What is a Digital Signature?

What is a Digital Signature?

Think about a digital signature like an “electronic fingerprint”. Using a securely coded message, the digital signature associates the signer with a document in a recorded and secure transaction. The standard accepted format for digital signatures is called a Public Key Infrastructure (PKI). This provides the highest level of security and is universally accepted as a specific type of electronic signature (eSignature).

 

Digital Signature vs. Electronic Signature

eSignatures covers a fairly broad category encompassing many types of electronic signatures. This category includes digital signatures which is one specific type of eSignature. Both digital signatures and other solutions in the eSignature category allows you to authenticate and sign documents. What the difference is though is in the acceptance of a digital signature versus all other types of eSignatures due to technical implementation, legal, cultural, and even geographical use.

This means that specifically, eSignatures varies greatly between countries that may use more open technology-neutral laws – Canada, United States, United Kingdom and Australia – to those countries using technology based on local standards – European Union, South America, Asia. Additionally, certain industries will support standards that a specific digital signature technology will be based on.

So How does a Digital Signature Work?

 

Imagine digital signatures as similar to a handwritten signature. They are each unique to the signer.

As an example, here at Interfacing, we follow a specific protocol called PKI. This allows for us to use FDA 21 CFR part 11, which uses the highest global standards in place (more about that later on). PKI requires the document provider to generate two keys. These keys are mathematical algorithms (long numbers) in which one will be a private key and the other is a public key.

Now when a document is electronically signed, the signature is created by using the signers private key, which if course is kept securely in place by the signer. This is now where the mathematical algorithm comes in. It will act as a cypher and create data to match the signed document. This process is known as a “hash” and will encrypt the data. The result is that the encrypted data is now the digital signature. This signature will also show the time the document was electronically signed. At this point, if for whatever reason the document is changed, the digital signature will become automatically invalidated.

Let’s look at an example. Amanda has just signed an electronic agreement to sell her home using her private key. The buyer, Nicholas now receives the document. Nicholas also received the private key that came with the document. If this public key cannot decrypt the signature (using the cypher created by the keys) it means that this signature is either not Amanda’s, or that the document was changed since it was signed. Her signature is now considered invalid.

When we talk about the integrity of a digital eSignature, we need to discuss how PKI’s requirement is that the keys need to be created, used, and saved all in a secure form. This manner of security normally requires the use of a reliable Certificate Authority (CA). RSA is one company for example that provides secure certification.

How You Benefit with Digital Signatures:
Enterprise Process Center Suite

l

All details included to prevent tampering or forgery

Once the document has been certified, it will include the users signature image, timestamp, user info, and document encryption. Each detail supporting the digital signature will be listed in the PDF Audit tab and verified accordingly.

l

The value is in time savings

With Enterprise Process Center Suite, you will no longer need to manually generate documents in one tool then load them to another tool, sign them, and then manually bring them back again. This is done automatically for you.
 
l

Auto re-certification. An industry leading innovation

digital_signature_seal

As an industry leading innovation, Enterprise Process Center Suite will auto re-certify that both the public key and private key
 information matches at the point of audit verification. You will see this with a confirmation seal.
Normally this verification is done manually but our Enterprise Process Center Suite will accomplish this task automatically, allowing the user to easily identify if the seal confirms successful verification. Without the seal, the document will be recognized as having been tampered with.
l

Built out a customized Docker based robust, re-usable digital-signature micro-service.

As a result, we support many different aspects of digital signature technology. For example, we support the PDF e-signature standard, allowing you to digitally sign any PDF. Additionally we can also digitally sign any unit of data content using this method.
 
So when a user approves a document, we can digitally sign the PDF (human-centric) while at the same time, digitally sign the database content (data-centric) related to the document. This will ensure that we have a complete snapshot of the information: document and data used to generate the document together.
 

Enterprise Process Center Suite – Digital Signature Process Explained

The process of approval is quick and easy with the selection of authorized individuals assigned with Approver designation.
You may now check your document for authorized verification of the digital signature. The seal to the right indicates it is currenlty certified.
When an auditor intends to review both history and control, they can open the file from the process version history icon to display the following information.

Did You Know?

Enterprise Process Center Suite digital signatures can contain multiple approvals.  

The Enterprise Process Center Suite supports ROLE based workflows – meaning the resource doesn’t need to be assigned directly, a role can be assigned in its place.

The Enterprise Process Center Suite supports both serial and parallel workflows.

Approval Suggestion in the Enterprise Process Center Suite recommends the approval workflow based on similarity analysis of related content to help the user decide who is the most applicable approver.

Enterprise Process Center Suite – Digital Signature General Workflow

An editor assigns approvers and sends the object for approval.

r

The approvers receive an in-app and email notification.

U

The approvers navigate to the object and see the option to preview the document.

The users click on the approved button (assuming they are approving).

l

An authentication window is prompted including the approvers’ signature.

h

Each time a user approves the object, their signature is added into the document.

Once the object is published, an auditor can go to the version history of the object and download/preview the document with all the signatures.

Digital Signature FAQ

Can I create a digital signature in the Enterprise Process Center Suite?

Yes, you will be able to create digital signatures using Enterprise Process Center Suite (EPC). The digital signature is integrated in the EPC tool directly for approvals, meaning you can certify that you have legitimatley approved a new version of a process, role, document, etc.

What is the digital signature that the Enterprise Process Center Suite offers?

The digital signature provided in EPC is the FDA 21 CFR part 11. This allows you to make a compliant and paperless document effectively streamlining secure delivery to its recipient.

Why is a digital signature important?

Digital signatures that use PKI technology, utilize an internationally recognized standard that helps to prevent forgery or document changes after signing.

An important feature offered by Enterprise Process Center Suite is that it will assign a digital signature not only the document, but to all the data attached to the document. Security is found in the data of the document, thereby providing an industry leading innovative measure of trust in document encryption.

 

Can you explain what a Certificate Authority (CA) is?

 

Public and Private keys for digital signatures need to be protected. This is the only way they will ensure safety and prevent malicious use or forgery. You need assurance every time you sign a document and that both the document and keys associated with it are valid as one. CA’s are a type of trust service provider. These are third-party organizations that have been accepted globally as a reliable resource to ensure security and provide the appropriate digital certificates.

Trial Our Digital Signature Now!

Document, improve, standardize, and monitor your business processes, risks and performance with Interfacing’s Enterprise Process Center®!

Share This