E-signatures Overview: What You Need to Know!

Posted on Tuesday, February 12th, 2019

e signature on tablet graphic

With today’s technology, an electronic signature (e-signature) can be as simple as a typed name or a digital image of a handwritten signature. Unmistakably uncomplicated on the user’s side, with the benefit of security- an e-signature can have the same legal validity and enforceability of the traditional pen signature.

The terms “electronic signature” and “digital signature” are often confused and used interchangeably. However, the distinction is important when it comes to the integrity and security of documentation. An electronic signature is a simple way to indicate consent on a digital document, whereas a digital signature is the technology that secures the electronic signature.

Out with the old, in with the new…with good reason!

An electronic signature delivers the level of trust and security that a customer wants and needs. Some are hesitant to adopt e-signature technology because they are comfortable with paper signature, but e-signature has more security benefits than a traditional pen on paper signature! An e-signature carries layers of information about who signed what, when, where, and how, through an audit trail. This protects the integrity of your signatures, whereas paper signatures are vulnerable to forgery. After all, it’s possible to reproduce a traditional pen on paper signature as well as to alter paper documents after they have been signed.

Levels of security for a variety of users

Digital signature security ensures that the signer is who they claim to be through authentication, which is any process through which you prove and verify information. In e-signature processes, there are multiple levels of ID validation to choose from, therefore different levels of security. The minimum level is to use a valid email address. Want even more security? Further validation can include SMS, adding 3rd party customized advanced methods, or by using the ultimate solution – Public Key Infrastructure (PKI) private key generation as provided by an add-on Entrust software as a service (SaaS). Industry regulations for security in e-signature include ESIGN, UETA, PIPEDA, ECA, and the EU Digital Signature Directive.

What about even stronger protection?

Digital signature refers to the use of a key pair- a public and a private key. Public Key Infrastructure will ensure that your privacy needs are met and that a signing party cannot deny that they signed. The public key, as the name implies, is shared publicly among the aspects that come into contact with the document. The private key is not shared. A signed document is encrypted with both keys, which prevents tampering or other modifications. The only communication of keys between the client and the server are the signed certificates that contain the client public key. E-signature ensures integrity due to the PKI workflow. It makes sure that the content of the document has not been changed or altered in any way since it was digitally signed. Each document is ensured to be in-tact and tamper-evident through the cloud-based PKI Digital Signature Scheme, which assures the integrity of the document and signatures every step of the way.

Can a signer deny that they signed a document? The risk of a signer denying that they signed a document is minimized in the case of PKI based e-signature because a customer’s signature is permanently bound to the exact contents of the document at the time of signing. Since the private key is personal and secret, the signers of a document cannot make claims that they did not sign the document. Process evidence and platform monitoring protects the security of customer data. An audit trail tracks the steps in the signature process in order to verify the signer and document authenticity. This involves application and system logging that provides a digital record of the users accessing the document.

Legality in Canada

Various governments across the world recognize e-signatures. They aim to build confidence in electronic commerce and the technology underlying it. So, what is the law concerning e-signature in Canada? The Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), describes the use of secure “electronic signatures” in Canada:

  • the electronic signature must be unique to the person using it;
  • the person whose electronic signature is on the document must have control of the use of the technology to attach the signature;
  • the technology must be used to identify the person using the electronic signature;
  • the electronic signature must be linked to an electronic document to determine if the document has been changed after the electronic signature was attached to it.

Algonquin – Increasing E-Signature Use!

Use of Signority (www.signority.com) – a SaaS electronic signature service – at Algonquin is growing. As just one-use case example, before e-signature was implemented within the Centre for Continuing and Online Learning (CCOL), academic staff would receive a contract attached to an email, and then print, sign, scan, and attach to another email to send it back, or fax it back or mail it back to the College. This entire process meant that it would take weeks for the College to receive all its contracts. Since implementing e-signature using Signority, it now only takes several days to send and receive most contracts each school term, and many staff have positively commented on how much they prefer the new electronic process.

Most departments have a need for routing and signing agreements of one form or another, either internally or externally. It is highly recommended to staff that they try an e-signature pilot to see how it might aid their business area. Licenses are provided by ITS thus there is no software cost to the end department. Check out Signority for yourself and see how easy it is to use!

 

Craig Delmage, CISSP

Senior Manager, Information Security and Data Privacy


Comments

Comments are closed.