Advanced or qualified electronic signature
The electronic signature in a mobile device with Viafirma’s services guarantees at least an advanced electronic signature level, being able to be considered qualified.
The signature in mobile devices can be done with or without certificate. In case of using a certificate, it can be qualified or unqualified.
To better understand each case, we can refer to Regulation (EU) No. 910/2014 of the European Parliament and of the Council, commonly known as eIDAS, the regulation that currently regulates electronic signatures in the member countries of the European Union and in which the classification of electronic signatures is included.
Electronic signature on a mobile device with an unqualified certificate
- It is uniquely linked to the signer. The certificate is linked to the signatory and only to the signatory.
- Allows the signatory to be identified. The certificate contains the necessary authentication data for this purpose.
- The signature must have been created using signature creation means that the signatory can use with a high level of confidence and under his exclusive control. Both access to the signature request (via the mobile application) and the certificate are under the signatory’s exclusive control.
- It is linked to the signed data so that any subsequent alteration can be detected. The signed document, together with other evidences if so established, are associated allowing to check any subsequent modification of the document.
Fulfilling these four requirements, an advanced electronic signature security level is achieved.
Electronic signature on a mobile Device without a digital certificate
In this case, the lack of certificate can be solved through some kind of additional evidence that makes the requirements of an advanced electronic signature are met, for example the use of OTP SMS (One Time Password SMS).
- It is uniquely linked to the signer. The user has a telephone number.
- It allows the signer to be identified. The phone number is personal and belongs exclusively to the signatory.
- The signature must have been created using signature creation means that the signer can use with a high level of confidence and under his exclusive control. Both access to the signature request and the SMS code (sent to the signer’s email and cell phone, respectively) are under the signer’s exclusive control.
- It is linked to the signed data so that any subsequent alteration can be detected. The signed document, together with other evidences if so established, are associated allowing to check any subsequent modification of it.
As can be seen, this case also meets the requirements of an advanced electronic signature.
Electronic signature on a mobile device with a qualified certificate
- It is uniquely linked to the signer. The certificate is linked to the signatory and only to the signatory.
- Allows the signatory to be identified. The certificate contains the necessary authentication data for this purpose.
- The signature must have been created using signature creation means that the signatory can use with a high level of confidence and under his exclusive control. Both access to the signature request (via the mobile application) and the certificate are under the signatory’s exclusive control.
- It is linked to the signed data so that any subsequent alteration can be detected. The signed document, together with other evidences if so established, are associated allowing to check any subsequent modification of it.
- Created by means of a qualified electronic signature creation device and based on a qualified electronic signature certificate. In this case, the certificate used for the signature is contained in a cryptographic card without the possibility of downloading, for example the electronic ID card; or it has been generated directly in a secure server (HSM), for example, the certificate generated in Viafirma Fortress by one of the Certification Service Providers integrated with Viafirma.
In this case, in addition to the four previous ones, a fifth premise is fulfilled, which turns the advanced signature into an electronic signature when it is generated in Viafirma Fortress.