To sign a document, the procedure below must have been followed previously:
1. Registration with Cl@ve system.
2. Generation of the password. There are two possibilities:
2.1. First users registered in Cl@ve and users of both Cl@ve and TUSS Password.
Given the enhancement of accesses to the system, a new password must be set; it will be used for authentication from that moment on. (Check the user guide under section "Update of Passwords").
2.2. Current users registered in Cl@ve. Generated pursuant to the corresponding manual.
3. Generation of Authentication and signature keys.
By means of the Cl@ve system, the citizen may generate their authentication and signature keys in two different phases:
3.1. As needed. The citizens may generate their authentication and signature keys as needed by means of the independent generation of keys at their request. (Check the user guide under section "Generation of keys under request")
3.2. At the time of first signature. Where a citizen is going to sign a document for the first time but has not yet generated the authentication and signature keys, these will be generated immediately prior to the signature intended to be carried out. (Check the user guide on the "Generation of keys when signing for the first time" section.)
Once the preceding steps have been completed, the citizen may sign the documents added by the different Governmental services to the Cl@ve system. The different Governmental institutions will be progressively added with this function, until reaching the whole General State Administration and other Administrations interested in joining the system.
The wide variety of Organisms that will provide services by means of the Cl@ve System, the citizen will notice that there are differences between the pages browsed during the signing process. This happens as a consequence of the fact that certain organisms have a specific function within the system, and to allow it provides with all security guarantees necessary for the process, the information included in the processes is kept in custody and managed by different Administrations.
Specially relevant for the signature process are the DTIC as Cl@ve platform manager, the GISS as Trust and Confidence Service Provider, the Tax Authority as responsible for the sole registry, and the Directorate General for Police as Certification and Trust and Confidence Service Provider Authority, and therefore the different logos of said organisms may be displayed, together with those of the Administration providing the service from which the citizen intends to authenticate and/or sign. (Check the user guide under section "Update of Passwords").
STAGE 1 - AUTHENTICATION PROCEDURE
Authentication must be carried out in the first place, prior to any administrative procedure within the system.
In this case, the Social Security site has been selected as an example. It is important to note that depending on whether authentication is carried out with PIN Cl@ve or Permanent Cl@ve, the services which may be accessed will vary. In this case, for the purposes of signing, we will use Permanent Cl@ve, which has a higher security level.
On the right side of the screen, inside a white box, we find the button "Access", which allows us to enter the Cl@ve system:
Once it has been pressed, we find the following screen, in which we must enter our identity document number (DNI/NIE) and the password that was activated previously.
PHASE 2 - PASSWORD UPDATE
You may need to update your password. This will be the case with the first users registered in Cl@ve and the users migrated from other systems. This update provides the passwords with the most advanced security measures.
In that case, the following screen will be displayed:
REMARK: The National Police Force is responsible for management of Cl@ve system passwords. Therefore, the National Police Force logo is displayed on the screens of functions for which it is responsible.
Please note that, once updated, the valid passwords to authenticate in the system are the new ones and not the former ones.
PHASE 3 - CONTINUATION OF THE PROCESS
If it was not necessary to carry out the previous step, we will find this screen:
Once they have been entered we will press the button 'continue' and if the process is completed successfully, we will be identified in the Cl@ve system.
PHASE 4 - ACCESSING A PROCEDURE
In the example below, we are going to register a Beneficiary in the Social Security.
In order to do that, on the page shown, we will request the desired procedure. Each Administration will be responsible for determining the security level required to access them. In this case, we used a high-level authentication, which allows for accessing this Service.
Since this procedure was classified as being Highly Secure, the user will be required to enter a one time password (OTP) which will be sent by SMS to the mobile phone number provided for registration with the system,
Upon completion of this security control, the administrative procedure is completed by following instructions given by the corresponding Entity until completion thereof.
On the following screen there is a box which must be activated to continue with the process. It is a statement of the accuracy of the data provided.
PHASE 5 - PROCEDURE TO GENERATE SIGNATURE CODES
In the example above, the procedure must be signed by the applicant. Therefore, a screen for signing will be displayed.
If the user has not requested the signature certificates previously, a screen similar to this one will be displayed; it offers the possibility to request generating same.
Please note that at this point of the process, the screens change and the logo of the National Police Force is displayed. This happens because management and custody of certificates is the responsibility of such Force. Therefore, to carry out this part of the process under the same guarantees as electronic DNI certificates, the request is then redirected to the Directorate General for Police (DGP) to be generated.
For this process the password must be provided; only users know said password and must tick on the box 'I accept' after reading in, if the information included therein is deemed to be correct.
If the certificate generation process is carried out correctly, it is redirected to the Body in which we were earlier, changing screens again to inform the citizen which Body is processing it at all times. Information about the completion of the process will be displayed on this screen.
PHASE 6 - SIGNATURE PROCESS
Once all certificates have been generated, we will be available to sign a document.
On the following screen, the user is informed that signature is needed for a specific procedure. In order to carry it out, we must enter the password and the OTP received by SMS.
Then, the operation is confirmed.
PHASE 7 - COMPLETION OF SIGNATURE PROCESS
If the process has been completed successfully, a screen similar to the following one will be displayed; on said screen, a proof of the operation can be obtained.
PHASE 8 - COMPLETION OF ADMINISTRATIVE PROCEDURE
This would be the final result of the signature operation.