Docuten allows you to sign with different types of digital signature. Below we describe the legal aspects involved in each of the options provided.
Signature levels include qualified electronic signature and advanced electronic signature.
The legal validity of a digital signature is outlined by European Regulation (Nº910 /2014) on electronic signature (eIDAS) as well as other international standards. Under elDAS, the following levels of electronic or digital signature are laid out:
Qualified electronic signature
- Legally equivalent to a handwritten signature.
- Obtained through qualified certificates.
- Represents the highest level of electronic signature.
Advanced electronic Signature (equivalent to handwritten signature if it meets the below requirements)
- Uniquely linked to the signatory.
- Allows for the identification of the signatory.
- Created using means under the exclusive control of the signatory.
- Linked to data signed in such a way that any subsequent changes are detectable.
All of Docuten’s signature solutions fit into these signature classifications, and are thus legally valid and secure.
Centralised Signature (sign from anywhere): Legal Validity
The entry into force of the European Regulation (Nº910/2014) on electronic signature (eIDAS) has allowed for centralisation: electronic certificates are stored on the server and can be used from any computer or mobile device.
- The certificate remains in the sole custody of the signatory, and can only be accessed with the password with which it was encrypted.
- At the time of signing, a one-time code (OTP) is sent to the mobile phone or email of the signatory, and has to be used to complete the signature process.
- The certificate is kept on the server, and no additional components are necessary for its use.
With centralised signing (signing from anywhere), both qualified and non-qualified certificates can be used:
- Non-qualified certificates, issued by the digital signature platform. In this case, the signature would be an advanced electronic signature.
- Qualified certificates, issued by a “Qualified Certification Authority.” In this case, the signature would be a qualified electronic signature. This type of signature is only available through the Docuten Enterprise Plan. Contact us and we will clarify any questions you have regarding this plan.
Biometric Signature: Legal Validity
Docuten’s biometric signature solution allows you to sign documents with full legal validity from a mobile device, tablet, or smartphone for iOS and Android systems.
The signature is valid since the biometric data of the signature (speed in x, speed in y, acceleration in x, acceleration in y, angular accelerations, pressure variation / pseudo pressure, number of strokes, order of strokes, trace durations, etc.) are securely stored in the signed document.
Biometric data is encrypted with the public component of an encryption key. The private component is stored by the certification authority or notary that generated it, and only upon court request is this used to decrypt biometric information. Below you will find more information on the biometric signature.
Docuten’s biometric signature offers the highest level of security:
- The final encrypted and signed document can never be modified. If so, the hash and the digital signature would be altered, which would be indicated in the history of the document.
- The biometric data of the signature can only be accessed by those who have the private key of the master certificate.
- The time stamp that is included along with the biometric data certifies the exact moment of signing.
- The full original document to be signed is the one sent to the mobile device, not an image or part of the original document.
- The mobile device sends the signed document to the server with the biometric signature information encrypted and stored within the signed document itself, the original document and the signature are not bound outside the tablet. Regarding security, it is very important that this process is carried out on the device itself and that the document and the biometric signature are not separated since that could jeopardise access and safekeeping of the document’s signature.
- The platform is complemented by a forensic verification tool intended to be used by a handwriting expert in the event of a dispute regarding the signed document. Using this tool, the expert is able to discern whether or not the signature on the signed document belongs to the alleged signatory.
On-premise Signature: Legal Validity
On-premise signatures are carried out with qualified electronic certificates which offer the highest level of digital signature: the qualified electronic signature.
Electronic certificates can be generated using:
- Cryptographic cards.
- USB tokens.
Docuten’s on-premise signature solution is compatible with all operating systems and browsers, and has been implemented using Java Web Start (replacing the old applets).