What is a centralised signature?
Cl@ve is an identification, Authentication and Electronic signature service for citizens shared by the whole State Public Administration Sector, and based on the use of set keys, pursuant to provisions of article 13.2.c) of Law 11/2007, of 22 June, on electronic access of citizens to public services and pursuant to European Regulation 910/2014 on Electronic Identity and Signature.
The main novelty included in the Cl@ve system is the possibility it offers to carry out electronic signature by using centralised digital certificates, that is, digital certificates stored and kept in custody by the General Government.
Said centralised certificates or "cloud-based certificates" allow the citizen to sign electronic documents from any device with Internet connection and no additional equipment.
To use the centralised signature, it is necessary to have previously taken the following steps:
- Advanced-level registration in the Cl@ve system: the citizen provides data for registration with the system, either in person at an office before a public officer with the relevant authority or online, with prior identification of the citizen by means of a recognised digital certificate.
- Activation of Permanent Cl@ve; obtaining access credentials to the system by means of user identification key and password, which must be kept in custody by the citizen. The password will be valid for a limited period of time. Additionally, when the type of procedure requires so, the permanent Cl@ve identification modality may provide a higher guarantee level for authentication, by means of an additional security verification through a one time code (OTP "One Time Password") sent to the user's mobile device. The security requirements of the passwords for this system will be published on the Cl@ve site (http://www.clave.gob.es)
- Generation of signature certificate. This action may be carried out automatically when the first signature is carried out or at any other time required by the user.
All certificates necessary for centralised signature are issued and kept in custody by the Directorate General for Police. Said custody is carried out safely, so that only the owner of the certificate can access same. The IT Division of the Social Security (GISS) becomes a Trust and Confidence Service Provider, together with the DGP which is also a Signing Authority. The GISS remains in charge of keeping in custody backups of the certificates with the same level of security than the original file.
The issuance of the Certificate will be associated to the physical support of the document which has been used for registration in Cl@ve and which will be in case of Spanish citizens the National Identification Document, in case of Community foreigners the Union Citizen Registration Certificate, accompanied by the Passport or identification document of the country of the interested party and in case of foreign citizens, the Identity Card for foreign nationals. Expiration of said documents implies expiration of the associated certificates.
The copy of identification documents mentioned on this document due to deterioration, loss or theft does not necessarily imply revocation of the centralised certificates; those already issued with the original document will remain valid.
The signature process is carried out with the highest level of security, which implies that the reinforced permanent Cl@ve modality will be used, that is, the one in which besides entering user and password or permanent Cl@ve, a one time password received by SMS to the phone number associated to the holder of the certificate at the time of Registration must be provided.