Nowadays, the electronic signature is still quite an unknown concept, but it can facilitate work not only for ordinary people, but also for companies and institutions, saving time and even money. It will certainly find its application in HR, but also in the marketing of the company.
The current era is constantly evolving, and with it comes the currently well-known terms: automation and digitalization of processes. With digitalization, contracts and documents in paper forms are slowly but surely disappearing, and that’s where e-signature technology comes in.
From a security point of view, a handwritten signature fulfills the following security requirements:
- identifies the person who signed the document
- guarantees the authenticity (originality) of the document, so that the document cannot be modified after signing
- expresses the signer’s agreement with the content of the document – the impossibility of transferring it to another document
- it is unfalsifiable, since only the signatory can create it, and anyone can verify it
And what is an Electronic Signature anyway? It is not always entirely clear, but because of European Union regulations, the internationally valid eIDAS specification has been created to distinguish between types of electronic signatures.
The types are:
- Simple electronic signature
- Enhanced electronic signature
- Qualified electronic signature
A simple or, in other words, an ordinary electronic signature is not specifically regulated by law, i.e. it is not precisely defined, but we know that it can be, for example, a scan or an image of a signature. It can also be a fingerprint or any unique written password.
An enhanced or even advanced electronic signature must already contain data that is tied to the signer, and this can be, for example, an email address, phone number, IP address, GPS location, and so on. This data must be under the control of the signature owner, i.e. it can be checked and changed by the signature owner. An advanced electronic signature already guarantees higher security and identification of the signer. We are also familiar with a more known form of this electronic signature, and that is, for example, the signature for passport or identity card processing, where we use a signature on an electronic tablet. The signer does not immediately have feedback in the form of a pen stroke, as in a conventional signature, but instead records the exact speed of the stroke, the increased or decreased pressure at the exact stages of the strokes, and all of this increases the accuracy and security of the signature in question. It can also be a form of a token or two-factor authentication, which is beginning to be used in large numbers because of account theft.
A Qualified Electronic Signature, or QES for short, represents the highest level of security, but it is just another form of an Advanced Electronic Signature. The biggest difference from the first two types is that the KEP must be made using a qualified electronic signature device, and this can be any card with a chip, such as the chip ID card already in use today. However, in order to make a KEP, qualified certificates for electronic signatures must be loaded on the chip. But issuing these certificates is very difficult because of the security guarantee.
The creation of the certificate and the actual implementation of the electronic signature is not within the capabilities of ordinary people and companies.
Brain:IT – developing applications and systems that help and serve businesses is far from the only service we provide. We offer comprehensive implementation of electronic signatures into a company or institution. Solutions of electronic signatures are cloud-based and stand-alone with integration into customized information systems with full support. We work with qualified electronic signatures and eIDAS certification in accordance with the laws within the European Union.
In the Slovak Republic there are other companies such as Ardaco, Disig, Viasec, First certification authority, that also deal with the topics of electronic signature and qualified certificates necessary for it.