Understanding Digital Signatures, Part II

Rahim Kaba, August 11, 2014
Understanding digital signatures

In part I of our blog series on digital signatures, we looked at the differences between electronic and digital signatures and the importance of e-signatures with digital signature encryption. In this blog post, we’ll focus on document and signature security, which are at the heart of any electronically signed business transaction, and try to build and understanding of digital signatures. Here are 3 things to consider when evaluating e-signature solutions.

Understanding Digital Signatures

1. Digital signatures applied at each signature

The document and electronic signatures should be protected using digital signature technology. The digital signature creates a digital fingerprint of the document (called a hash) that can be used at a later point to verify the integrity of the electronic record. If the document is tampered with in the slightest, the electronic signature will be visibly invalidated. This is a unique and significant advantage over the paper world, where it is not always possible to detect whether changes have been made to a document.

Electronic Signature

The Beginner's Guide to Electronic Signatures

Comprehensive guide to getting started with e-signatures

Download Now

The best practice is to apply digital signature encryption as each e-signature is added to the document. This builds a comprehensive audit trail with the date and time that each signature was applied. Make sure to check the "Signature Panel" on the left-hand column of your e-signed PDF; if there isn’t a distinct tamper-seal for each signer and signature block, the e-signature solution is producing inconsistencies in the electronic evidence, which can cause confusion if the document is ever challenged in court.

Tamper Seal

2. Detailed audit trail embedded in the document

Look for audit trails that include the digital signature, digital certificate, signature block image and date/time stamp. The audit trail information should be embedded directly within the document rather than stored separately in the cloud or logically associated in a vault or proprietary database. In addition to being more secure and easier to manage, there are two very pragmatic reasons for this:

  • Document authenticity can be verified independently of the e-signature software, meaning you do not need to worry if a verification link back to a server will be valid years from now or if it will give you a "page not found" error message. Whether or not you maintain an account on the e-signature service, or whether your vendor is even still in business, your documents are not affected since you, your customers and other stakeholders do not have to go online to check the e-signed document.
     
  • You do not have to store the e-signed record in the e-signature service. The record can securely travel through any email, storage or archiving system without being compromised or requiring additional programming. This enables you to manage e-signed records in a manner that meets your long-term records retention policies. In other words, the e-signed document can be indexed, stored and retrieved easily in the system of record of your choice and you can leverage your investments in those systems.

Organizations should have access to this data without having to depend on a vendor or its systems for access. This type of vendor independence gives users peace of mind that their valuable business records will remain in their control for as long as their retention policies require.

3. A simple process for verifying document integrity

Have you ever wondered how you can use digital signatures to see whether a document has been tampered with?

Look for intuitive, one-click signature and document verification. If the verification process is too cumbersome, users may wrongly assume that the document and signatures are valid, without proper verification.

When verifying a document that has been e-signed with OneSpan Sign, users click on the signature block. This opens the audit trail and automatically verifies both signer authentication and document validity. It’s that simple. Other e-signature vendors will send you to their website to retrieve information about the validity of the signature. What happens if the vendor’s site goes down or if they go out of business?

Signature Verification

A red "X" or green check indicates whether the document can be trusted. A one-click process such as this simplifies the user experience, leading to greater confidence in the e-signature and the reassurance that any errors or fraudulent actions will be detected. Plus, there is no need to train business users or customers how to verify a document.

With these considerations in mind, you can see how important it is to have an e-signature solution that focuses on both document and signature security.

Not using OneSpan Sign yet? Sign-up for a free 30-day trial and see for yourself how easy it is to e-sign using digital signature technology.