Guide to Digital Signatures

    Understand and leverage digital signature technology to create secure electronic signatures

    Try a Quick Demo

    What is a digital signature?

    In some geographies and industries, digital signature is the preferred technology for e-signing documents – whether that’s for internal, B2B or B2C signing workflows. Digital signatures utilize a set of accepted standards called Public Key Infrastructure (PKI) to ensure highest security and acceptance. Electronic signatures are widely accepted as a legally binding and secure method of signing documents. Around the world, organizations are embracing e-signatures as an underpinning technology to drive their digital transformation projects forward.

    OneSpan Sign is a leading e-signature solution built on digital signature technology that can help you to meet geographic requirements, such as those outlined in the EU’s eIDAS regulation, as well as industry-specific requirements in regulated industries such as Financial Services, Government and Healthcare.

    What is the difference between electronic signature and digital signature?

    What's the distinction?

    Electronic signatures” and “digital signatures” are often used interchangeably but each term carries a distinct set of defining features and functions. The broader category of e-signatures often includes digital signatures, which is a specific type of technology used to implement electronic signatures.

    More specifically, an electronic signature is, like its paper equivalent, a legal concept. Its purpose is to capture a person’s intent to be legally bound to an agreement or contract.

    A digital signature on the other hand refers to encryption/decryption technology and a subset of an electronic signature. Based on public-key cryptography, which generates two keys (public and private) using cryptographic algorithms, digital signatures secure signed documents and allow one to verify the authenticity of a signed record. A digital signature alone however is not an e-signature and therefore cannot capture a person’s intent to sign a document. When used with an e-signing application, digital signature technology secures the e-signed data.

    What's the solution?

    A solution that simply digitally signs documents often lacks feature sets commonly found in best-in-class eSignature solutions, including an out-of-the-box user interface (UI), as well as transaction management and advanced workflow customization capabilities used in more complex transactions that touch the customer.

    The bottom line is that when looking for a solution to manage your signing processes, it’s important to ensure that it is built on digital signature technology to guarantee the integrity of the document and underlying signatures. Without digital signatures, your document-based transactions may not be legally binding, putting you and your organization at risk in the event of a compliance or legal case.

    How do digital signatures work? The e-signature process

    OneSpan Sign handles all aspects of the signing process – from collecting consent to delivering and storing the e-signed document and detailed audit trail of the transaction. Our solution is managed with security, compliance and long-term verifiability in mind. Customers gain peace of mind knowing that their documents are secure throughout their lifecycle. The following table highlights the key steps in the e-sign process:
     

    consent gray
    Consent

    Signer consents for use of e‑signatures and e‑documents

    intent gray
    Intent

    Click, type or draw action to sign at specified location

    authenticate gray
    Authenticate

    Multi-factor authentication verifies signer and identity to access signing

    digitally sign gray
    Digitally Sign

    Binds certificate, user identity and audit trail to signed data

    certify
    Certify

    Audit trails are stored and digitally signed, PDF locked

    verfiy gray
    Verify

    Verify document, identity, time/date, audit trails with PDF reader

    audit gray
    Audit

    Embedded audit trail and patented visual audit trail

    deployment options
    Store

    Documents stored in local data centers, on-premises or in the customer's desired system of record

    The OneSpan Sign Difference

    E-Signature Pioneer

    25 years of electronic and digital signature experience and innovation to ensure you can achieve the highest completion rates for your signing processes.

     
     

     

    Global E-Sign Laws and Regulations

    Out-of-the-box support for requirements in the U.S. ESIGN Act, the EU’s eIDAS regulation, Australia’s Electronic Transactions Act and many more

     

    An Enterprise-Grade Solution that Scales with Your Needs

    The only solution to provide a unified platform and integration framework that maintains high security, compliance and performance everywhere in the world

    Standards-Based Signing

    Supports a broad range of local- and server-side signing certificates that adhere to global standards; instant interoperability with X.509 certificates issued by any TSP in Europe; support for signing with certificates stored on U.S. government Common Access Cards (CAC) and PIV (Personal Identity Verification) cards

     

    Wide Range of Deployment Options

    Deploy OneSpan Sign in a public cloud, private cloud or on-premises behind your firewall; fulfill in-country data residency requirements with global data centers

     

    Security & Trust are at the Heart of our Business

    OneSpan is a global leader in digital security and e-signature solutions. We believe that our 25+ years of experience in the IT security segment is a real asset to our employees, partners and customers – who can transact digitally using our solutions with trust and confidence.

    Digital Signature FAQs

    What makes up a digital signature?

    A digital signature possesses the following three characteristics when used in conjunction with an eSigning solution:

     

    1. Unique: the signature must identify and be uniquely linked to each signer in the transaction; the person who signed the document can be determined with a high degree of trust
    2. Data integrity: ability to detect changes to the document or data after the signature is applied; this creates tamper-evident document and signatures
    3. Non-repudiation: ability to trace who signed the document, and in the event of a dispute or compliance case, easily prove that the person in fact signed the document

     

    Why would I use a digital signature?

    Many industries and geographies that follow e-signature standards require digital signatures to ensure that records are enforceable, compliant and secure. Digital signatures use a standards-based technology that guarantees document and signature integrity.

    What happens to the document if it is tampered with?

    If a document signed with OneSpan Sign is modified or tampered with in any way, the underlying digital signature technology will detect it and the PDF reader will visibly invalidate the document. The e-signed PDF will display a red “X” indicating that the document is unsecure and should not be trusted. Look for a solution with a “Long-term Validation (LTV)” capability and 1-click offline signature verification process.

    What is a digital certificate?

    A digital certificate is prepared and delivered by a trusted issuer (such as a Trust Service Provider or TSP) who follows a specific process to verify the identity of the requestor. The digital certificate attaches a specific identity to a signing key. Like a passport, it allows third parties to verify the identity of its holder. OneSpan Sign enables users to sign with digital certificates that reside on a smart card, USB token or on their computer.

    What is a qualified certificate?

    A qualified certificate under eIDAS is a digital certificate that has been issued by a qualified Trust Service Provider (TSP) in Europe.

    How does signing with a smart card work?

    Watch our “How to E-Sign Documents with Smart Cards” video to see how this works. OneSpan Sign supports signing with Common Access Cards (CAC), PIV (Personal Identity Verification) cards, as well as smart cards and tokens issued by TSPs in Europe.

    Does OneSpan Sign support the requirements in the EU directive / EIDAS regulation?

    Yes. OneSpan Sign meets the eIDAS requirements for the Basic, Advanced and Qualified E-Signature out-of-the-box with no additional development required. To learn how OneSpan Sign complies with the regulation and supports signing with certificates issued by TSPs in Europe, download the white paper, eIDAS & E-Signatures: A Legal Perspective.

    Does OneSpan Sign support Time-Stamping?

    Yes. For EU customers that want the ability to leverage a “qualified” timestamp, OneSpan Sign bind’s data with trusted timestamp to independently prove when a particular transaction took place. The resulting timestamp further strengthens the integrity of the electronic signature. Contact us for more details.

    Can OneSpan Sign integrate electronic signatures in word, excel, PDF, Adobe Acrobat?

    Yes. Our out of the box eSign Desktop application easily and quickly integrates with software applications such as Microsoft® Word™ and Excel™, Adobe® Acrobat® and more. Once integrated, the signing buttons become visible in the application tool bar, which allow you to easily add a secure electronic signature and share the document. You can learn more about our eSign Desktop application here.

    The information on this site is for informational purposes only and does not constitute legal advice. We recommend that you seek independent professional advice. OneSpan does not accept liability for the contents of these materials.