The Digital Signature is Mightier than the Pen
By Scott Mackey | July 10, 2010
3 minute read
Increasingly, businesses are appreciating the fact that content can be created, validated and approved electronically. Seems simple enough – we’ve had word processing software forever, and it seems everyone is using some form of content management system – but the truth is there is still a long way to go with e-signatures.
I’ve heard examples where large organizations create their content electronically but still print the document to have an approver sign it (with ink). Then – and here it gets silly – they scan the signed document as a non-searchable image! To ensure the content is searchable again, they now need to run it through an optical character recognition (OCR) process.
Enlightened organizations have realized that they can avoid these time-consuming and redundant steps by leveraging electronic signatures. We’re seeing more of this corporate awareness in Europe than in North America at the moment.
Regulations around digital signatures vary around the world. Just this year in the US, both Houses of Congress named June 30 ‘National E-SIGN’ Day in support of the Electronic Signatures in Global and National Commerce Act (known as E-SIGN).
So, what exactly is an electronic signature? Essentially, it allows an organization to replace legacy ‘wet’ (ink–based) signature processes with an entirely electronic solution that still allows them to ensure the validity and authenticity of the content.
“Electronic signature” is a broadly used term that can mean different things. In some cases, people will simply stamp a scanned image of somebody’s ‘wet’ signature onto a page and call that an electronic signature. Others will simply apply text drawn from the system about who is signing, the reason, date etc. and call that a ‘signature’. Both of these are seriously lacking in terms of true authentication.
A Better Solution: the Digital Signature
A better electronic signature solution leverages digital signature technology. A digital signature is a cryptographic-based scheme to provide assurance that a document has not been modified or tampered with since the signature was applied.
The ‘signing’ process involves the use of a validated “certificate” from a trusted source and given to a user. It lets people sign a document the same way they may have previously applied a ‘wet’ signature to the page. The cryptographic “certificate” validates that a particular user is who they say they are.
The result is a signed document that can be validated from two perspectives: the identity of the signatory, and the integrity of the original document. The integrity is maintained because the digital signature will immediately indicate a problem if any change or alteration to the document is made.
eSig vs dSig
The terms, “electronic signature” and “digital signature” are often used interchangeably, but they can mean different things in different countries.
Speaking to a customer in Argentina recently, I learned that Digital Signature is the term used when the certificates are approved by the government, and all other certificate-based signing is called Electronic Signature – so the confusion is likely to stay with us for a while yet.
Digital signatures can be applied to the original source documents (e.g. Microsoft Office) but often they are applied to the PDF renditions which act as an accessible snapshot of the source file, validated by a digital signature. This process can be performed using desktop tools, but this can cause problems since users have to learn new tools. The application of the technology may be inconsistent across an enterprise, which increases risk and the cost of a fragmented approach can be significant.
Server-based Signing Solution
A server-based signing solution is a significant step toward simplifying the process of using digital signatures in an automated workflow. The user does not need to go through a multi-step process in order to apply the signature, which results in significant savings related to end-user training. Since the process is deployed from a centrally managed service, it can be applied uniformly across an organization, thereby reducing risks and costs.
If you appreciate the value of electronic over paper, and automated over manual processes, then include digital signing as a key weapon in your information management strategy.
No more pens!