What is a Digital Signature?
What is a Digital Signature?
Think about a digital signature like an “electronic fingerprint”. Using a securely coded message, the digital signature associates the signer with a document in a recorded and secure transaction. The standard accepted format for digital signatures is called a Public Key Infrastructure (PKI). This provides the highest level of security and is universally accepted as a specific type of electronic signature (eSignature).
Digital Signature vs. Electronic Signature
eSignatures covers a fairly broad category encompassing many types of electronic signatures. This category includes digital signatures which is one specific type of eSignature. Both digital signatures and other solutions in the eSignature category allows you to authenticate and sign documents. What the difference is though is in the acceptance of a digital signature versus all other types of eSignatures due to technical implementation, legal, cultural, and even geographical use.
This means that specifically, eSignatures varies greatly between countries that may use more open technology-neutral laws – Canada, United States, United Kingdom and Australia – to those countries using technology based on local standards – European Union, South America, Asia. Additionally, certain industries will support standards that a specific digital signature technology will be based on.
So How does a Digital Signature Work?
Imagine digital signatures as similar to a handwritten signature. They are each unique to the signer.
As an example, here at Interfacing, we follow a specific protocol called PKI. This allows for us to use FDA 21 CFR part 11, which uses the highest global standards in place (more about that later on). PKI requires the document provider to generate two keys. These keys are mathematical algorithms (long numbers) in which one will be a private key and the other is a public key.
Now when a document is electronically signed, the signature is created by using the signers private key, which if course is kept securely in place by the signer. This is now where the mathematical algorithm comes in. It will act as a cypher and create data to match the signed document. This process is known as a “hash” and will encrypt the data. The result is that the encrypted data is now the digital signature. This signature will also show the time the document was electronically signed. At this point, if for whatever reason the document is changed, the digital signature will become automatically invalidated.
Let’s look at an example. Amanda has just signed an electronic agreement to sell her home using her private key. The buyer, Nicholas now receives the document. Nicholas also received the public key that came with the document. If this public key cannot validate the signature (using the cypher created by the keys) it means that this signature is either not Amanda’s, or that the document was changed since it was signed. Her signature is now considered invalid.
When we talk about the integrity of a digital eSignature, we need to discuss how PKI’s requirement is that the keys need to be created, used, and saved all in a secure form. This manner of security normally requires the use of a reliable Certificate Authority (CA). RSA is one company for example that provides secure certification.
How You Benefit with Digital Signatures:
Enterprise Process Center Suite
All details included to prevent tampering or forgery
Once the document has been certified, it will include the users signature image, timestamp, user info, and document encryption. Each detail supporting the digital signature will be listed in the PDF Audit tab and verified accordingly.
The value is in time savings
Auto re-certification. An industry leading innovation
Built out a customized Docker based robust, re-usable digital-signature micro-service.
Enterprise Process Center Suite – Digital Signature Process Explained
Did You Know?
The Enterprise Process Center Suite supports ROLE based workflows – meaning the resource doesn’t need to be assigned directly, a role can be assigned in its place.
Approval Suggestion in the Enterprise Process Center Suite recommends the approval workflow based on similarity analysis of related content to help the user decide who is the most applicable approver.
Enterprise Process Center Suite – Digital Signature General Workflow
An editor assigns approvers and sends the object for approval.
The approvers receive an in-app and email notification.
The approvers navigate to the object and see the option to preview the document.
The users click on the approved button (assuming they are approving).
An authentication window is prompted including the approvers’ signature.
Each time a user approves the object, their signature is added into the document.
Once the object is published, an auditor can go to the version history of the object and download/preview the document with all the signatures.
Digital Signature FAQ
Can I create a digital signature in the Enterprise Process Center Suite?
Yes, you will be able to create digital signatures using Enterprise Process Center Suite (EPC). The digital signature is integrated in the EPC tool directly for approvals, meaning you can certify that you have legitimatley approved a new version of a process, role, document, etc.
What is the digital signature that the Enterprise Process Center Suite offers?
The digital signature provided in EPC is the FDA 21 CFR part 11. This allows you to make a compliant and paperless document effectively streamlining secure delivery to its recipient.
Why is a digital signature important?
Digital signatures that use PKI technology, utilize an internationally recognized standard that helps to prevent forgery or document changes after signing.
An important feature offered by Enterprise Process Center Suite is that it will assign a digital signature not only the document, but to all the data attached to the document. Security is found in the data of the document, thereby providing an industry leading innovative measure of trust in document encryption.
Can you explain what a Certificate Authority (CA) is?
Public and Private keys for digital signatures need to be protected. This is the only way they will ensure safety and prevent malicious use or forgery. You need assurance every time you sign a document and that both the document and keys associated with it are valid as one. CA’s are a type of trust service provider. These are third-party organizations that have been accepted globally as a reliable resource to ensure security and provide the appropriate digital certificates.
Trial Our Digital Signature Now!
Document, improve, standardize, and monitor your business processes, risks and performance with Interfacing’s Enterprise Process Center®!