Suppose you have to pick up a package for the organization in which you work sent to your name. The usual procedure is quite simple: the courier delivering the package to you, asks for the name and number of your identity document (in some countries) and asks you to sign on their tablet. Once the entire process is complete, you will keep your package, and the courier leaves with the certainty that he has delivered it to his recipient.
Or suppose that you are the courier, which a long day of deals awaits you, and you have to be sure that you deliver to the right people.
If we focus on the last step of the delivery process, that of the signature, we can see that there are two ways: the first is to take a doddle on the screen, which is known as biometric signature, and the second is to use a button to sign using a digital certificate, also known as the digital signature.
But how is a biometric signature different from a digital signature? And what is a digital signature? Which offers more guarantees of security and legal validity?
In this post, we discuss all three, so that the next time you have to resort to one or want to implement it in your organization, you’ll know which one you are using or which is the most appropriate to comply with your legal and security requirements.
Digitized signature: from paper to screen
The digitized signature is nothing more than the holographic or ‘wet’ signature but transferred to the screen, that is, the handwritten one.
Almost certainly we have all seen some document with a doddle on the dotted line or the rubber stamp mark, which has been subsequently scanned.
While digitized signature allows a handwriting expert to determine the identity of the signer, this is the type of signature that offers the least guarantees when it comes to using digital documents, with being very easy to forge. Besides, the law does not recognize it as an electronic signature.
The biometric signature and the familiarity of the stroke
Usually, this is the one used when delivering a package. It is also what often comes to mind when we hear about the electronic signature.
It is a trace made on an electronic screen, on a device, which has software that associates a series of biometric data (pressure, strokes, the speed of writing, etc.) to the identity of the signer.
Current law considers electronic signature simple. It is, therefore, legal, but also presents the risk that it can be falsified with ease unless associated with a digital certificate and timestamp, in which case it would be considered an advanced electronic signature.
Not all biometric signature solutions are the same; many of them even dispense with digital certificates, with the consequent risks and vulnerabilities that this may entail, and the difficulty of verifying the identity of the signatory.
Digital signature: guaranteed security and legal validity
For its part, the digital signature, which is possibly also the most unknown, is one based on digital certificates, which are issued by the so-called certification authorities (CA). These, in turn, are based on asymmetric cryptography and have both a public and a private key. That is to say; digital signatures are very rigorous regarding the security and identity of the user.
How do they do it? The certificates link the digital identities to the pair of keys generated by a user and contain various data about it (name, expiration date of the certificate, the copy of the public key, the CA that issued the certificate, etc.).
Without going into technical questions about how a digital signature works (which you can consult in this blog post), the fact is that by using digital certificates it is possible to verify the signer’s identity, to know when there has been an alteration in the document and the protected information it contains. That is, they offer the highest level of validity and security, which makes them ideal for organizations of all sectors: legal, banking, retail, etc.
The qualified digital signature of nebulaSUITE
nebulaSUITE is the all-in-one digital identity solution for organizations. It provides, among other things, a qualified and legally binding digital signature, which allows compliance with international regulations such as eIDAS (European Union) and ESIGN Act and UETA (United States).
This legal recognition is due to being based on qualified digital certificates, issued through its own CA, vinCAsign.
Among the many advantages offered there is the possibility of using workflows and bulk signature, which saves organizations time when doing legal, commercial or administrative procedures.
These characteristics help organizations to build confidence with their clients and their relationship with them, allowing them to dedicate more time and resources to satisfy their needs. Additionally, by contributing to the digital transformation and the adoption of the paperless office, it saves costs, since it prevents documents from having to be printed, copied, stored and subsequently destroyed.
Víntegris is approved as a qualified provider of trusted electronic services under eIDAS and holds the Common Criteria EAL 4+ certificate, awarded by the National Cryptological Center, the highest granted by the CCN for the recognition of the security level of a product.
Discover the signature of nebulaSUITE
Ask for your nebulaSUITE demo and discover everything your digital signature can do for your organization.
And be sure to follow us on social networks to always be aware of the latest news, and learn more about digital identity, certificates, and digital signatures: we are on Twitter and LinkedIn.