Advanced Signature archivos - TCAB - Trust Conformity Assessment Body

Regulation (EU) 910/2014 (EIDAS) defines three kinds of electronic signatures:

• ‘(Simple) Electronic signature ‘: the data in electronic format annexed to other electronic data or logically associated with them used by the signer to sign.

 

• ‘Advanced electronic signature’: means an electronic signature which fulfills the following requirements:
• be bound to the signatory in a unique way.
• permit the identification of the signatory.
• be created using data of creation of the electronic signature that the signatory can use, with a high level of confidence, under its exclusive control, and
• be linked to the data signed by it in such a way that any subsequent modification thereof is detectable.

 

• ‘Qualified electronic signature’: an advanced electronic signature which is created by means of a qualified device for the creation of electronic signatures and which is based on a qualified certificate of electronic signature

 

The advanced electronic signature can be:

• Not certificate-based. In this case, the link between the signer and the signature, the identification of the signer and its creation with a high level of trust, under its exclusive control, must be managed with appropriate techniques, including cryptographic techniques.

 

• Based on certificates. In this case there are two kinds:

1. Not qualified certificates
2. Cualified certificates. Two kinds: Not based on qualified signature creation devices and Based on qualified signature creation devices. The latter is the qualified signature.

Many standards give legal value to different types of advanced firms. For example, Law 18/2011 gives value expressly to the advanced firm based on a qualified certificate, and not based on a qualified signature creation device:

Article 14. Forms of identification and authentication.

1. The Administration of Justice will admit, in its relations by electronic means, electronic signature systems that comply with what is established in (Law 18/2011 makes reference to Law 59/2003, of December 19, of electronic signature, but at present this reference must be understood in relation to Regulation (EU) Regulation 910/2014) and are adequate to ensure the identification of signatories and, where appropriate, the authenticity and integrity of electronic documents.

 

2. Without prejudice to the provisions set in articles 4 and 6 of this Law and in any case, subject strictly to the provisions of procedural laws, citizens and professionals in the field of justice may use the following electronic signature systems to interact with the Administration of Justice:

    (…)

1. b) Advanced electronic signature Systems, including those based on recognized electronic certificate, accepted by the Public Administrations.
2. c) Other electronic signature systems, such as the use of agreed keys in a previous registration as a user, the contribution of information known by both parties or other non-cryptographic systems, in the terms and conditions that in each case are determined.

It shall not be forgotten that Article 25 of EU Regulation 910/2014 defines the legal effects of electronic signatures:

1. No legal effect or admissibility as evidence in judicial proceedings shall be denied to an electronic signature by the mere fact of being an electronic signature or because it does not meet the requirements of the qualified electronic signature.
2. A qualified electronic signature shall have a legal effect equivalent to that of a handwritten signature.
3. A qualified electronic signature based on a qualified certificate issued in one Member State shall be recognized as a qualified electronic signature in all other Member States.