What is an Electronic Signature?
With an electronic signature, it is possible to ensure document integrity and authenticity of origin.
What is an electronic signature used for?
An electronic signature allows us to safely carry out electronic transactions with clients, banks, suppliers or public administrations, meaning millions of daily communications with partners around the world.
In the business context, purchase orders, invoices, shipment notices, contracts, etc., are sensitive and important transactions. They require different technologies to properly create, send and receive messages.
The sensitivity and importance of these communications mean it is necessary to adopt systems that also guarantee their security, confidentiality and integrity.
Characteristics of an Electronic Signature
Confidentiality: The ability to keep an electronic document inaccessible to all but the receiver for whom the message is intended.
Integrity: A guarantee that the document received coincides with the document that was sent, without the possibility for any changes.
Authenticity: The capacity to determine if someone has established their acknowledgement and committment to the content of the electronic document.
EDICOM's Electronic Signature Services
EDICOMSignADoc
A service to approve contracts and any type of document by using an electronic signature.
Remote Signing
Advanced electronic document signature services from secure EDICOM signature creation devices.
What is electronic certification?
A digital certification is a document signed electronically by a certification service provider that links signature verification data to a signatory and confirms the signatory's identity. The signatory is the person who possesses a signature creation device and who acts on their own behalf or on behalf of a natural or legal person they represent.
To this end, the applicant is accredited by the certification authority and is unequivocally linked to the certificate. Thus, it provides a unique electronic identifier that allows you to carry out all types of electronic transactions requiring authentication.
Certificates must be issued by an accredited certification authority, integrated in a PKI (Public Key Infrastructure).
Uses for Electronic Certification
1. Electronic signature
Certification is used to sign all kinds of digital documents, from simple e-mails to the most complex commercial contracts. This means a non-repudiation guarantee, unequivocal knowledge of who the document sender is, and document integrity.
2. Communication security
Certifications codify communication between two people, making all transmitted information confidential. This guarantees that any document sent by either party is closed and can only be opened by the legitimate recipient.
3. Certified digitalization
The legislation of many countries allows an original paper document to be substituted with its digital equivalent. This ensures identical legal guarantees, provided that certain procedures, like digital signatures, are observed.
4. Personal identification
This allows for identity recognition in the digital or physical space, allowing or restricting access and recording identity.
5. Software signing
Digital certificates are used to sign software. This allows the entity using the software to ensure original status, know who created the software, and—most importantly—ensures that the signature is not modified after it is created.
How does an electronic signature work?
In an analog context, authenticity is proven by a handwritten signature. An individual or several individuals use it to acknowledge the content of a document and, if applicable, their commitment to comply with the obligations and agreements established therein.
In the context of electronic messages, confidentiality, integrity and authenticity are addressed through cryptography with electronic certificates and electronic signature processes. An electronic certificate is a piece of software. It explicitly identifies a person through a known public code and contains the certificate owner's data, as well as a private code known only by the certificate holder.
With these certificates, an electronic signature is obtained based on a process like this:
1. Certification transmission
The sender obtains the document summary or HASH. This establishes the message's unique digital imprint. If the message has any minor change, this imprint changes.
2. Encryption
This HASH is encrypted with the sender's private code.
3. Receiving
The receiver gets the message and the encrypted HASH.
4. Decryption
Decryption is carried out with the sender's public code. If the process is carried out successfully, the origin of the message is guaranteed (the message is authentic).
5. HASH application
At the same time, the receiver applies the same HASH algorithm to the message as the sender. The imprint obtained is compared to the "decrypted" imprint. If they are the same, this verifies that the message has not been modified (the message is intact).
Types of Electronic Signatures
Electronic signature types are defined in Directive 1999/93/EC. Their recognition has been extended and streamlined through eIDAS regulation.
Electronic signatures technically provide better security and privacy levels based on two fundamental factors:
Certifications Issued by a Trusted Service Provider
Recognized Certifications
These are issued by the registration authority of the Trusted Service Provider after reliable identification of the certificate holder. It normally involves the certificate holder going to the registration point so that the certificate can be issued once identity is authenticated.
Unrecognized Certifications
These do not require prior identification of the certificate holder. They are usually associated with identification such as emails or cell phones, generating an association between the certificate data and its holder after the implementation of processes that involve communication through any of these means.
Certification Support Systems
Certification Support Software
These are hosted on the hard drive of one of the owner's devices. Their delivery usually involves sending the credentials by a conventional channel such as e-mail or through a download service from the trusted service provider's sites.
Certification Support Hardware
Issuing these certifications implies delivery on a device from which it cannot be removed. Thus, the certification requires the use of the device, which could be a cryptographic card.
The type of certification and signature creation device used will provide greater guarantees to the extent that we use secure signature creation systems based on recognized certifications. From here, there are 3 types of recognized signatures:
Simple Electronic Signature
This is the simplest and most-used signature. Its suitability will be determined by the nature of the transaction, and it is valid in many contexts. It is defined as "data in electronic form attached to, or logically associated with, other electronic data, used as a means of authentication".
Advanced Electronic Signature
This must meet the following requirements:
- Be uniquely linked to the signatory
- Allow identification of the signer
- Be created using means under the sole control of the signatory
- Be linked to the pertinent data in such a way that any subsequent changes are detectable.
Qualified Electronic Signature
This is the definition from eIDAS regulation. It refers to an advanced electronic signature on the device of a recognized certification. This type of signature was discussed in Directive 1999/93/EC, although it was not directly defined in the text of that law.
Qualified Trust Services
A qualified trust service has the corresponding accreditations and the proper technology to offer specific electronic identification services such as electronic signatures.
The services provided by this type of supplier give individuals and legal entities the secure electronic identification mechanisms that allow them to carry out activities where the electronic signature replaces the handwritten signature—with identical legal guarantees.
Subscribe to our newsletter
Sending
Please wait. This may take several seconds.
