Below are the different types of digital certificates that the AOC Consortium offers both to citizens (idCAT) and to Catalan public administrations (T-CAT):
For the citizens
IdCAT Certificate:
The idCAT Certificat is a digital identifier that is installed in the browser, guaranteeing your identity on the Internet and allowing you to access the different procedures and procedures offered by many public administrations.
The idCAT Certificate expires 4 years after its issuance.
For public administrations
Personal certificates:
T-CAT: Qualified electronic certificates
T-CAT of public employee (on card)
The personal certificate on card is intended for individuals and has information regarding the holder that allows them to be identified and their subscribing organization. It is provided to public employees of Catalan public administrations as an identifying element in electronic communications, allowing documents to be signed in electronic format in order to make online procedures and consultations possible, with full guarantee, and speeding up the management.
With T-CAT of public employee, the holder of the certificate is linked directly to a public sector entity in Catalonia, with a civil servant or contractual relationship governed by the provisions of the Basic Statute of the Public Employee (Royal Legislative Decree 5/2015, of October 30).
This certificate allows, optionally, to identify yourself as a person holding a certain position in your organization.
T-CAT of public worker (on card)
The personal certificate on card is intended for individuals and has information regarding the holder that allows them to be identified and their subscribing organization. It is provided to public employees of the Catalan public administrations as an identifying element in electronic communications, allowing documents to be signed in electronic format in order to make online procedures and consultations possible, with full guarantee, and speeding up the management.
With the T-CAT public entity worker, unlike the previous one, the relationship of the person holding the certificate with the public sector organization of Catalonia is governed by labor law (not by the Basic Statute of the Public Employee, EBEP).
This certificate allows, optionally, to identify yourself as a person holding a certain position in your organization.
T-CAT Public employee P (in software)
The personal identification and advanced signature certificate with optional position is a recognized qualified certificate that identifies, in addition to the person who owns it, its subscribing organization, and may include a statement regarding the position of the key holder. It is intended for public employees of Catalan public sector organizations governed by the EBEP .
The T-CAT P is an authentication tool that generates advanced signatures, since it is delivered in software, without a secure signature creation device; so it can be installed on different media: computers, mobile phones, tablets, etc.
This certificate allows, optionally, to identify yourself as a person holding a certain position in your organization.
T-CAT P of public worker (in software)
The personal identification and advanced signature certificate with position, optional, is a qualified certificate that identifies, in addition to the person who owns it, its subscribing organization, and may include a statement regarding the position of the key holder. It is intended for public workers in Catalan public sector organizations whose employment relationship is not governed by the EBEP.
It is an authentication tool that generates advanced signatures, given that it is delivered in software, without a secure signature creation device; so it can be installed on different media: computers, mobile phones, tablets, etc.
This certificate allows, optionally, to identify yourself as a person holding a certain position in your organization.
T-CAT representative (on card)
It is the electronic certificate of representative before high-level Public Administrations, which was incorporated into the Catalogue of certificates issued by the AOC Consortium with the adaptation to the EIDAS regulations. This certificate must always be accompanied by an accreditation of the appointment as representative. The document must be a publication in the newspaper or official bulletin, registration in a public register, a notarial document, etc., within the framework of Law 6/2020, of November 11, regulating certain aspects of electronic trust services, which stipulates that the accreditation of the representation must be carried out by means of a public document.
The T-CAT representative is a qualified identification and signature tool, which allows the representative to act on behalf of the organization.
T-CAT of pseudonym (on card)
The T-CAT of Pseudonym is a signature certificate for public administration personnel with a high-level pseudonym. Personal data will not appear on the certificate, as these will be replaced by the pseudonym indicated. The issuance of these certificates will be made under the prior assessment of the legal accreditation of the pseudonym, which must accompany the application. They will be accepted very specifically for justified uses in which the data of the holder cannot be shown and for people who already have a regulated pseudonym within their organization.
The groups that can have a pseudonym certificate are those that carry out actions regarding: classified information, public security, national defense or other actions in which anonymity is legally justified for carrying out actions.
The pseudonym will always be provided by the Administration. Only the following may request that the identity of the person with the pseudonym be revealed: judicial bodies and other authorized bodies or persons and only in the cases provided for in Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights. In these cases, the Certification Service Provider will be obliged to reveal the identity of the signatory.
The legal regime of classified information is regulated by Law 9/1968, of April 5, on official secrets and Decree 242/1969, of February 20, which develops it.
The pseudonym can be a professional identification number (NIP) as long as it is not related to personal data such as the DNI and alternatively other indicators.
Note: Pseudonym certificates do not allow authentication to applications (such as EACAT, Portasignatures and other AOC services)
T-CAT of pseudonym (in software)
The T-CAT P for Pseudonym is an advanced signature certificate for public administration personnel with a pseudonym. Personal data will not appear on the certificate, as these will be replaced by the pseudonym indicated. The issuance of these certificates will be made subject to prior assessment of the legal accreditation of the pseudonym, which must accompany the application. They will be accepted very specifically for justified uses in which the holder's data cannot be shown and for people who already have a regulated pseudonym within their organization.
The groups that can have a pseudonym certificate are those that carry out actions regarding: classified information, public security, national defense or other actions in which anonymity is legally justified for carrying out actions.
The pseudonym will always be provided by the Administration. Only the following may request that the identity of the person with the pseudonym be revealed: judicial bodies and other authorized bodies or persons and only in the cases provided for in Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights. In these cases, the Certification Service Provider will be obliged to reveal the identity of the signatory.
The legal regime of classified information is regulated by Law 9/1968, of April 5, on official secrets and Decree 242/1969, of February 20, which develops it.
The pseudonym can be a professional identification number (NIP) as long as it is not related to personal data such as the DNI and alternatively other indicators.
Note: Pseudonym certificates do not allow authentication to applications (such as EACAT, Portasignatures and other AOC services)
T-CAT: Personal infrastructure certificates
T-CAT of Registration Entity operator T-CAT (on card)
The T-CAT of ER operator T-CAT is aimed at individuals who must carry out operator responsibilities at a T-CAT registration entity. These entities, which collaborate with the AOC Consortium in the issuance of certificates, require digital certificates in order to operate with the certificate generation and management applications.
Unlike other personal T-CAT certificates, the T-CAT operator card does not allow the carrying out of procedures before public administrations. This is because its function is only to identify operators who access the T-CAT ER applications and allow the signing of the operations carried out.
T-CAT of idCAT Registration Entity operator (on card)
The T-CAT ER idCAT operator certificate is intended for individuals who must perform operator responsibilities at an idCAT registration entity. These entities, which collaborate with the AOC Consortium in the issuance of idCAT certificates, require digital certificates in order to issue and revoke idCAT certificates to citizens.
Unlike other personal T-CAT certificates, the idCAT operator card does not allow the carrying out of procedures before public administrations. This is because its function is only to identify operators who access the idCAT operator website and allow the signing of the operations carried out.
Application certificates:
T-CAT: Qualified electronic certificates for electronic seals of the public administration
Electronic Seal Certificate (CDA-1 SGNM)
The Electronic Seal is a digital certificate that serves for the identification and authentication of the exercise of competence in automated administrative action, according to article 42 of Law 40/2015, of October 1, on the legal regime of the public sector.
This certificate can be used for the exchange of data (between administrations, administrations and citizens and between administrations and companies), the identification and authentication of a system, web service or application, automated electronic archiving, electronic copies and attestations, among others.
This certificate is recommended for most public administrations that may have the following risks: security breach (eg identity theft), moderate economic losses, loss of sensitive or critical information or refutation of a transaction with significant economic impact.
Note: The electronic seal is the type of certificate required for the automated actions of many AOC services (EACAT, e-TAULER, e-NOTUM, Representa, Copy..) and for calls to the centralized signatory from proprietary tools.
T-CAT: Application certificates
Application Certificate (CDA-1)
This certificate is stored on a server (preferably on a cryptographic device) and is required by an application to sign documents or messages to ensure the authenticity and integrity of the signed messages or files.
Its use is equivalent to a buffer for the organization or department.
It is not a personal certificate, but is linked to an application and acts synchronously, so it does not require the intervention of any operator.
The hardware where this certificate will reside must be sized well, as asymmetric signature tasks can saturate it. However, access to the hardware must be restricted and protected to prevent possible fraudulent uses of the certificate.
T-CAT: certificate of related person
The holder of the certificate is not directly linked to the public administration of Catalonia but has a service or functional relationship with it. To request it, you must open a support request at the User Service Center, justifying the need for the issuance and attaching the corresponding application form .
Once your request is received, the need is confirmed and approved or denied by the AOC Consortium.
SUMMARY TABLE
| Certificate | Product | Acronyms |
Acronym description |
Duration | Support |
| idCAT: citizen | idCAT | CPISA2_idcat | Advanced Signature Identification Personal Certificate idCAT | 4 years | software |
| T-CAT: Qualified electronic certificates for public employees | T-CAT | CPI-1+CPSQ-1 | Personal Identification Certificate+ Personal Qualified Signature Certificate | 4 years | card |
| T-CAT P | CPISA-1 | Advanced Signature Identification Personal Certificate | 4 years | software | |
| T-CAT: Qualified electronic certificates for public workers | T-CAT | CPISQ-3 | Personal Identification Certificate+ Personal Qualified Signature Certificate | 4 years | card |
| T-CAT P | CPISA-3 | Advanced Signature Identification Personal Certificate | 4 years | software | |
| T-CAT: Qualified electronic certificates for public administration personnel | T-CAT Representative | CPRISQ-1 | Personal Representative Certificate Identification Qualified Signature | 4 years | card |
| T-CAT Pseudonym | CPPI1+CPPSQ-1 | Personal Certificate Pseudonym Identification + Personal Certificate Pseudonym Qualified Signature | 4 years | card | |
| T-CAT: Public administration certificates Qualified electronic certificates of electronic seal of the public administration | Medium level stamp | CDA-1_SGNM | Certificate Device Application Seal Medium Level | 3 years | software |
| T-CAT: Application certificates | Application device | CDA-1 | Device Certificate Application | 3 years | software |
For more information you can consult: