“1. Signature creation data are unique data, such as private cryptographic codes or keys, which the signer uses to create the electronic signature.
2. A signature creation device is a computer program or system that is used to apply signature creation data.
3. A secure signature creation device is a signature creation device that offers at least the following guarantees:”
a) That the data used for signature generation can be produced only once and reasonably ensures its secrecy.
b) That there is reasonable assurance that the data used for signature generation cannot be derived from signature verification or from the signature itself, and that the signature is protected against counterfeiting with the existing technology at all times.
c) That the signature creation data can be reliably protected by the signer against its use by third parties.
d) That the device used does not alter the data, the document to be signed or prevents it from being shown to the signer before the signing process.
Mainly, the secure device must guarantee that the keys are unique and secret, that the private key cannot be deduced from the public key and vice versa, that the signer can reliably protect the keys, that the contents of the original document are not altered and that the signatory can see what it is going to sign.
From a technical point of view, according to article 27 of Spanish Law 59/2003
, a secure signature device must be certified in accordance with the above characteristics per the technical standards published by the European Commission.