Enter your search
Bar separates header body


Activation: procedure used to unblock the access conditions to a key and to allow its use. For the centralised certificate, the activation datum is the permanent key and the OTP sent by SMS to the user's mobile phone number. 

Digital certificate: a document signed electronically by a certification service provider which links signature verification data to a signatory and confirms his/her identity. This is the definition set forth by Law 59/2003; in this document, it includes those cases in which the link of signature verification data is made to an IT component.

Recognised certificate: A certificate issued by a Certification Service Provider that complies with the requirements set forth by Law regarding identity verification and other circumstances of the applicants and the reliability and guarantees of certification services provided, pursuant to provisions of chapter II of Title II of Law 59/2003 of 19 December on Electronic Signature.

Electronic signature qualified certificate: an electronic signature certificate issued by a trust and confidence service qualified provider that complies with the requisites set forth in Annex I to Regulation (EU) 910/2014.

Centralised electronic signature certificates: issued as Recognised or qualified Certificates, they link a series of personal information of the citizen to certain keys, to guarantee integrity and non-repudiation. This information is signed electronically by the Certifying Authority established for that purpose.

Public Key and Private Key: the asymmetric cryptography on which the PKI is based uses a couple of keys; therefore, information encrypted with one of them can be only decrypted with the other and vice versa. One of these keys is public and included in the digital certificate, the other one is private and only the certificate holder can access it.

One time key (OTP): one time password sent for registration and use in Cl@ve system.

Activation code: Code provided in the Registration process in Cl@ve system.

Permanent Cl@ve: Authentication system designed for individuals who need to access the electronic services provided by the General Government frequently. It is based on an user code, his/her DNI or NIE, as well as a password that is defined during the activation process and which only the concerned citizen must know. For the electronic administration services requiring a high security level, the system reinforces authentication by including a One Time Password (OTP).

Personal Access Key (PIN): Set of characters for access to DNI certificates.

Signature creation data (Private Key): unique data, such as private cryptographic keys or codes, which may be used by the signatory to create the Electronic Signature.

Signature verification data (Public Key): data, such as public cryptographic keys or codes, used to verify the Electronic Signature.

Secure signature creation device: instrument used to apply signature creation data in compliance with requirements set forth by article 24.3 of Law 59/2003 of 19 December, on Electronic Signature.

Qualified signature creation device: electronic signature creation device that complies with requirements listed in annex II to Regulation (EU) 910/2014.

Electronic document: bundle of logical records stored in a support which can be read by data processing electronic equipment, containing information.

Electronic signature: electronic bundle of data, recorded right next to other data or associated to them which may be used as means of personal identification.

Advanced electronic signature: electronic signature that allows to establish the personal identity of the signatory with respect to data signed and check integrity thereof, as it is exclusively associated to the signatory and to the data it refers to and has been created by means it keeps with a high trust level, under its exclusive control.

Recognised electronic signature: advanced electronic signature based on a recognised certificate and generated by means of a secure signature creation device.

Identification: procedure for recognition of the identity of an applicant or holder of DNI certificates and centralised signature certificates.

Electronic identification: process consisting of using a person's identification data in electronic format that represent one natural person only.

User identifier: set of characters used for unique identification of an user in a system.

Trust hierarchy: System of certifying authorities keeping trust relationships by which a high level AC guarantees reliability of one or several lower level AC. In the case of centralised signature certificates and DNI, said hierarchy comprises two levels: high level Root AC guarantees reliability of its subordinate AC.

Certificate Revocation Lists or Revoked Certificate Lists: list including only revoked certificates.

Hardware Security Cryptographic Module: hardware module used to carry out cryptographic functions and safe storage of keys.

Certification Service Provider: natural or legal person issuing digital certificates or providing other services related to electronic signature.

Trust and confidence service provider: natural or legal person providing one or several trust and confidence services.

Trust and confidence service qualified provider: trust and confidence service provider providing one or several qualified trust and confidence qualified services to which qualification has been granted by the supervisory authority.

Applicant: a person applying for a certificate for him/herself.

Accepting third party: person or entity other than the holder who decides to accept and trust a certificate issued for DNI or centralised signature certificates.

Holder: citizen for whom a public identity and electronic signature certificate is issued.


For more information, see Statement of Certification Policies (DPC) published on the website     http://www.dnie.es/dpc