Are you wondering what an advanced electronic signature is? In this article we analyze exhaustively the qualities that a signature must have to be considered an advanced type according to the European eIDAS regulation. We will also establish a comparison with other types and tell you about the options available to get hold of it and be able to manage it effectively.
Types of electronic signature according to European eIDAS standards
The digital signature universe comprises a set of rules and technical aspects that can become an indecipherable tangle if they are not explained with some clarity. To help a better understanding of all the terms involved, we will define the types of electronic signature covered by current European regulations, paying special attention to one of them, the advanced electronic signature.
Throughout Europe, electronic signatures are regulated by Regulation (EU) No. 910/2014 on electronic identification and trust services for electronic transactions in the internal market, known more briefly as eIDAS.
According to said regulation, specifically in its third article, 3 types of electronic signature are established according to the fulfillment of certain requirements. These 3 categories of electronic signature are:
- Electronic signature
- Advanced electronic signature
- Qualified electronic signature
Simple electronic signature
The eIDAS Regulation defines the simple electronic signature with the following words in Article 3:
“Data in electronic form attached to or logically associated with other electronic data that is used by the signatory to sign.”
Advanced electronic signature
Going back to the same eIDAS article, we find the definition of advanced electronic signature, which is:
“The electronic signature that meets the requirements referred to in Article 26”
But, what are these requirements? To find out, we go through the legal text and turn to Article 26, where we find the conditions for an electronic signature to be considered as advanced:
- Be uniquely linked to the signatory;
- Allow signer’s identification;
- Created using electronic signature creation data that the signatory can use, with a high level of confidence, under the signatory’s exclusive control, and
- Be linked to the data signed by it in such a way that any subsequent modification of the data is detectable.
Here, the term “electronic signature creation data” refers to the unique data used by the signatory to create an electronic signature, a definition also included in Article 3 of eIDAS.
Qualified electronic signature
The qualified electronic signature provided for in this community regulation can be considered as an extension of the advanced electronic signature:
“An advanced electronic signature that is created by a qualified electronic signature creation device and is based on a qualified electronic signature certificate.”
Greater legal validity than the simple type
The simple electronic signature differs essentially from the advanced one in that the latter guarantees the identity of the signatory with total certainty. A fundamental reason when it comes to signing documents of certain importance and/or with sensitive information.
Examples of simple electronic signatures are those scanned handwritten signatures or those that have been made with the mouse or trackpad, without storing any other type of biometric information (such as speed or pressure of the stroke, among many others). This in no way ensures that the person who claims to have signed the document is actually the person who should have signed it. Therefore, its level of security and legal guarantees is the lowest possible.
With an advanced or qualified option we can achieve very high levels of security and legality, without losing sight of the functionality and ease of signature processes and logically offering an excellent user experience.
How to get an advanced electronic signature?
There are several methods that allow us to meet the requirements set by eIDAS for an electronic signature to be classified as advanced. Basically, with or without an electronic certificate.
Advanced electronic signature without certificate
An electronic signature can achieve advanced status without the need to use a signature certificate. To do so, we will need to add a series of electronic evidences to the document.
One of them is the One Time Password (OTP) sent to the signatory’s cell phone.
Here we can also consider the biometric signature, which, as we have already mentioned, collects additional information to the signature of the rubric.
In all these cases, the eIDAS requirements are met, identifying the signatory with exclusivity, giving the signatory control and preventing subsequent changes.
Advanced electronic signature with non-qualified certificate
These certificates include all the data necessary for the creation of the signature that are managed by the signatory and make it possible to detect modifications that invalidate it.
Here we must make a distinction with respect to the qualified electronic signature that is materialized through the use of certificates that are considered qualified, which we have described above.
Qualified signing certificates are either in a physical device, such as a cryptographic card, installed in a device, or generated and stored in a secure server of the HSM (Hardware Security Module) type. If we choose the second option, we can access this server through strong or two-factor authentication in order to use it for the same purposes as locally installed certificates.
Viafirma Suite: Agile and secure solutions
From Viafirma we provide companies, citizens and public entities with solutions for the creation and management of advanced electronic signature. These tools allow the signature in remote and face-to-face environments, without the need of using digital certificates.
But not only are they limited to the most fundamental functionalities of this type of signature with its legal and security guarantees, but they also provide additional interesting options such as the design of signature flow, the creation of intelligent forms or the possibility of including a time stamp that makes official the exact moment at which the signature was signed, among many others.
In the case that the advanced electronic signature is made with a certificate, we also have a signature solution in the cloud in charge of storing and managing them so that we can access them without the need to have them on the device, with its consequent contribution to mobility.
The advanced electronic signature is a secure identification alternative, as well as comfortable and with wide international legal support. Whatever type of electronic signature you need, in Viafirma we can help you to get it.