Close

Differences between digital signature and simple electronic signature

How do these two useful tools for businesses and public administration work?
Reading time: 5 minutes

Content index

What is a digital signature?

The dematerialization of paper documents and the spread of new IT tools, such as the digital signature, have simplified relations between the Public Administration, businesses and citizens, making workflows faster and more efficient. The result is a saving of time and money.

In particular, the digital signature allows people to sign any document (contracts, financial statements, administrative deeds, chamber of commerce certificates, invoices, etc.) in a few seconds directly from a PC or a smartphone. It guarantees the authenticity, non-repudiation and integrity of the message.

In other words, this type of signature is the computer equivalent of a handwritten signature and has the same legal value. In fact, the affixing of the digital signature guarantees the identity of the signatory, the origin of the document and the inalterability of its information.

In Italy, the digital signature is regulated by the Digital Administration Code (CAD) which defines it as “a particular type of advanced electronic signature based on an encrypted system, which allows owner and recipient to make manifest and verify the origin and integrity of a contract / IT document“.

New technologies and the digitization of signature allow to totally leave the paper behind. Furthermore, they guarantee greater data security and traceability, optimize document management, increase productivity. Finally, they facilitate the relationships between suppliers and customers by promoting faster sharing of digital documents.

Simple electronic signature and digital signature: features and differences

The digital signature is a type of qualified electronic signature (QES). It is provided only in Italy and regulated by the CAD. It should not be confused with a simple electronic signature.

To better understand the differences between a digital signature and a simple electronic signature, consider the EU Regulation No. 910/2014 on digital identity. Known as eIDAS (electronic IDentification Authentication and Signature), it establishes the non-discrimination of electronic documents compared to paper documents and explains the features of the two types of electronic signature:

Simple electronic signature (SES)

The elDAS regulation describes it as a “data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign”. It is considered the most common type of signature as well as the weaker because it does not require the use of tools that guarantee the authenticity and integrity of the signed document. Indeed, the probative value of the document with a simple electronic signature can only be determined by a judge. Examples of simple electronic signature are the ATM PIN and the username and password combination of an e-mail box.

Qualified electronic signature (QES)

The QES is a type of advanced electronic signature (AdES) with the following features:

  • It refers only to the signatory.
  • It must be suitable for identifying the signatory.
  • It is created from data that the signatory can use under his own exclusive control, with high levels of security.
  • It must be linked to the data in order to allow the identification of any their subsequent modification.
  • It is created on a device suitable for the creation of an electronic signature.
  • It is based on a qualified electronic certificate.
  • It has the same legal value as a handwritten signature.

Art. 24 of the Italian CAD states that the digital signature must refer uniquely to a single person and to the document (or set of documents) to which it is affixed or associated. The affixing of the signature replaces that of seals, punches, stamps, marks and trademarks of any kind for any purpose required by current legislation.

Furthermore, par. 3 of the same article states that “For the generation of the digital signature, a qualified certificate must be used which, at the time of signing, must not be expired, revoked or suspended”.

Use of SES and FEQ

The digital transformation and the integration of digital technologies in every aspect of life involve the use of particular tools that allow the electronic signature.

According to the elDAS Regulation and the Italian Digital Administration Code, to use the simple electronic signature you need a PIN code or a username and password combination. Instead, to sign a document with a digital signature, you need a kit including a business key or a smart card with a special reader, containing the signature certificates.

The kit can only be issued by certification bodies. In Italy these are accredited by the Agency for Digital Italy (AgID). However, business owners can also contact the local Chamber of Commerce.

Namirial solutions for digital signature

To obtain a digital signature device, the Agency for Digital Italy (AgID) indicates to contact the accredited service providers. They can be both public or private entities. Under the supervision of AgID, they issue qualified certificates (for digital signature) and authentication certificates (for national service cards).

Namirial is one of these providers available in Italy and offers several solutions for the digital signature:

  • Disposable digital signature – It is a particular qualified certificate that allows a use of no more than 60 minutes. With the disposable digital signature it is possible to subscribe on-line a PDF document or an XML file not exceeding 10MB in size. The supported signature formats are PAdES, CAdES and XAdES. The currently supported file types are .pdf and .xml. In order to use this service it is mandatory to have an active Italian SPID digital identity, issued by Namirial or any other AgID accredited provider or an Italian electronic identity card (CIE). In this case, the CIE PIN and an NFC card reader for computers or a smartphone with NFC technology are also required.
  • USB smart card reader MiniLector EVO – It optimizes digital signature operations and authentication through digital certificates (strong authentication). Namirial’s USB smart card reader is a plug&play device compatible with CCID standards, therefore there is no need to install drivers. In addition, it is compatible with ISO-7816 and EMV (level 1) standards and is capable of supporting Common Criteria and FIPS certified smart cards. Supported Operating Systems: Win 2000 | Win XP | Win 7 | Win 8 | Win 8.1 | Win 10 | Windows Server 2003 | Windows Server 2008 | Windows Server CE 5.0 | Mac OS X | Linux | Android ™ 3.1 and higher (compatible with 32 and 64 bits systems)”.
  • CNS Simcard for USB Token – The simcard CNS (Carta Nazionale dei Servizi) allows to sign digital documents with legal value and to securely access the online services of the Italian Public Administrations (INPS, Local Authorities, Income Revenue Authority, INAIL, Equitalia). It is ideal for those who already own a USB reader and want to buy the CNS simcard only.
  • CNS smart card – The smart card is the size of a common credit card with microchip. It allows to sign digital documents and access websites securely. In order to use it, the computer must have a smart card reader.
  • Smart card kit – CNS + Reader (with digital signature and Italian CNS certificates) – It is the practical and reliable solution for those who wish to use the digital signature always from the same computer.
  • Token sim card – CNS 2 GB – The token sim card with digital signature and the Italian CNS certificate is a compact, practical to use and portable device. It can be installed on laptops or PCs and allows to digitally sign and access to the online services of the Italian Public Administration (INPS, Income Revenue Authority, Equitalia, hospitals and other healthcare facilities, etc).
  • 2 GB USB Token – It is the FirmaCerta Token for simcard-sized cards with pre-installed signature software and 2GB of memory. The device requires a simcard to work.

TAG