The business world is evolving and it is necessary to stay constantly updated, so as to understand some requirements such as digital signature. It is good to explain in detail what it is, what its purpose is and above all how to obtain it, should it be necessary.
Digital signature: what it is
Digital signature is a form of guarantee, mainly used by professionals, companies and public bodies. It allows to confirm the validity of digital documents. Nowadays, most of the documents are transmitted via the web, which requires the confirmation of the identity of the signer, in order to avoid frauds.
The digital signature allows to authenticate the user who signs a contract or documents of any kind. Going in person to an office it is possible to conclude an act with some signatures with a black pen. One’s own presence, together with valid documents, is enough to confirm the identity of the signer. However, everything changes in the digital world, and photos of the signature or the use of a digital stylus are certainly not acceptable. It is necessary to offer additional guarantees, considering the great risk of fraud regarding digital documents.
An inexperienced person could easily link the concept of digital signature to the tabs that we know well by now, on which to confirm one’s identity with a stylus. They are now everywhere, from health offices to the Post Office. However, this is a completely different matter. Considering how easy it is to confuse the two concepts, it is good to explain that the one on these tabs is actually an electronic signature, not a digital one. It has legal value but it doesn’t have the same criteria of the digital signature, necessary to evaluate the authenticity of the signer. This is a potentially repudiated signature, which does not protect the parties involved from fraud. It is possible that the signature is written wrong or with a different handwriting than the one usually obtained on paper.
All this cannot be enough for contracts of great importance such as those of rent, acquisition, banking or tax of various kinds. It is necessary that there is not even the slightest doubt about the identity of the people involved, since a single shaky element could make an agreement null and void, leaving fertile ground for possible frauds. For this reason the digital signature is so important, boasting all the characteristics that make it valid, legal and not repudiated. An external body will have to certify it, making it always the same on any document that is digitally signed.
Digital signature: how it works
The global diffusion of the web has, over time, led to some significant changes in the bureaucratic environment. Digital is part of our everyday life and for this reason, in order to avoid frauds of various kinds, the digital signature has been established. It is necessary in order to be able to complete a procedure of any kind, based on the transmission of documents via web. The digital signature is based on a system of asymmetrical keys in pairs. The first one is public and the second one is private. The owner of the signature has the possibility, through a private key, to verify the integrity and the origin of some documents. The same can be done by the recipient, but using a public key.
A computer version of a handwritten signature, which makes it possible to obviate the need to go to a given office to complete some paperwork, while at the same time avoiding offering fertile ground to criminals. A digital signature has the same legal value as a pencilled signature on a paper document. Sfruttando tale sistema si avrà inoltre la certezza dell’inalterabilità delle informazioni presenti in un dato documento al momento della firma. Il sistema si basa su alcuni semplici concetti.
- Autenticità: è necessario che venga garantita l’identità del soggetto firmante, che si assume le responsabilità del contenuto del documento siglato.
- Integrità: condizione necessaria a garantire il contenuto del documento. Apporre la firma digitale vuol dire infatti impedire ulteriori modifiche.
- Non ripudio: in nessun caso un documento siglato con firma digitale potrà essere ripudiato. Il sistema impedisce di fatto al firmante di disconoscere la propria firma.
In Italia l’assegnazione di una firma digitale è a carico dell’Agenzia per l’Italia Digitale. A questo ente si fa richiesta di un certificato digitale, che andrà ad associare il numero binario alla sua identità. Si andrà così a identificare in maniera certa il richiedente. This is the public key, known to all interested parties. At the same time, however, is also generated the private key, which provides an exclusive control of the owner. Installed in a secure environment, it can be used only thanks to an unlocking password, that is a PIN.
Each document is registered with a different fingerprint, which must be calculated at the time of signature by a specific software, through a hash function. Once the fingerprint is prepared, the signature program will send it to a secure environment. When necessary, the private key will be activated, validating the inserted PIN. It will then proceed to encrypt the fingerprint of the document, resulting in the required digital signature.
Digital signature is mandatory in many areas, from administrative to business. The practical applications are varied. Just think of judicial proceedings, which in recent years are increasingly telematic, provided, however, that you can ensure a PEC, which also guarantees the identity of the user. The same goes for company budgets and administrative acts that must be presented to the public administration.
In the private sector, people are increasingly inclined to dematerialize their documents. In this way you can always have access to certain important files, without the fear of losing the hard copy. This can be printed at any time, using the memory of your PC, an external hard disk or the space available on the cloud. In the near future there will be a total digitalization, which makes it necessary to obtain a digital identity. The reference is to SPID, the public system of digital identity, which is associated with the mechanisms of remote signature.
In practice, once you have obtained the kit, you will have to activate it online at the site of the reference entity. Then you have to install the drivers on your computer. The drivers are not necessary only if you have an OTP USB key All in One, the code generator or the OTP via sms. Each kit comes with its own documentation, with a guide to follow to memorize the various simple steps for signing. Each system may vary slightly, but all will provide two types of files, one containing the original document and digital signature files, the second a PDF version with the signature included.
Digital Signature: How to get it
Each EU country has a trusted list of service providers to whom they can turn to obtain a digital signature. Sono differenti i prodotti in grado di gestire tale servizio, generalmente costituiti da un comune sistema. Vi è un device, che nella maggior parte dei casi è identificabile come una smart card, al cui interno c’è un certificato di firma digitale rinnovabile. L’altro dispositivo serve invece per leggere la smart card.
È facilmente rinvenibile sul mercato anche un vero e proprio kit, che presenta una chiavetta USB, al cui interno è presente un certificato di firma digitale. È inoltre possibile optare per dispositivi con firma digitale remota. In questo caso si procede allo sfruttamento del cloud, utile soprattutto per apporre firme digitalmente riconosciute in maniera massima, su un gran numero di documenti. Una soluzione adottata soprattutto dalle aziende, che sfruttano dispositivi di firma che sono virtuali, ai quali è però possibile accedere unicamente con sistemi sicuri, attraverso dispositivi fisici, che forniscono password usa e getta, prodotte da una chiavetta OTP, app o messaggi sms.
Il passo iniziale che occorre effettuare è dunque quello di rivolgersi a uno dei provider qualificati attivi in Italia:
- Actalis;
- Aruba PEC;
- Banca D’Italia;
- Cedacri;
- Comando C4 Difesa dello Stato Maggiore della Difesa;
- Consiglio nazionale dottori commercialisti ed esperto contabili;
- Consiglio nazionale del notariato;
- Te. Sa;
- Infocert;
- IntesaSanPaolo;
- Intesi Group;
- Lombardia Informatica;
- Lottomatica;
- Namirial;
- NexiPayments;
- Poste Italiane;
- Telecom Italia trust technologies;
- Zucchetti.
Ogni provider propone un proprio kit di installazione e una propria procedura da seguire, offrendo differenti servizi. Per quanto si tratti di un servizio di digitalizzazione della propria firma, il primo step dovrà essere effettuato di persona, rappresentando di fatto la prima forma di certificazione dell’identità di firmante. It’s a good idea to find out about the consistency of the kit. Not all of them, for example, contain very important software, which allows you to verify the digital signature, subjecting a document to careful control, in order to verify various aspects, such as not having undergone changes after the affixing of the signature. In addition to this, there is a check on the guarantee of the Certifying Authority, included in the Public List of Certifying Authorities, evaluating also the certificates, in order to be sure that they are valid and not expired, suspended or revoked.
Digital Signature: Costs
The service is generally on payment. It is possible to spend a few tens of euro, about 30 euro plus VAT, even for remote subscription mode. The cost rises, however, if you decide to opt for a chip installed inside a USB token, which also acts as a reader. In this case the cost range goes up from 60 to 80 euros, plus VAT.
It is also possible to get this service for free. A possibility granted to some professional orders and Chambers of Commerce are in fact used to release the signature device for free at the moment of the company registration.