Max Digital Signatures Top 10 Questions

  1. What is a digital signature?
    2. A digital signature (standard electronic signature) takes the concept of traditional paper-based signing and turns it into an electronic "fingerprint.” This "fingerprint,” or coded message, is unique to both the document and the signer and binds both of them together. The digital signature ensures the authenticity of the signer. Any changes made to the document after it is signed invalidate the signature, thereby protecting against signature forgery and information tampering. Digital signatures help organizations sustain signer authenticity, accountability, data integrity and non-repudiation of electronic documents and forms.
  2. What is an electronic signature?
    3. An electronic signature is defined as an electronic sound (e.g., audio files of a person's voice), symbol (e.g., a graphic representation of a person in JPEG file), or process (e.g., a procedure that conveys assent), attached to or logically associated with a record, and executed or adopted by a person with the intent to sign the record. An electronic signature is easy to implement, since something as simple as a typed name can serve as one. Consequently, e-signatures are very problematic with regards to maintaining integrity and security, as there is nothing to prevent one individual from typing another individual's name. Due to this reality, an electronic signature that does not incorporate additional measures of security (similar to a digital signature, described above) are considered an insecure way of signing documentation.
  3. What is the difference between a digital signature and an electronic signature?
    4. A digital signature, often referred to as advanced or standard electronic signature, is a sub group within electronic signatures which provide the highest form of signature and content integrity as well as universal acceptance. The digital signature is based on Public Key Infrastructure (PKI) and is a result of a cryptographic operation that guarantees signer authenticity, data integrity and non-repudiation of signed documents. The digital signature cannot be copied, tampered or altered. In addition, because they are based on standard PKI technology, digital signatures made within one application (e.g. Microsoft® Word, Adobe® PDF) can be validated by others using the same applications. On the other hand, an electronic signature is a proprietary format (there is no standard for electronic signatures) that is an electronic data, such as a digitized image of a handwritten signature, a symbol, voiceprint, etc., that identifies the author(s) of an electronic message. An electronic signature is vulnerable to copying and tampering, making forgery easy. In many cases, they are not legally binding and will require proprietary software to validate the e-signature.
  4. What is PKI?
    5. Public Key Infrastructure (PKI) is the basis for the digital signature (standard electronic signature) today. PKI provides each user with a pair of keys, a Private Key and a Public Key, used in every signed transaction. The Private Key, as the name implies, is not shared and is used only by the signer to electronically sign documents. The Public Key is openly available and used by those that need to validate the signer’s electronic signature. PKI encompasses different components which include a Certificate Authority (CA), end-user enrollment software, and tools for managing, renewing, and revoking keys and certificates.
  5. Why do companies adopt electronic signature solutions?
    6. It is estimated that 30 billion paper documents are copied or printed by US companies annually. When factoring copying, scanning, archiving, routing, and retrieving lost documents, the associated costs of each signature are estimated at $6.50 each. The average authorized employee signs 500 documents a year at a total cost of $3,250. Organizations are implementing electronic signature solutions to:
    • Cut operational costs
    • Automate and expedite business processes
    • Address legal compliance and limit liability
    • Go green
  6. What legislation and regulations define the legality of an electronic signature?
    7. In recent years, most countries worldwide have adopted legislation and regulations that recognize the legality of a digital signature (standard electronic signature) and deem it a binding signature. In addition to governments, many industries have established regulations (e.g., FDA 21 CFR Part 11 in the Life Sciences industry) that define digital signatures as a replacement for handwritten signatures.
    Since Max Digital Signatures is a digital signature solution, a secure form of e-signatures, it can provide legal compliance in the most tightly regulated industries and geographies. Max Digital Signatures offers a solution that is Federal Information Processing Standards Publication ( FIPS) FIPS 140-2 Level 3 certified and is based on the Digital Signature Standard (FIPS 186-2). With the proper standard operating procedures in place, Max Digital Signatures can comply with ESIGN, EU Directives and VAT law, FDA 21CFR part 11, HIPAA and SOX.
    Legislation
    1. U.S. - Electronic Signature in Global and National Commerce Act (ESIGN)
    2. U.S. - Uniform Electronic Transactions Act (UETA) - adopted by 48 states
    3. U.S. - Digital Signature And Electronic Authentication Law (SEAL)
    4. U.S. - Government Paperwork Elimination Act (GPEA)
    5. U.S. - The Uniform Commercial Code (UCC)
    6. Canada - Uniform Electronic Commerce Act (UECA)
    7. UK - Electronic Communications Act 2000 (chapter 7)
    8. Europe - EU Directive for Electronic Signatures (1999/93/EC)
    9. Europe - EU VAT Directive
    10. China - Electronic Signature Law of the People's Republic of China
    11. For additional information on other countries, visit the Digital Signature Law Survey.
    Industry Regulations and Standards
    1. Life Sciences - FDA's 21 CFR Part 11
    2. Healthcare - Health Insurance Portability and Accountability Act (HIPAA)
    3. Homeland Security - Public Law 108-390
    4. Engineering - PE Board Regulations
    5. Finance - Financial Services Modernization Act of 1999 (Gramm-Leach-Bliley)
    6. Environmental - Cross-Media Electronic Reporting Regulation (CROMERR)
    7. Public Companies - Sarbanes-Oxley Act of 2002
    8. Veterinary/Equine - USDA EIA (Coggins) Testing
    9. Aviation - FAA's CFR Title 14
    10. European Telecommunications Standards Institute (ETSI)
    11. ISO (9001:2000)
    12. Joint Commission on Accreditation of Healthcare Organizations (JCAHO)
  7. Have there been Legal Cases for the acceptance of Digital Signatures?
    8. Important milestones in the acceptance of digital signature solutions (standard electronic signature solutions) into business practices took place in 1999 and 2000 respectively, when the EU passed the “EU Directive for Electronic Signatures” and President Clinton signed into law the Electronic Signatures in Global and National Commerce Act ("ESIGN").
    Furthermore, legal precedents are being established that confirm the validity of electronic documents and contracts. Following are a few examples:
    • Cloud Corp. v. Hasbro Inc., 314 F.3d 289 (7th Cir. 2002) - electronic documentation satisfied the Statute of Frauds.
    • Sea-Land Service, Inc. v. Lozen International, LLC, 285 F.3d 808; 2002 WL 496943 (9th Cir. 2002) – ruled that an internal company e-mail was admissible evidence.
    • Moore v. Microsoft Corp., 741 N.Y.S.2d 91 (April 5, 2002) – By clicking “I agree,” the terms of the End User License Agreement were valid and binding.
  8. Does a digital signature really seal an electronic document?
    9. Yes. Standard digital signatures “seal” documents:
    1. Providing evidence of user authenticity (verifies the signer’s identity)
    2. Guaranteeing data integrity (data has not been altered since the document was signed)
    3. Ensuring non-repudiation of signed electronic documents
    4. Complying with regulations
  9. How safe is a digital signature vs. handwritten signatures?
    10. Nicholas Leeson forged handwritten signatures of his boss and caused the collapse of Barings Bank, the United Kingdom's oldest investment bank. While both the handwritten and digital signature (standard electronic signature) are legally-binding, only the digital signature ensure non-repudiation of documents. For example, any changes made to an electronically signed document are clearly indicated and will immediately invalidate the signature, thereby protecting against forgery.
  10. How do I choose an electronic signature solution?
    11. What considerations should be taken into account when choosing a digital signature (standard electronic signature) solution that will maximize the business benefits of moving to a paperless environment?
    1. Seals the document: Some solutions offer a weak, non-standard electronic signature, which can be tampered and are not legally binding. It is best to choose a solution that is based on digital signature technology (PKI – Public Key Infrastructure), thereby guaranteeing document integrity and legal compliance.
    2. Compliance: Review the regulations within your industry, ensuring the electronic signature solution addresses all industry requirements.
    3. Multiple Application Support: Some solutions offer electronic signature support for Microsoft® Word or PDF documents only. Find a solution that supports all applications in order to address current, as well as future, business requirements.
    4. Transportability: Ensure the electronic signature is part of the document and that the signed documents may be validated by an outside user without having to install a proprietary software application.
    5. Graphical Signature Support: Although graphical signatures are not technically or legally mandated, a graphical e-signature has the psychological benefit of easing the transition to a paperless environment, because the e-signature on the electronic document appears as it would on a paper document.
    6. Multiple Signings on the Same Document: Some electronic signature solutions allow for only one e-signature on a document. Look for a solution that can support your business logic and multiple signatures on the same document.
    7. Simple To Use: Some electronic signature solutions require multiple steps to e-sign a document. It should only take 1 or 2 mouse-clicks to ensure that the document is sealed and legally enforceable
    8. Zero IT Management: The electronic signature solution should be operational as soon as it is deployed. Help desk and IT support should be minimal.
    9. Low Total Cost Of Ownership: Remember to account for initial cost, deployment, help desk, digital certificates (which may be a recurring annual cost) and development of support for the applications that require electronic signatures.