What is the most secure signature? Qualified electronic signature
Escrito por: Marketing Team Fecha Tuesday 9, February 2021 Categoría: General
Following the technological irruption in the business world in 2020, numerous digital tools have been implemented in companies at a vertiginous rhythm. This is why we are sometimes unfamiliar with the platforms we work with. In the case of electronic signatures, we know that there are different types, but it is increasingly common to hear this question: What is the most secure signature with the greatest legal guarantee?
What is a qualified electronic signature?
The European eIDAS regulation recognises 3 types of electronic signature: the simple, advanced and qualified signature. All are valid, legally binding and admissible in court, but we must bear in mind that their legal strength is different, with the lowest being the simple signature and the strongest being the qualified one, which is equivalent to the traditional handwritten signature for legal purposes.
There are certain cases, in which either because it is convenient to have maximum legal security, or because the legislation itself obliges us to use an electronic signature equivalent to the handwritten one, we will opt for the qualified signature. Therefore, we will focus on the qualified electronic signature, due to the benefits it provides in terms of security and legal validity.
The qualified electronic signature is based on the use of qualified digital certificates and the generation of the signature using a secure signature creation device known as QSCD (Qualified Signature Creation Device).
To be considered as a qualified eletronic signature, an electronic signature must also meet three requirements:
- The signatory must be uniquely linked and identified to the firm.
- The data used to create the signature must be under the exclusive control of the signatory.
- It must have the ability to ensure that the data has not been modified after signature.
How is the qualified electronic signature generated?
As we have already mentioned, the QSCD is a cryptographic device that must have a high level of security as the certificate must only be able to be used on this device (card, hardware security module or HSM, USB…). This device is responsible for generating qualified signatures through the use of specific hardware and software that guarantees that only the signatory has control of their private key in accordance with a Common Criteria EAL4+ certification, which is the security standard created for QSCD cryptographic modules.
In the case of IvSign, it allows the user to have qualified certificates issued directly in QSCD.
Who can offer qualified electronic signature?
We assume that a digital certificate is like an electronic version of a passport or a driving licence. Therefore, the signature creation data must be backed by a Qualified Trust Service Provider (QTSP) in order to remain unique, confidential and protected against fraud. In addition, a qualified certificate can only be acquired through a qualified Certificate Authority, which performs a rigorous verification of the signatory’s identity.
Ivnosys is a Certification Authority and has the proper capacity to issue and revoke certificates, verify and guarantee the identity of the holder and the uses made with the certificate. Once a certificate has been issued, the signatory is ready to sign documents online. The next step is to choose the programme or platform with which to sign the document.
Why use qualified electronic signature?
Electronic signature offer numerous advantages: greater agility in closing contracts, signing from any device, saving paper, avoiding unnecessary visits, avoiding new sales opportunities, avoiding routine tasks of searching and filing documents, improving the company’s image, etc.
And there are even more advantages to be gained by using qualified electronic signature:
- Identification: guarantees the identity of the signatory and the electronic signature data being made.
- Accreditation: is the most secure type of signature, recognised by the eIDAS regulation, and is applicable in all EU member states.
- Integrity: it is ensured that the document has not been modified or altered once it has been signed.
- Legal validity: has the same legal robustness as the traditional handwritten signature.
- Security: the electronic evidence provided by the digital certificate makes the qualified signature defensible in case of litigation.
Recent posts
What is an ECM Software or Enterprise Content Management?
Revoked digital certificate: What to do in these cases?
Digital certificate: the secret of market leading companies
New business challenge: dealing with electronic notifications on time
Certification Authority: Who emits a digital certificate?