Digital certificate and electronic signature, what’s the difference?

In recent weeks, the number of companies that are teleworking as a result of COVID-19 has grown exponentially and are adopting digital certificate and electronic signature in their daily work. However, it is important to know these two terms well and use them appropriately.

Digital certificate: security in electronic management

The digital certificate is a digital document that identifies us in the online environment, allowing us to carry out procedures via telematics. As an example, the digital certificate is like an electronic ID that we use to access electronic sites or sign documents, among others.

This makes it the safest way to operate when working on the internet. But why does a digital certificate have so much security?

The digital certificate identifies us in the online environment, allowing us to access electronic sites or sign digital documents.

A key reason is:

• the intervention of the Certification Authority (CA). This is the trusted entity that verifies the identity of the user, and that issues and/or revokes the certificates. When a certificate is used in a transaction with a third party, the CA intervenes as a non-interested party. It provides electronic evidence of the user’s identity and the integrity of the signed document. An example of a Certification Authority is Camerfirma or the FNMT.

Another reason is:

• the centralization of certificates. Especially in these moments of teleworking, it is important to centralize digital certificates so that employees can continue with their tasks from any place and mobile device. All this, with an audit that details who, when and for what has used the certificate. In addition, it allows its use to be shared with employees in the organisation in a secure manner.

Electronic signature: types and connection to the certificate

When we refer to an electronic signature, we are referring to the set of data that, associated with an electronic document, uniquely identifies the signatory and gives legal validity to the signed document (with the certainty that it has not been manipulated or altered after the signature).

The European eIDAS regulation establishes the guidelines for electronic identification and the types of recognised electronic signatures. There is a wide range of types of signature that can be used in each transaction depending on the legal recognition required and the technology available. In addition, the collection of electronic evidence provided by each signature must be taken into account, making it defensible in the event of a dispute.

The main types of signatures are:

• Simple signature: It is based on the Acceptance/Rejection of the information. It is usually used when accepting a terms of use or a privacy policy.
• Advanced OTP (SMS) signature: The signatory receives a code on his or her mobile phone, which he or she must dial when signing the document. It is common in online purchases or banking operations carried out through the app.
• Advanced biometric signature: A signature is drawn on an electronic device, usually a tablet. Biometric data is collected, such as the pressure, inclination and position of the pen with which the user signs.
• Signature with digital certificate: A digital certificate is used to sign the document. The security of this signature is based on the two keys that a certificate has: public and private key. It is recommended that this type of electronic signature be used in transactions that require full legal backing.

The eIDAS regulation recognises the signature with certificate as the most secure type of electronic signature.

With Ivnosys you can acquire these types of signatures, including a fifth one: the signature with certificate centralized in the cloud. Also, the certified communication, although it is not a signature, is a certified delivery of a message by email or SMS.

Digital certificate and electronic signature: tools to secure teleworking

As we can see, digital certificate and electronic signature play a fundamental role for companies now that most processes and communications are carried out electronically.

There are tools that enable companies to continue with their day-to-day operations, as well as communicate with third parties from any device and without the need to move.

At Ivnosys, we have IvSign, our certificate issuing and centralisation platform, which gives companies autonomy and flexibility, allowing them to control the use of the certificates at all times by their employees.

We also have the certified delivery and electronic signature platform, IvCert, which offers all types of electronic signature, allowing you to sign and send documents requesting their signature. It allows to control in real time the status of the shipments and collects the electronic evidence being recognized by Ivnosys as a Qualified Trust Service Provider and Trusted Third Party.