Dec 21, 2020
Digital certificate and its role in the e-signature
Digital certificate, electronic certificate or qualified certificate is the basis for the development of electronic signature of the highest security and legitimacy. Both the signature and the digital certificate cannot be understood without the other, especially when we talk about a qualified electronic signature.
The use of the digital certificate and signature plays a crucial role in online operations of all kinds, but especially in those that are more transcendental and critical.
eIDAS(electronic IDentification, Authentication and trust Services) regulation establishes the structural framework within which the electronic signature and certificate are framed in Europe. However, the signature and digital certificate solutions that match this standard also comply with the regulations of other states and countries, since eIDAS is presented as the standard and secure model worldwide.
Download here for free the complete guide on eIDAS and AML5, the regulatory standards on electronic signature and digital certificate.
E-signature digitally represents subjects and indicates their willingness to accept the content of a document or to carry out a process on their behalf. It is equivalent to the handwritten signature, although it is endowed with greater legitimacy and security given its technical characteristics of identity verification.
The digital signature can be named in different ways and divided into three types according to the depth of its technical characteristics. Thus, we can carry out this classification:
- Simple electronic signature: In the simple signature there is no obligation to create an identification pattern of the signer. It is a standard signature digitized in an electronic document.
- Advanced electronic signature: This type of signature is presented as the most versatile one for all types of situations. As a requirement to be considered as advanced, the electronic signature must be linked to the signer in a unique and non-transferable way, allowing its exact identification and with sealed and subsequently unalterable data that link the signer with the document. A digital certificate is emitted and used within this kind of signature.
- Qualified electronic signature: This signature must meet all the requirements of the advanced one with a radical difference: its creation must be done using a qualified certificate issued by a trusted service provider issuing entity. It is the e-signature necessary for procedures and processes related to public administration.
Know in-depth in this article all the details about the qualified electronic signature.
The digital certificate
Digital certificate, electronic certificate and qualified certificate have been confused at times. The realization, as we have seen, of an advanced signature is an issuance of an advanced digital certificate, while for the certified one the term qualified certificate corresponds and is used for digital certificates issued by a Qualified Trust Services Provider.
Thus, we define the electronic or digital certificate (qualified or not) as a computer file and digital declaration that joins the signature and identity data with, at least, the name or pseudonym of the signer and that is issued by an entity. This encrypted data is securely created under the X.509, SPKI, PGP or SAML standards, among others.
Digital certificates can be presented as software certificates and hardware certificates. The first ones are a digital file without physical support in a server where it is hosted and can be accessed or in a PC, tablet or smartphone where it is installed. On the other hand, the hardware certificates are located on a physical medium such as a card.
Digital certificates can represent and identify a natural person, the representative of a legal person, representative of entities without legal personality or public administration (AP certificate). The use of these digital certificates can occur in cases such as:
- Online tax procedures.
- Documentation signature.
- Acceptance of conditions.
- Transfer of rights.
- Appeals and complaints.
- Census and housing procedures.
- Remote medical procedures.
How to obtain and use a digital certificate
Certification services providers or certification authorities can issue digital qualified certificates to validate and certify that the electronic signature corresponds to the signatory person or entity. Thus, the entity will provide the digital certificate that includes name, NIF, algorithm, signature keys, validity date and qualified body so that it can be used by the user in their digital signature processes.
The key step for the creation of the digital certificate is the proper identification of the user through a high-security identity verification process, performing guarantees and complying with eIDAS regulation. This process is also called and commonly known as the KYC (Know Your Customer) or KYB (Know Your Business) process. in industries such as finance or insurance where the electronic signature is part of the day-to-day.
The use of the digital certificate is simple and agile, giving through the use of the given file and key for qualified electronic signatures, and video identification process and signature for advanced electronic signature.
Get an in-depth look at VideoID, eID’s standard video identification solution, integrated with SignatureID.
eID, digital certificates and signature services provider
Electronic IDentification, as Trust Service Provider and with qualified entities as partners, grants advanced and qualified digital certificates for both users and entities.
Likewise, the development and use of the electronic signature is possible thanks to our comprehensive electronic signature solution SignatureID, which, through a simple API, is integrated into the processes for the realization of simple, advanced or qualified signature.
Contact eID through this form and request a demonstration of SignatureID and our digital certificate issuance services.