The health crisis has accelerated the digitalization process of companies. With the generalization of teleworking and the reduction of commuting, the possibility of signing documents remotely has revealed its full potential , allowing organizations to continue operating despite the circumstances. For example, 70% of companies have accelerated the adoption of electronic signatures due to the crisis ( Archimag ). Thinking of creating your own company? Has your company implemented a remote signature solution and you want to master the subject? We offer you a glossary of essential terms to know the electronic signature .
Lets start by the beginning. The electronic signature designates a process of signing a digital document using encryption. Therefore, it is not a simple digitization of the handwritten signature. The eIDAS regulation defines this type of signature as “data in electronic form, which is attached or logically associated with other data in electronic form, and which the signer uses to sign”.
Associated with the use of the remote signature for certain levels of security, the electronic certificate is a file that contains information on the identity of its owner, as well as all the data that guarantees the authenticity and integrity of the signatures made. In short, it is the link between the electronic signature and the signatory. This certificate, usually delivered to a natural person acting on behalf of the company, is issued by a trusted third party, for example, a Certification Authority , in turn supervised in France by the French National Information Systems Security Agency. (ANSSI).
Authentication refers to the process by which a user proves their identity to access a service. It can be done in different ways: password, unique code received by SMS or email, facial or voice recognition system, personal questions, etc. The more levels of authentication there are, the more secure the electronic signature is and the less likely it is to be challenged. That’s why we use two-factor authentication (2FA) in connection with the more advanced signing levels.
The eIDAS regulation is a European law that applies to electronic identification, trust services and digital documents. It establishes a common framework for the Member States of the European Union with the aim of promoting the emergence of a “market of digital trust”. This regulation is the one that provides, among other things, the different levels of electronic signature available, as well as the means that must be used to use them.
The eIDAS regulation recognizes three levels of electronic signature:
- The plain signature.
- The advanced signature.
- The qualified signature.
These levels refer to different processes to verify the identity of the signer, which are more advanced as the level of security increases. Thus, a qualified electronic signature requires a digital certificate with face-to-face verification of the applicant’s identity. As for the “simple” signature, it actually refers to all signature procedures that are neither advanced nor qualified.
Face to face
In some cases (qualified or advanced signature with qualified certificate), obtaining a certificate prior to the electronic signature requires an exhaustive verification of identity, known as “face to face” . This verification can be done physically or remotely, with consequences on the control modalities. During a physical encounter, the trusted third party hands the signer a token for authentication. During a remote verification, the signer must make one or more videos to show his face and his identification.
The SMS dialogue is a process that allows the signer of a document to confirm their consent. This process is based on sending two SMS messages. The first, to request approval, and the second, for authentication (using a six-digit one-time code).
Encryption , or encryption , is the process by which data is transformed into a cryptogram, with the aim of protecting it by making it unintelligible to unauthorized persons. To encrypt the data, an asymmetric algorithm and two decryption codes are used, called “keys”, one of which is public (accessible to everyone) and the other private (only the user has it). Cryptography is used to guarantee the integrity, authenticity and confidentiality of a document.
A token is a hardware device (USB key, smart card, etc.) used to encrypt or decrypt content, respectively, through a public or private key. Used in the context of a qualified electronic signature , this device is delivered to a natural person after face-to-face verification of his identity, and allows him to authenticate himself when using the signature tool.
An electronic signature API allows you to create a gateway between the signature tool and business software , to access services directly from the latter and build validation workflows tailored to the business. The use of an API helps to streamline the electronic signature process, shorten the sales cycle and improve the user experience and, therefore, customer satisfaction.