Digital is mightier than the pen
Parties entering into a contract or a workflow process where one or more approvals are required use digital signatures in the same way as handwritten signatures in the physical world. But digital signatures are also used for software distribution, financial transactions and other cases where it is important to detect forgery or tampering.
Digital signatures provide confidence that the material does indeed come from the apparent originator. Enabled by secure technologies such as public key infrastructure (PKI) and hashing algorithms, digital signatures are widely recognized as a best practice for providing digital verification of electronic transactions.
Digital signature, digital validation
The digital signature allows those involved in a transaction to commit to the terms of the agreement. It replaces the traditional pen and ink signature and carries the same legal weight. Digital signatures ensure:
Any modification to a signed document can be detected, protecting the document integrity
The document's author is reliably identified, ensuring strong authentication
The originator cannot deny having signed, guaranteeing non-repudiation.
The receiver of the digitally signed document can use digital signature validation to verify the authenticity of the document, which ensures that the terms have not been altered and that the correct person approved them.
Digital proof ensures transaction security
For certain transactions there is a need to be able to establish a proof that will act as the ‘memory' of the transaction. In the event of litigation, the organization will be able to produce proof of the agreement, and so defend itself.
A digital proof file is generated during each secured transaction, and includes:
Business data: The document(s) signed (e.g. contract, amendments) and attachments (e.g. terms and conditions, technical descriptions)
Trust data: The digital signature, digital proof of strong authentication, digital proof of digital signature verification, the strong authentication factors used, the PKI used, and so on.
In order to protect its integrity, a time-stamped digital signature seals the digital proof file. Next, to conserve its legal value, the digital proof must be preserved using a digital archiving system. In most cases, digital proof must be kept for at least five years, which is easily done from a technical standpoint.