QUERCUS BLOG
Industry Insights from Our Experts

Electronic and Digital Signatures

Filed under Business Processes, Productivity, Security

This is Part Two of our ongoing Electronic Records Management series.

What are Electronic Signatures?

ElectronicSigs01Electronic signatures, just like paper signatures, are legally recognized strings of characters applied to a record or document that indicate the signatory’s approval. What differentiates electronic signatures from paper signatures is that their authenticity is verified not by a unique and characteristic pen flourish, but by a digital signature that is unique to each signatory.

So what’s the difference between electronic signatures and digital signatures? “Electronic signature” is an umbrella term that refers to a wide array of different signing techniques. Different types of electronic signatures have different legal and social ramifications. Because contract laws vary by country, digital signatures are regulated to have stringent legal standing as the most secure and binding form of electronic signature and these regulations vary by region.

Digital signatures follow a specific technological design protocol called Public Key Infrastructure, or PKI for short. PKI requires that digital signature service providers, such as Entrust, provide a mathematical algorithm that generates two keys: a private key and a public key. When a document is signed, the signatory’s private key generates data that uniquely matches the document. This unique data is known as a hash. The private key then encrypts the hash and generates the completed digital signature, which is stamped with the time of encryption. If the document changes after it is signed, the digital signature is no longer valid.

ElectronicSigs02

When a signed document is received, the digital signature can be verified by anyone with the public key that corresponds to the private key with which the document was signed. The public key decrypts the signature to generate a hash. If the public key hash matches the hash originally generated by the private key, the signature is verified.

PKI also requires digital certificates to accompany digital signatures. Digital certificates contain the signature’s public key and a certification from the digital signature service provider, such as Quercus, that the signature has been generated securely and that the public key belongs to the signatory.

Electronic Signature Advantages

Digital signatures are inherently more secure than handwritten signatures, because they use a system of complex, proprietary encryption and decryption that allows immediate validation or invalidation of the signature as soon as it is decrypted. If an electronic signature follows the PKI protocol, it is highly improbable for a malicious third party or a dishonest signatory to forge signatures or tamper with the document after it is signed.

As well, digital signatures may be attached to documents with the click of a button and integrate perfectly into most electronic record management systems already in place. This allows for a streamlined flow of data from signatories to recipients, without documents needing to be printed or faxed any time a signature is required.

As well, because digital signatures are regulated at both the Federal and Provincial levels in Canada, digital signatures are always generated in accordance with stringent legislation that ensures each digital signature’s legitimacy and legality.

Legality and Legislation

In Alberta, digital signatures are regulated by the Personal Information Protection Act (PIPA), which was legislated by the provincial government in accordance with its federal groundwork, the Personal Information and Electronic Documents Act (PIPEDA). Both acts require that valid “secure electronic signatures” must have undergone hashing, private key encryption, and must be accompanied by either digital certification or access thereto. As well, the “secure electronic signature” must be decrypted by the public key and the public and private key hashes must match in order for the signature to be validated.

Resources

https://www.docusign.ca/how-it-works/electronic-signature/digital-signature/digital-signature-faq
http://laws-lois.justice.gc.ca/eng/regulations/SOR-2005-30/page-1.html
http://www.qp.alberta.ca/1266.cfm?page=P06P5.cfm&leg_type=Acts&isbncln=9780779762507

Copyright 2017 by Quercus Solutions
Login