Electronic signature: the innovation that didn’t stop business in the new normal

The pandemic, and the associated lockdowns, have prompted many companies to change their mode of operation. Banks and public administrations, unable to meet customers and citizens face-to-face, have had to adopt new methods. Technology, once again, has found many solutions, which have now become commonplace and widely used. Speaking of banks and administrations, the focus was on electronic signatures.

There are different types of electronic signatures, and they are regulated by the eIDAS. The Electronic IDentification Authentication and Signature is the European regulation that establishes the conditions for mutual recognition in the field of electronic identification and forms the common rules for electronic signatures, web authentication and related trust services.

The simple or weak electronic signature consists of a set of data in electronic form; according to the eIDAS Regulation, they are ‘attached or logically associated to other electronic data and used by the signatory to sign’. It is defined as simple or weak because, in practice, its role is only to give computer authentication to an electronic document. Then there is the advanced electronic signature, which provides greater security than the previous one, as it is linked solely to the signatory and the means used to create it are used under his exclusive control. The process of affixing this type of signature implies that the subscribed data are linked to the advanced electronic signature itself so that any subsequent modification of the signed document can be identified. An example of an advanced electronic signature is the graphometric signature.

Digital is real

The graphometric electronic signature is precisely that which is affixed with a manual movement similar to that of signing on paper but carried out on a device capable of recognizing and acquiring the movements of the hand that usually holds a nib, a stylus. In other words, these are the signatures that people are used to making on particular tablets and that do not require the printing of the document being signed, which is directly authenticated digitally. The systems that monitor the security of this type of solution carry out checks on the correspondence between the signature deposited by the person concerned and its validation. In the event of disavowal problems, a graphologist is able to verify the actual authenticity as he could on a paper document.

Finally, the qualified electronic signature: a particular type of advanced electronic signature which, as the eIDAS regulation states, is “created by a qualified electronic signature creation device and based on a qualified certificate for electronic signatures”. This means that this type of signature is designed to uniquely ensure the identification of the holder and, from a legal point of view, is equivalent to a handwritten signature.

The qualified electronic signature is based on an electronic signature certificate, i.e. an electronic attestation that binds the signature validation data to a person and confirms his name or pseudonym. This certificate must be issued by a qualified trust service provider organization, which meets the requirements defined in the eIDAS Regulation. Qualified electronic signatures are generated using dedicated signature devices (smart card, USB stick, token, mobile authentication code, otp, sms) which (in addition to the overall procedure of course) must comply with security requirements that ensure that the private key used to protect the data remains confidential.

Use cases

Given the difficulty of going to a bank or branch to validate documents and contracts, there is a growing demand for the activation of digital signature services and DVO (De Visu Online). In this way, it is possible to enable those activities that normally require the presence of the signatory in person in an office, dematerializing the customer recognition and authentication phase, up to the actual signing of the documents. The use of digital signatures makes it possible to significantly streamline the relationships between insurance companies, banks and customers. By minimizing the management of documents in paper form, the system is one of the essential enablers of dematerialization, with significant advantages also in terms of costs and reduced waste of resources. The digital signature, consisting of a device and supplemented by a subscription certificate, is functionally completed by the De Visu Online recognition mode via webcam, to verify the identity of a specific user and consent to the signing of documents. Practices that normally require trips to the branches and long waits can now be carried out in front of a computer, from the comfort of one’s own home or workplace, using digital technology.

Is the electronic signature secure?

At its highest level, the electronic signature is certainly secure. This is because of all the requirements described above and the possibility of integrating a face-to-face mode via webcam to further validate the signatory’s will. The electronic signature cannot be forged because it is issued by an official and recognized European body, which has carried out all the security procedures required by the European Union during access. The qualified electronic signature (or digital signature) has precisely defined regulatory constraints in terms of how the identity of the signatory is verified and how the signature key is protected. Its legal value is equivalent to that of a handwritten signature, while the other levels of electronic signature have evidential value. It is therefore legally recognized in all Member States of the European Union.

Antonino Caffo has been involved in journalism, particularly technology, for fifteen years. He is interested in topics related to the world of IT security but also consumer electronics. Antonino writes for the most important Italian generalist and trade publications. You can see him, sometimes, on television explaining how technology works, which is not as trivial for everyone as it seems.