Escrito por: Natalia Herrero Fecha Tuesday 9, February 2021 Categoría: General
Following the technological irruption in the business world in 2020, numerous digital tools have been implemented in companies at a vertiginous rhythm. This is why we are sometimes unfamiliar with the platforms we work with. In the case of electronic signatures, we know that there are different types, but it is increasingly common to hear this question: What is the most secure signature with the greatest legal guarantee?
The European eIDAS regulation recognises 3 types of electronic signature: the simple, advanced and qualified signature. All are valid, legally binding and admissible in court, but we must bear in mind that their legal strength is different, with the lowest being the simple signature and the strongest being the qualified one, which is equivalent to the traditional handwritten signature for legal purposes.
There are certain cases, in which either because it is convenient to have maximum legal security, or because the legislation itself obliges us to use an electronic signature equivalent to the handwritten one, we will opt for the qualified signature. Therefore, we will focus on the qualified electronic signature, due to the benefits it provides in terms of security and legal validity.
The qualified electronic signature is based on the use of qualified digital certificates and the generation of the signature using a secure signature creation device known as QSCD (Qualified Signature Creation Device).
To be considered as a qualified eletronic signature, an electronic signature must also meet three requirements:
As we have already mentioned, the QSCD is a cryptographic device that must have a high level of security as the certificate must only be able to be used on this device (card, hardware security module or HSM, USB…). This device is responsible for generating qualified signatures through the use of specific hardware and software that guarantees that only the signatory has control of their private key in accordance with a Common Criteria EAL4+ certification, which is the security standard created for QSCD cryptographic modules.
In the case of IvSign, it allows the user to have qualified certificates issued directly in QSCD.
We assume that a digital certificate is like an electronic version of a passport or a driving licence. Therefore, the signature creation data must be backed by a Qualified Trust Service Provider (QTSP) in order to remain unique, confidential and protected against fraud. In addition, a qualified certificate can only be acquired through a qualified Certificate Authority, which performs a rigorous verification of the signatory’s identity.
Ivnosys is a Certification Authority and has the proper capacity to issue and revoke certificates, verify and guarantee the identity of the holder and the uses made with the certificate. Once a certificate has been issued, the signatory is ready to sign documents online. The next step is to choose the programme or platform with which to sign the document.
Electronic signature offer numerous advantages: greater agility in closing contracts, signing from any device, saving paper, avoiding unnecessary visits, avoiding new sales opportunities, avoiding routine tasks of searching and filing documents, improving the company’s image, etc.
And there are even more advantages to be gained by using qualified electronic signature: