Digital & Electronic Signature FAQ

A Digital signature (standard electronic signature) takes the concept of traditional paper-based signing and turn it into an electronic "fingerprint.” This "fingerprint,” or coded message, is unique to both the document and the signer and binds both of them together. The digital signature ensures the authenticity of the signer. Any changes made to the document after it is signed invalidate the signature, thereby protecting against signature forgery and information tampering. E-signatures help organizations sustain signer authenticity, accountability, data integrity and non-repudiation of electronic documents and forms.

Watch video to see how a digital signature works.  

An electronic signature is defined as an electronic sound (e.g., audio files of a person's voice), symbol (e.g., a graphic representation of a person in JPEG file), or process (e.g., a procedure that conveys assent), attached to or logically associated with a record, and executed or adopted by a person with the intent to sign the record. An electronic signature is easy to implement, since something as simple as a typed name can serve as one. Consequently, e-signatures are very problematic with regards to maintaining integrity and security, as there is nothing to prevent one individual from typing another individual's name. Due to this reality, an electronic signature that does not incorporate additional measures of security (similar to a digital signature, described above) are considered an insecure way of signing documentation.

It is estimated that 30 billion paper documents are copied or printed by US companies annually. When factoring copying, scanning, archiving, routing, and retrieving lost documents, the associated costs of each signature are estimated at $6.50 each. The average authorized employee signs 500 documents a year at a total cost of $3,250. Organizations are implementing electronic signature solutions to:

• Cut operational costs   
• Automate and expedite business processes  
• Address legal compliance and limit liability 
• Go green

Calculate the return on investment of implementing a digital signature solution in your organization by downloading our digital signature ROI whitepaper and Excel spreadsheet.

Perform a quick ROI calculation with our online digital signature ROI calculator.  

Many aspects of an organization's workflow processes require formal authorizations or approvals. The table below outlines samples of these documents and processes:

Using Bob and Alice, we can illustrate how a standard digital signature (standard electronic signature) is applied and verified.

From Bob's perspective, the signing operation can be as simple as a click of a button. But several things are happening with that one click:

Yes. In 1999, the EU passed the “EU Directive for Electronic Signatures” and on June 30, 2000, President Clinton signed into law the Electronic Signatures in Global and National Commerce Act ("ESIGN"), which made signed electronic contracts and documents as legally binding as a paper-based contract.

Today, digital signature solutions (standard electronic signature) carry recognized legal significance, allowing organizations to comply with regulations worldwide. Learn more about the laws passed regarding the use of digital signature solutions.

Important milestones in the acceptance of digital signature solutions (standard electronic signature solutions) into business practices took place in 1999 and 2000 respectively, when the EU passed the “EU Directive for Electronic Signatures” and President Clinton signed into law the Electronic Signatures in Global and National Commerce Act ("ESIGN").

Furthermore, legal precedents are being established that confirm the validity of electronic documents and contracts. Following are a few examples:

• Cloud Corp. v. Hasbro Inc., 314 F.3d 289 (7th Cir. 2002) - electronic documentation satisfied the Statute of Frauds.  
• Sea-Land Service, Inc. v. Lozen International, LLC, 285 F.3d 808; 2002 WL 496943 (9th Cir. 2002) – ruled that an internal company e-mail was admissible evidence.  
• Moore v. Microsoft Corp., 741 N.Y.S.2d 91 (April 5, 2002) – By clicking “I agree,” the terms of the End User License Agreement were valid and binding.

Nicholas Leeson forged handwritten signatures of his boss and caused the collapse of Barings Bank, the United Kingdom's oldest investment bank. While both the handwritten and digital signature (standard electronic signature) are legally-binding, only the digital signature ensure non-repudiation of documents. For example, any changes made to an electronically signed document are clearly indicated and will immediately invalidate the signature, thereby protecting against forgery.

• Providing evidence of user authenticity (verifies the signer’s identity)
• Guaranteeing data integrity (data has not been altered since the document was signed) 
• Ensuring non-repudiation of signed electronic documents 
• Complying with regulations

What considerations should be taken into account when choosing a digital signature (standard electronic signature) solution that will maximize the business benefits of moving to a paperless environment? 

1. Seals the document: Some solutions offer a weak, non-standard electronic signature, which can be tampered and are not legally binding. It is best to choose a solution that is based on digital signature technology (PKI – Public Key Infrastructure), thereby guaranteeing document integrity and legal compliance.  
2. Compliance: Review the regulations within your industry, ensuring the electronic signature solution addresses all industry requirements.  
3. Multiple Application Support: Some solutions offer electronic signature support for Microsoft® Word or PDF documents only. Find a solution that supports all applications in order to address current, as well as future, business requirements. 
4. Transportability: Ensure the electronic signature is part of the document and that the signed documents may be validated by an outside user without having to install a proprietary software application. 
5. Graphical Signature Support: Although graphical signatures are not technically or legally mandated, a graphical e-signature has the psychological benefit of easing the transition to a paperless environment, because the e-signature on the electronic document appears as it would on a paper document. 
6. Seamless User Registration: Ask the vendor how users are enrolled and how changes to user information are updated. Many electronic signature solutions require a new user to go through a complex software “wizard” or go through several steps to enroll or update their information. For fast rollout and easy adoption within the organization, registration should be transparent to the user.
7. Multiple Signings on the Same Document: Some electronic signature solutions allow for only one e-signature on a document. Look for a solution that can support your business logic and multiple signatures on the same document. 
8. Simple To Use: Some electronic signature solutions require multiple steps to e-sign a document. It should only take 1 or 2 mouse-clicks to ensure that the document is sealed and legally enforceable. 
9. Zero IT Management: The electronic signature solution should be operational as soon as it is deployed. Help desk and IT support should be minimal.
10. Low Total Cost Of Ownership: Remember to account for initial cost, deployment, help desk, digital certificates (which may be a recurring annual cost) and development of support for the applications that require electronic signatures.

Please reference How to Choose the Best Electronic Signature Software for more detailed information on choosing the best e-signature solution for your business.

Public Key Infrastructure (PKI) is the basis for the digital signature (standard electronic signature) today. PKI provides each user with a pair of keys, a Private Key and a Public Key, used in every signed transaction. The Private Key, as the name implies, is not shared and is used only by the signer to electronically sign documents. The Public Key is openly available and used by those that need to validate the signer’s electronic signature. PKI encompasses different components which include a Certificate Authority (CA), end-user enrollment software, and tools for managing, renewing, and revoking keys and certificates.

Qualification as an SSCD is necessary for a digital signature (standard electronic signature) solution to comply with the EU Directive for Electronic Signatures. An SSCD is defined by the EC Directive 99/93 on Electronic Signatures as follows:

• Secure signature-creation devices must, by appropriate technical and procedural means, ensure: 
• The signature-creation data used for signature generation can occur only once, and that their secrecy is reasonably assured. 
• The signature-creation data used for signature generation cannot, with reasonable assurance, be derived and the signature is protected against forgery using currently available technology. 
• The signature-creation data used for signature generation can be reliably protected by the legitimate signatory against the use of others. 
• Secure signature-creation devices must not alter data to be signed or prevent such data from being presented to the signatory prior to the signature process.