Cl@ve is a system of Identification, Authentication and Electronic Signature for citizens common to the entire State Administrative Public Sector, based on the use of concerted keys, in accordance with the provisions of article 13.2.c) of Law 11/2007, of June 22, on electronic access of citizens to public services and in accordance with the European Regulation of Identity and Electronic Signature 910/2014.
The main novelty that the Cl@ve system incorporates is the possibility of performing electronic signature through centralized electronic certificates, that is, electronic certificates stored and guarded by the Public Administration.
These centralized certificates, or "cloud certificates", allow citizens to sign electronic documents from any device that has an Internet connection and without any additional equipment.
To use the centralized signature it is necessary to have previously performed the following steps:
- Advanced Level Registration in the Cl@ve system: the citizen provides his registration data in the system, either face-to-face in an office before a public employee authorized for this purpose, or telematically, after authentication of the citizen by means of a recognized electronic certificate.
- Activation of the Permanent Cl@ve; obtaining system access credentials through user identifier and password, which must be guarded by the citizen. The validity of the password is limited in time. In addition, and when the type of procedure requires it, the permanent Cl@ve identification mode can provide a level of guarantee in the superior authentication, through an additional security check through a single-use code (OTP, “One Time Password”) that is sent to the user’s mobile device. The password security requirements for this system will be published on the portal Cl@ve.
- Generation of the signature certificate. This action can be performed automatically at the time of making the first signature, or at any other time at the will of the user.
The certificates necessary to be able to carry out a centralized signature are issued and guarded by the Directorate General of Police. Such custody is done safely, so that only the owner of the certificate can have access to them. The Social Security Informatics Management (GISS), is constituted as a Trusted Services Provider, along with the DGP, which is also a Signing Authority. The GISS is responsible for the custody of a backup of the certificates with the same level of security as the original file.
The issuance of the Certificate will be associated with the physical support of the document that has been used for registration in Cl@ve and that will be, in the case of Spanish citizens the National Identity Document, in the case of Community foreigners the Certificate of Registration of Citizen of the Union, accompanied by the Passport or identification document of the country of the interested party, and in the case of foreign citizens the Alien Card. The expiration of these documents will entail the expiration of the certificates associated with them.
The duplication of the identification documents referred to in this document, for the reasons of deterioration, loss or theft, will not necessarily entail the revocation of the centralized certificates, and those already issued with the original document can be maintained.
The signing process is carried out with the highest level of security, which means that the reinforced modality of permanent Cl@ve will be used, that is, that in addition to entering the user and the password or permanent Cl@ve, the one-time password that will be received through an SMS sent to the phone associated with the certificate holder at the time of registration must also be provided.