When and how secure is the remote electronic signature?
Business processes can be optimized by using remote electronic signatures. It is characterized by rapid use, from anywhere, anytime, legally and safely. In order to better understand how secure electronic remote signatures are, we will continue to discuss some legal and implementation issues.
Remote e-Signature, eIDAS and Qualified Trust Services Providers
According to EU Regulation no. 910/2014 (eIDAS) on electronic identification and trust services for electronic transactions in the internal market, a qualified electronic signature has the equivalent legal effect of a handwritten signature.
The legal act also establishes that the remote electronic signature - the medium of which is managed by a Qualified Trust Service Provider (QTSP) - enjoys the same level of legal recognition as the token electronic signature in the following conditions:
· the provider applies specific management and administrative security procedures;
· the provider uses trustworthy systems and products, including secure electronic communication channels, in order to guarantee that the electronic signature creation environment is reliable and is used under the sole control of the signatory.
In the case of a qualified electronic signature created using a remote electronic signature creation device, the requirements applicable to qualified trust service providers shall apply.
In conclusion? The remote electronic signature is secure when it is provided by an eIDAS qualified service provider that applies security procedures and uses systems / products that are safe to operate.
Case Study: The certSIGN remote electronic signature and the security of the signing process
certSIGN is one of the e-signature Qualified Trust Service Providers, recognized at European Union level and accredited under the eIDAS Regulation.
As a Qualified Trust Service Provider, certSIGN complies with all national and European legislation on the security of qualified electronic signature - procedures, systems, communication channels, etc.
How does it work? The remote electronic signature service involves the secure storage of the digital certificate on certSIGN systems and controlled access to it.
Specifically, certSIGN RSS (Remote Signature Service) is based on Qualified Digital Certificates and Certified Cryptographic Devices (HSM). The latter provide controlled access to the user's private keys through secure procedures.
Also, the implementation of the international security standards ETSI (European Telecommunications Standards Institute) and CEN (European Committee for Standardization) guarantee the use of the service under the exclusive control of the signatory.