SigniFlow was built with
compliance at the core
The confidence in switching to digital signing lies here.
With so many local and international laws and regulations that are in many cases confusing and even contradictory to one another, how does one achieve total confidence in signing electronic documents?
The secret lies in understanding what a signature is, the difference between handwritten signatures (a.k.a. paper or wet ink signatures), electronic signatures and digital signatures.
By "handwritten signatures", we are referring to signatures made when a person makes their mark by hand, on paper, using wet ink.
Most people around the world are familiar with handwritten signatures, which have historically been the most accepted method of legally binding a person to a contractual commitment.
Authentication of the signer's identity is usually confirmed by introducing another signer (i.e. a co-signer or witness) to the signing ceremony. This person must be present at the time of signing and, by also signing the document, they confirm that it was indeed the main signatory who signed that document at that time and place.
Non-repudiation is almost impossible with handwritten signatures. The authenticity of the handwritten signature itself is very difficult to prove, so processes and accompanying evidence are used to validate this.
Although far from perfect, and open to forgery right from the outset, handwritten signatures served their purpose for a period - before digital - as part of paper-based processes.
GLOBAL LEGAL ACCEPTANCE
The need to sign electronic documents digitally emerged when business transactions started migrating to digital processes.
As is often the case when new technologies emerge, vastly different opinions and methods have preceded the creation of a global standard. Electronic signatures are a prime example of how confusion can be created by different opinions in law and technology.
Although electronic signatures are still accepted in many countries, they have no standard or prescribed method. So - like handwritten signatures - they are open to forgery and non-repudiation is non-existent. To prove authenticity, accompanying process evidence is needed.
An electronic signature can be created using a signature-capturing device or by scanning a handwritten signature to create a digital image, which is then attached to an electronic message.
The very basic form of an electronic signature is when you write your name at the bottom of an email, for instance "Regards, Mark". In many instances of law, this form of signature still binds the sender of the message to the content, making it legally binding under statutory provisions for ordinary electronic signatures.
Electronic signatures have served their purpose as a stepping-stone technology while standards are being created and laws agreed upon, but their days are numbered. The graphical aspect of electronic signatures means they may still have a place in the future, if layered on top of their successor - the digital signature - but only in the form of a visual representation of a handwritten signature, to please the human eye.
GLOBAL LEGAL ACCEPTANCE
IDENTITY OF SIGNER
FAQWHEN PRINTING A DOCUMENT AND SIGNING IT, THEN SCANNING IT AND SENDING IT VIA EMAIL, WHAT TYPE OF SIGNATURE IS IT?
This question represents another interesting example how new technology can create confusion in the absence of new laws to govern it.
The fact is, without the presence of the paper document with the original wet ink, handwritten signature on it, the electronic copy is nothing more than a basic electronic signature - subject to scrutiny by statutory laws requiring a document to be signed.
Rather than ask a customer to print, sign, scan and email a document, circulate the document via workflow and have it signed using digital signatures, which are far more secure.
Also known as advanced electronic signatures, or trusted electronic signatures.
Across the world, digital signatures are fast becoming the only legally accepted replacement for handwritten signatures, because they offer inherent security - something that cannot be found in either handwritten or electronic signatures.
Digital signatures make use of a technology known as public-key cryptography. Not only does this address non-repudiation in a court of law, it also protects the integrity of documents, making them tamper-evident.
SigniFlow digital signature multi-layer components.
As per the above image, the top layer of a SigniFlow digital signature is an electronic, graphical image, which represents an individual's handwritten signature. This image only has to be captured once, after which the system automatically places the graphic in the signature, each time the user signs.
The top-middle (yellow) layer embeds information about the user and the user's digital X.509 certificate. It embeds the identity of the user, together with the public key needed to verify the signature.
The bottom-middle (red) layer stores security information about the document and the signing ceremony. When the signature is created, an encrypted hash of the document's digital properties is created. Every time the signature is verified, a new hash code of the document is created and compared to the original one. If so much as one character has changed in the document, the hash code will no longer be the same, and the verification will fail.
GLOBAL LEGAL ACCEPTANCE
IDENTITY OF SIGNER
FAQHOW DO I UPGRADE MY DIGITAL SIGNATURE TO AN ADVANCED ELECTRONIC -OR QUALIFIED ELECTRONIC -SIGNATURE?
Advanced Electronic Signatures (AES) and Qualified Electronic Signatures (QES) are standard digital signatures, but with a higher class digital certificate. Depending on your country, these certificates are usually issued in a face-to-face meeting, where the RA (Registration Authority) or IA (Issuing Agent) follows a certain CA's (Certificate Authority) pre-approved process to validate your identity before issuing your AES or QES certificate. These certificates are always stored on a highly secure and protected device, like a FIPS140-2 Level 2 or 3 centralised HSM (Hardware Security Module) server.
SigniFlow can sign with any of these certificates. Once the certificate is issued, you set up your SigniFlow account to point to the location of your certificate. Every time you sign, SigniFlow uses your personal digital certificate to cryptographically sign the document and embed your identity.
World-wide, these types of signatures are the most compliant of all signatures for electronic documents.
Contact us for more info and we will get someone to assist you in your own language.
Verifying a digital signature created by SigniFlow.
Verifying a digital signature created by SigniFlow requires minimal effort.
Open the document in Adobe Acrobat® Reader. The top bar (left) will indicate the validity of the signature. If the document has changed, the signature will be declared as invalid. By opening the little pen icon in the left vertical bar, you can view additional information, like the signer's identity, email and OTP (One-Time Pin) information.
SigniFlow only uses Adobe Approved Trust List (AATL) certificates to sign documents, which means every signature of every signer in the document is a digital signature that can be verified in this way. All signatures are LTV (Long-term Validation) enabled for 10+ years of validity, even after the certificate expires.
You can also find the signature in the document and click on it (right). The signature validation status, containing all of the signatory's information, will pop up. By going into the Signature Properties section, further details of the certificate and encryptions used can be viewed.
Be aware of e-seals
Be aware of the existence of signature providers that claim to use digital signatures, but in fact only use e-seals to digitally sign documents. These only contain ordinary/basic electronic signatures of users.
Digital e-seals have their place, but not as personal signatures. These do not qualify as personal digital signatures and do not conform to Advanced Electronic (AES) or Qualified (QES) Signature standards.
"Certified by" on the top bar of Adobe Acrobat® Reader means the document was signed by an organisational e-seal, not a personal X.509 digital signature.