eIDAS: Types of electronic signature. Biometric Signature

eIDAS: Electronic identification regulation in the EU

The EU Parliament and the Council of the EU adopted in July 2014 the Regulation Nº910/2014 (eIDAS) designed to create consistent regulations and standards across the EU for electronic identities and for trust services supporting authentication and signatures. This law repeals the previous directive established 15 years earlier (Directive 1999/93/EC), which already established a standard for electronic signatures.

On 29 September 2018, the compulsory mutual recognition of electronic IDs among Member States came into effect. On this date, all online public services using electronic identification at a high level must accept the electronic identification systems of other European countries.

This way, eIDAS fosters the confidence of consumers and SMEs by encouraging the use of identity verification services and removing barriers when it comes to secure online payments among EU Member States.

Apart from the electronic signature, eIDAS builds a regulatory framework for trusted services like time-stamping seals, electronic documents, mail certificates, as well as certificates for web authentication.

Therefore, the eIDAS regulation is very strict regarding the handling of personal data, since it allows the use of identification data exclusively for the explicit service requested.

What Types of Electronic Signatures are defined by Eidas?

The electronic signature acquires a great relevance within the regulation due to its massive use, its transversality to multiple industries and because we avoid identity theft and the use of paper.

Just as differing levels of physical signature verification are appropriate in different situations, there are also different digital signature levels:

• Electronic Signature,
• Advanced Electronic Signatures (the biometric signature is considered an advanced electronic signature) and
• Qualified Electronic Signatures,

To assess the suitability of each of them, we can consider the following parameters:

• Identification, the confidence you have that the person who signed is the actual person.
• Integrity, regarding document tampering. The document hasn’t been modified after it’s been signed.
• User experience, usability that enables the adoption of this technology.
• Authentication, verification that the signature has been undertaken by the signer.

Electronic Signature

An electronic signature can be any kind of online or computerised signature where the signer accepts the conditions of the signed document, including an email message, a button accepting the clauses of a contract or a word processing document. It’s the generic idea, referring to the legal concept of signing something electronically.

The electronic signature does not require that the signature, or the acceptance by the signatory, is identified with the identity of a person. Furthermore, it is created under the unique control of the signatory, without any control of either the device used, the certificate or the system.

The way used sometimes to verify the signatory identity is through the email address used to send the document. Either way it is impossible to know who has really signed that document.

Advanced Electronic Signature

The Advanced Electronic Signature offers a higher level of security than the electronic signature and achieves the perfect balance between security and usability, while providing a great experience of use and legal validity.

An advanced electronic signature has to meet all the requirements established in Article 26, which at the minimum, must be:

1. Uniquely linked to the signatory
2. Capable of identifying the signatory
3. Created in a way that ensures the signatory can maintain sole control
4. Linked to the data it relates to in such a manner that any subsequent change to the data is detectable.

As competent authorities in the Member States currently use different formats of advanced electronic signatures to sign their documents electronically, it is necessary to ensure that at least a number of advanced electronic signature formats can be technically supported by Member States when they receive documents signed electronically.

Qualified Electronic Signature

Despite being the signature with more legislative power within the EU, it has never been used in a massive way because of its lack of usability and its dependence on hardware devices.

When it comes to signing, users need to have a qualified certificate, in addition to a device for creating a qualified signature, which must meet certain specifications.

Qualified trust services provide a stronger specific legal effect than non-qualified ones as well as higher technical security. Qualified trust services, therefore, provide higher legal certainty and higher security of electronic transactions.

Due to this need for requirements, the use of qualified electronic signatures is mainly reserved for procedures and applications with public administrations.

Our biometric signature as Advanced Electronic Signature

The biometric signature captured with procedures based on MobbSign which electronically collects unique biometric data from each individual to securely associate them with the content of an electronic document, meets the legal requirements in order to be considered as an advanced electronic signature, in the terms defined by Article 26 in eIDAS, because it allows to identify the signatory and detect any further change on the signed document.

Mobbeel can help you with the digital transformation of your business model, bringing technologies to the market, such as the biometric signature with legal validity and user verification during  digital onboarding processes.

Some of the advantages of using MobbSign – our biometric signature solution – are:

• MobbSign gives users the versatility to sign a contract in any place and at any time, even in offline locations since the process is fully offline. This makes the signature process more secure since it does not dissociate the signature from the document in order to travel to any server, avoiding any malicious user intercepting it.

• It is contactless technology. Our biometric signature solution allows viewing a PDF document on the user’s mobile screen, and signing it using their own device, without the need for physical contact. Since the entry of the coronavirus, the need for this type of technology to prevent infections has increased.

• A hash is calculated with all the information contained within the document. This hash can then be used to validate the document’s integrity (i.e. that it has not been altered since it was signed). Even If the client wishes to perform the integration with a time-stamping authority, this hash is sent to the chosen TSA, which offers an extra integrity layer.
• All the biometric information provided by the user’s signature (time, position, the pressure of each point, etc.) is unambiguously linked to them, and are taken to reproduce, in case of future claims, the way in which the user signed as well as validate its authorship. The biometric information of the signature is stored, according to the ISO 19794-7, in order to facilitate the future interoperability of this data with any verification tool.
• It also includes the location where the document is signed (GPS).

If you are interested in learning more about what our digital signature do, please do not hesitate to contact us!