- Digital certification
- Digital identity
- Identity and digital signature
File the Income 2023 with the Certified idCAT
Electronic signature and identification mechanisms
When putting an electronic procedure into operation, it is repeatedly considered what is the criterion to be followed to decide which identification and electronic signature mechanisms citizens can use to relate to a public administration, especially taking into account the regulatory changes that occur constantly in this regard.
The electronic identification and signature mechanisms that, in summary, can be used by interested parties are (for more information, consult articles 9 and 10 of Law 39/2015, of October 1, on the Common Administrative Procedure of the administrations public):
Mechanisms based on qualified certificates (previous aib points) "they must be accepted", in compliance with Regulation no. 910/2014 of the European Parliament and of the Council, of July 23, relating to electronic identification and trust services (ReIdAS) and Law 39/2015 itself, of October 1, while the rest of the systems ( section c) "they can be accepted”, always taking into account the level of security they offer.
Application criteria
The National Security Scheme (Royal Decree 311/2022, of May 3, hereinafter, ENS) provides that identification and electronic signature mechanisms can have three levels of security, together with the criteria to be followed to establish them in each case. It also establishes the criteria for determining what level a specific system or action requires.
Therefore, to define the level of security required by the systems of each Public Administration and, in particular, the type of credential that is admissible for identification and electronic signature for a specific action, it must be taken into account take into account what the ENS exposes and find the balance between security and usability (expanded in the next section).
In this sense, the services offered by the AOC Consortium allow citizens to identify themselves and sign documents both with qualified electronic certificates and by using the systems based on sending one-time passwords Cl@ve and idCAT Mòbil, from so that each user administration can decide in which cases they can be accepted.
In the area of the Generalitat of Catalonia, for example, this decision is defined by Order VPD/93/2022, of April 28, by which the Catalog of identification and electronic signature systems is approved, and in particular by Order PRE/158/2022, of June 30, which approves the Guide for the use of identification and electronic signature systems in the area of the Administration of the Generalitat. This last Order establishes in its second point and, in general, that all mechanisms in the catalog are accepted for all procedures and services. The same guide establishes a procedure to exclude this criterion and limit the acceptance of any of the mechanisms either due to the existence of:
Security levels of identification and signature mechanisms
As mentioned, the ENS foresees three levels of security (low, medium and high) and the criteria that must be followed to establish them in each case, specifically in Annex I, point three.
The same ENS, in its Annex II, defines the criteria for assigning a security level to an identification and electronic signature mechanism.
Thus, the point relating to the operational framework (point 4.2.5 on Authentication mechanism [control op.acc.5]) defines the requirements that must be met by electronic identification mechanisms which will have to employ citizens, understood as external users of the organization, for each level of security. In summary, for each level are accepted:
On the other hand, the levels to be applied with regard to electronic signature mechanisms (defined in point 5 Protection measures [mp], specifically point 5.7.3 Electronic signature [control mp.info.3]), which in summary accept:
What does the AOC Consortium offer?
The VALID Service of the AOC Consortium allows Catalan public administrations to accept both idCAT Mòbil and Cl@ve and qualified certificates in electronic identification processes and offers an ordinary electronic signature mechanism linked to the presented credential. Administrations can therefore decide whether to accept all or only some of these mechanisms, and have different configurations to do so according to each specific need.
In the case of the e-NOTUM service, which has a portal for citizens to make electronic notifications, the type of credential to accept can be set for each specific notification.
Related links
When to use an identification system or a signature system? Use cases.
The electronic signature of invoices