Title Image

Electronic Signature

Secure and certified electronic signature


Harness the full power of the latest technologies with your electronic signature solution, available on web and mobile app. Build trust in your customer relationship easily with our comprehensive and dynamic solution. Benefit from the 300 other active modules on your UERP platform.

The simple and mobile signature

– Easily integrate the signature of documents into your customer relationship processes (onboarding, …).

– Sign your documents in a mobile app or on the web to interact with them via their preferred channels.

A guarantee of security

– Implement the signature with 2 authentication factors (password and code generated by SMS) to reinforce its legal validity.

– Follow the history of the signature of the contract: who signed it, their email address, their IP address, the signature time stamp for maximum traceability and security.

UERP is the publisher of the UERP platform, cutting-edge technology in the dematerialization of processes. UERP U-SIGNATURE is the electronic signature certification component with legal validity. The technical and legal elements relating to this solution are described below.

The UERP U-SIGNATURE electronic signature certification solution enables the certification of electronic signatures on a wide range of content and documents. It can be mobilized via web channels and native iOS and Android smartphone applications.

European regulations define three main levels of electronic signature:
– 1. Simple electronic signature;
– 2. Advanced electronic signature;
– 3. Advanced electronic signature with qualified certificate

1. Simple electronic signature: it has the same legal value as the handwritten signature. It includes data in electronic form, which is attached or logically associated with other data in electronic form and which the signer uses to sign. Electronic signature
simple is not subject to any third party audit obligation and is not the subject of a decision by a supervisory body.

2. Advanced electronic signature: defined in article 26 of the eIDAS regulation, it is based on a technical process to confirm the identity of the signatory during an electronic signature and to record evidence in the prevention of a dispute. This signature must: Be linked to the signatory in a unique manner; Identify the signatory; Have been created using electronic signature creation data that the signer can, with a high level of confidence, use under their sole control; Be linked to the data associated with it so that any subsequent modification of the data is detectable.

3. Advanced electronic signature with qualified certificate: it is based on a qualified certificate which means that each signatory receives a physical electronic certificate (USB key, magnetic card, etc.) that has been validated by a bailiff in order to confirm. the identity of the signatory for future electronic signatures. These are, for example, the procedures applicable when submitting public procurement bids by companies electronically. The qualified electronic signature is subject to an audit obligation by a third party and is the subject of a decision by a supervisory body.

UERP U-SIGNATURE is based on method 2 – Advanced electronic signature – whose legal robustness is perfectly suited to the needs of large organizations. The process implemented is based on a single secure account based on the email address with an authentication identifier, coupled with a valid mobile phone number. These two channels are available and provided for all signatories. The re-entry of the authentication password is required for each signature as well as the entry of a digital code which is sent by SMS to the signatory at the time of signing in order to have a double certification of his identity when signing. Signature.

UERP U-SIGNATURE produces during electronic signature by a third party: files containing all the information of the document signed on the platform in data set format for their dematerialized transmission; a non-modifiable PDF document including all the information as well as the document signature key; as well as an electronic certificate associated with the signed document: it is a second PDF file encrypted and protected with non-modifiable AES 265 encryption certifying the identity of the signatory, the date and time precise to the second of the signature, identifiers connection, optional location and the key corresponding to the document.

This method therefore meets the conditions required for the qualification of advanced electronic signature.

Each step of this procedure makes it possible to record the elements that will serve as evidence if the signatory disputes the signature. As the evidence is irrefutable, a case of refusal of this signature by a court cannot arise.

According to paragraph 15 of REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93 / CE, the advanced electronic signature is not subject to any obligation of audit by a third party and is not the subject of a decision by a control body.

The Advanced Electronic Signature is defined by ANSSI which follows European directives as a substantial security process. In the event of a dispute, the organization that sets up the electronic signature process – UERP – provides proof that the signatory is indeed the person who signed.
This confirms the legal validity of the UERP U-SIGNATURE electronic signature in all states of the European Union as well as states that have signed reciprocity agreements with the European Union on these matters.

The robustness of our solution guarantees a total absence of risk:
– UERP provides signed certificates that cannot be changed
– These certificates irrefutably guarantee the registration of the signature and the identity of the signatory
– This signature is recognized as legally applicable according to the XYZ directives of the European community
– To be put in default, a complainant must succeed in providing proof of insufficient signature, which is technically impossible
UERP ELECTRONIC SIGNATURE’s certification levels were established during working meetings between UERP and ANSSI – National Agency for Information Systems Security – as part of a series of working meetings between June and September 2019.

UERP U-SIGNATURE complies with European regulation No. 910/2014 known as “eIDAS” which ensures that each form of electronic signature is admissible and that the legal value of a signature cannot be denied on the pretext that it is electronic.
Within the meaning of the eIDAS regulations, the UERP U-SIGNATURE solution is not enforceable in court, given the guarantees provided.
The solutions implemented by UERP all comply with the GDPR. In accordance with the General Data Protection Regulations, any person whose personal data is processed by UERP solutions has the right to be informed, the right of access, the right of rectification, the right of erasure, the right to restrict processing, the right to data portability and the right to object

Critical data stored by UERP is encrypted. UERP is based on AES (Advanced Encryption Standard). Encryption supports multiple encryption keys, they are identified by a key identifier which is a 32-bit integer. Access to backup data is protected, including outsourced data, as backup data is stored exclusively in ISO 27001 certified facilities.
All communications between users of the UERP platform are protected by state-of-the-art algorithms such as SSL certificates for https protocol with Secure Hash Algorithm SHA 256 encryption and SFTP protocol. Device communications are secured through the extensive use of tokens to secure data access and communications and limit data exchange to restricted applications and devices.

User devices are also secured and associated with the user account to prevent security breaches by external users.
UERP exhaustively identifies all data in transit, the resources through which the data passes and the cryptographic mechanisms envisaged to ensure the confidentiality of data in transit as well as all data at rest, the resources on which the data will be stored and the cryptographic mechanisms envisaged to ensure the confidentiality of data at rest.