Digital signature

Digital signature

 Written by Ana Canteli on 27 october 2017

In a 100% digital world, there would be no need of printers, scanners or courier services. We wouldn’t need print documents, and the processes would work smoothly from the input devices to all output devices.
This that is reality for leading companies of the market, it is not so for the most of companies; either for their forms, contracts, programmes that are caught in the past century. Waiting for wet ink on paper from death trees.
Most companies face similar challenges: long processing times, delayed response times, slow review and processes, or poor accessibility and sharing procedures.

The e-signature can solve or introduce the necessary improvements to change these tendencies in our daily work with electronic documents.

What is a digital signature and other important terms

A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document.

A digital signature scheme usually consists of 3 algorithms;

"120px;"A key generation algorithm.To generate a signature, a mathematical algorithm is used to combine the information in a key with the information in the message. The result is a random-looking string of letters and numbers.
"120px;"A signing algorithm that, given a message and a private key, produces a signature.
"120px;"A signature verifying algorithm that, given the message, public key and signature, either accepts or rejects the message's claim to authenticity.

It is important not confuse the term with the digital certificate. A digital certificate is a “password” that allows a person, PC, company or organization, to exchange information securely over the Internet using the Public Key Infrastructure (PKI).

The Public Key Infrastructure is an electronic document used to prove the ownership of a public key. A Public Key is any cryptographic system that uses pairs of keys: public keys which may be disseminated widely, and private keys which are known only to the owner.

This accomplishes two functions:

"120px;"Authentication; because the public key is used to verify that a holder of the paired private key sent the message, and
"120px;"Encryption; whereby only the holder of the paired private key can decrypt the message encrypted with the public key.

In a normal public-key infrastructure (PKI) model, the certificate issuer is a certificate authority (CA), usually a company that charges customers to issue certificates for them. The most common format for public key certificates is defined by X.509. However, like any chain, a public key infrastructure is only as strong as its weakest link.
Another choice to approach to using a certificate authorities to authenticate public key information is a decentralized trust model called a Web of trust. Web of trust is a concept used in PGP, GnuPG, and other OpenPGP-compatible systems to establish the authenticity of the binding between a public key and its owner. Its decentralized trust model is an alternative to the centralized trust model of a public key infrastructure (PKI), which relies exclusively on a certificate authority (or a hierarchy of such).  In a Web of Trust model, individuals sign each other's keys directly, in a format that performs a similar function to a public key certificate.

Most modern email programs support the use of digital signatures and digital certificates, making it easy to sign any outgoing emails and validate digitally signed incoming messages. Digital signatures are also used extensively to provide proof of authenticity, data integrity and non-repudiation of communications and transactions conducted over the Internet.

With the electronic signature companies can:

"120px;"Cut costs: eliminating paper cost, reducing per customer the contact cost and removing the manual steps.
"120px;"Maintains the compliance: the legal framework is enough flexible to adjust to new regulations. The e-signature increase trustworthiness and also helps to detect and prevent fraud.
"120px;"Speed time to closure: the implementation of e-signature produce faster turnaround time ( from sales to contracts ). And reduce the risk to miss revenue.
"120px;"Improve the retention of customers: It provides a better customer experience. Let users enjoy more self-services steps and mobile access.
"120px;"Drive performance. Introducing e-signature in our business, increase the success rate of closing business by offering products and services faster. This subsequently improves the time to market.

What is the difference between an electronic signature and a digital signature?

The e-signature  is a legal concept used to capture a person’s intent to be legally bound by the terms of an agreement or contract.

While a digital signature is  a mathematical algorithm. A cryptographic technology used to make data tamper evident, digitally sign of documents.

Electronic Signature most common objections

User adoption is driven by perception of process, trustworthiness and easy of use. But also the emotional and social prejudices are often underrated. Most people is afraid of e-signing as perceived as insecure. We will see in this article that this is untrue.

But think again about the risks of classy paper-based signing workflow. We can find problems from the beginning. From fraudulent forms to forging of signatures itself. After signing, the authorized documents can be subject of sniffing, or manipulation of signatures or content. Fraud attempts may be internal ( in branch ) or external ( paper in transit )

Trustworthy e-signing solutions can significantly reduce the risk of exposure.

Why e-signatures?

The adoption of the e-signatures in our processes provides the following benefits:

"120px;"Provides a better customer experience. It allows complete a transaction in one session. The client never has to return paperwork due to missing signatures or data. And it reduce drop-off due to process delays.
"120px;"Improves the operation efficiency and reduce costs: the use of electronic signatures reduce document handling, cost-faxing, scanning, imaging, courier, manual, storage and retrieval tasks.
"120px;"Reduce the risk with error-free transactions:The electronic signature contribute to eliminate errors and any missing data or signatures through enforced business rules. It reduces the risk of non-compliant documentation ensuring the integrity and nonrepudiation, demonstrating regulatory and compliance fulfillment requirements

Legal and regulatory acceptance

The e-signature is based, protected and developed under specific laws and regulations promoted by EU and USA.

In the EU we rely on the elDAS ( electronic IDentification, Authentication and trust Services ) regulation. It removes the previous barriers to cross-border recognition of e-identities & e-signatures. It replaces the EU directive and applies uniformity to all EU member states, starting on July 2016. As regulation, it is automatically part of all member states law, and not open to member state interpretation. The eIDAS is more broader than the directive, defining concepts like e-delivery, time stamps, website, authentication, etc.

Advanced e-signatures

It promotes the Advances e-signature as widely adopted form of technology, neutral e-signature in the market today. (“can not be denied legal effect and admissibility as evidence solely, because it is an electronic form or does not meet the requirements for qualified electronic signatures”-eIDAS article 25 paragraph 1)

Qualified e- signatures

It maintains the qualified e-signature to support clear standards on stronger authentication where needed (“has the equivalent legal effect of a handwritten signature” - eIDAS Article 25, paragraph 2”)

In the United States we count on the UETA ( Uniform Electronic Transactions Act ). It provides the same legal framework in 47 states - Illinois, New York and Washington have alternatives-. The ESIGN ( Electronic Signatures in Global and National Commerce Act ) is a federal law to facilitate the use of electronic records and electronic signatures in interstate and foreign commerce; by ensuring the validity and legal effect of contracts entered into electronically.

Both laws legalizes electronic records and electronic signatures with respect to existing laws and regulations.They shows a technology neutral approach and covers contracts, records, disclosures and other documents required by law. They cover legally electronic delivery, retention, accessibility and notarization of electronic records.

The Uniform Commercial Code has been revised to align with ESIGN and UETA requirements. The article 9 enables sale, securitization, syndication of financial instruments, requiring unique original. ( “Contract or signature may not be denied legal effect validity or enforceability solely because it is in electronic form”)

The Electronic signature as opportunity

We can become the implementation of the e-signature as an improvement opportunity throughout the company. To do so, we should establish an improvement process.

Through the OpenKM KCenter Platform, we can meet the special interface requirements of users and business processes.

E-signing has synergies with mobile ID, document composition, capture and preservation; workflow processing and management, as well as data integration via business process automation.  The document management system of OpenKM can capture the information coming from multichannel sources, thanks the SDK'S in Java, PHP and.NET, that enable the integration of the document management software, with other applications that contain electronic documents to be signed. It is able to extract and verify the content of documents thanks the OCR engine and Text Extracted features, embedded on the system.

The e-signature is just a part of a whole signing process; often embedded into an overall use case, based on business process workflow. The enterprise content management of OpenKM offers a workflow engine inserted, that is able to support the most sophisticated business processes, inserting at the same time the digital signature step on them.

The Signature software of OpenKM

OpenKM provides a signature client that allows companies use the type of signature ( digital signature, electronic signature, advanced e-signature, qualified e-signatures ) most convenient to the purposes of the organizations and to the requirements of the users and customers.

The signature client of OpenKM let us sign the electronic documents already stored in OpenKM or inserting them, at the same time that we e-sign the documentation.

The Activity log of OpenKM provides detailed audit trail of every action performed over the file, included the event of signing, being able to following all the electronic transactions within the document .The Signature Client of OpenKM can serve too as a timestamp, as it registers reliably when the document has been signed, who has do it and how.
The signature client of OpenKM can be used to apply the tamper proof protection, because it helps to maintains the integrity of the document's content as each person sign.

In our personal lives, we are willing to e-sing, because it facilitates very much and makes easier the purchase of products and the hiring of services. But in our business we are reluctant. It is time to take the first step and bring the e-signing capabilities into our information ecosystem to benefit from the advantages that the e-signatures provides to all members of the society.