified, as well as the use of timestamps and location of the delivery.
Companies going global
How digital signatures influence on the international expansion of companies? We must certainly take this into account when taking a company global.
Business processes that are going digital, as well as the creation of the European Single Digital Market have pushed those companies with doubts towards expanding to foreign markets.
This is where the concept of mobility is inherently associated to the digital signature, allowing to close agreements anywhere.
The laboratory industry may be the one with the highest levels of bureaucracy. This is due to the fact that they are constantly treating with sensitive information like confidential information on research, e.g, medical histories, results on test, informed consents, etc.
Bear in mind that we are talking about a very collaborative working environment, which usually causes delays to be taken into account.
For all these reasons, the digital signature helps managing this document overload
The digital signature with Viafirma
What signature formats does Viafirma support and which one best suits my needs?
In previous sections, we have already discussed about the different available electronic signature formats. Viafirma solutions support the following digital signature formats:
- XML Signature.
- PDF Signature.
- CMS (Cryptographic Message Syntax) / PKCS#7
- XAdES – XML Advanced Electronic Signature. Signatures designed to “discuss among computer systems”. Within this set signature formats were created to meet different needs and scenarios and are sorted according to their characteristics:
- XAdES-BES. Basic Electronic Signature meeting legal requirements to be considered advanced signature.
- XAdES-EPES: It is a XAdES-BES but adding information about the signature policy.
- XAdES-T (timestamp). It is a XAdES-EPES but also covering information on the exact time and date of the signature.
- XAdES-C (complete). Its a XAdES-T but adding references to verification data (certificates and revocation lists).
- XAdES-X (extended). It’s basically a XAdES-C but adding information about the time and date of the entered data for the C extension.
- XAdES-XL (extended long-term). It is an XAdES-X when certificates (public key only) and validation sources used are incorporated.
- XAdES-A (archival). Covers all the above information including meta-information related to re-signaturing policies. For long term validity documents.
- PAdES: PDF Advanced Electronic Signatures. Just like XAdES, there are several formats:
- Basic. Basic profile that simply meets ISO 32000-1 standards.
- PAdES-BES Profile (Enhaced). Based on CAdES-BES and incorporates option of including a timestamp (CADES-T)
- EPES Profile (Enhaced). A signature policy identifier is added and, optionally, a reference to the type of commitment
- PAdES-LTV Profile (Long Term). This profile allows you to extend the validity of signatures, so in this case we’re talking about a long-lived signature.
Signing with Viafirma
With Viafirma Documents you can digitally sign documents of any format anywhere, anytime, as it’s a cloud-based solution. Depending on the device, you can draw qualified or biometric signatures.
You can upload documents from a PDF, cloud, a pre-designed form and combining the last two options.
It also integrates characteristics for easier use, creating smart forms and compulsory reading clauses
Our Fortress solution allows to centralise the signature, to manage and control certificates from the same app in the cloud.
Viafirma Fortress supports robust authentication, signature delegation and to manage permissions.
Inbox is our digital signature folder. The best on the market. Supports all signature formats.
It aims to delegate the signature, create signature workflows and can be integrated into any document management system (DMS). It can create several web portals, metadata, timestamps and it’s compatible with Viafirma Fortress to increase its features.
Legal framework for Viafirma’s digital signature solutions
In the EU, the digital signature is based on EIDAS Regulation. But Viafirma solutions are also legally valid in other countries, therefore we offer information on digital signature regulations for non-european nations.
Digital signatures are now a powerful and versatile tool that provide important advantages for individuals, companies and public bodies. It has accelerated business processes that were previously much more complex, it has also brought security and legal guarantees what gives an added value to take into account.
Viafirma provides digital signature solutions suitable for any business case scenario and are strictly adhered to the current regulations.