After relying on ink signatures for decades, highly regulated industries like real estate, financial services, healthcare, banking, and government have finally begun to adopt paperless workflows in the past several years. As these industries enter a phase of mainstream adoption, they must ensure that data and legal evidence is reliably captured, efficiently processed, and independently available for years, decades, or even generations.
True digital signatures—such as those enabled by the SIGNiX platform—provide the highest levels of security, data privacy, and legal evidence capture available. But how exactly does a digital signature outperform simple, proprietary e-signature at the technological level?
Public Key Infrastructure
Public Key Infrastructure—PKI for short—is the technological underpinning of digital signatures. PKI uses asymmetric key-pair encryption, meaning that for a digitally signed transaction, two cryptographic keys are generated. This key pair is comprised of a public key and a private key. The public key may be shared freely, as this key does not need to be kept confidential. The private key, on the other hand, must be kept secret. The owner of the key pair must guard her private key closely, as sender authenticity and non-repudiation are based on the signer having sole access to her private key. A Certification Authority confirms and verifies the identity of an individual before issuing a digital certificate.
There are a few important characteristics of these key pairs. While mathematically related to one another, it is impossible to calculate one key from the other, i.e., the private key cannot be compromised through knowledge of the associated public key. Next, each key in the pair performs the inverse function of the other. What one key does, only the other can undo. The private key is used for signing and decrypting a message or a document while the public key is used to verify or encrypt.
There are 7 basic steps that are taken in this process:
- An Individual applies to Certification Authority for Digital Certificate.
- CA proofs and identifies the individual and issues Digital Certificate.
- CA publishes Certificate to Repository.
- Individual digitally signs electronic message with Private Key to ensure Sender Authenticity, Message Integrity and Non-Repudiation and sends the message.
- The receiving party receives message, verifies Digital Signature with the individual's Public Key, and goes to Repository to check status and validity of Individual's Certificate.
- Repository returns results of status check on Individual's Certificate to verifying party.
- Digital certificates
There is a great need for improved cybersecurity with regard to electronic signatures. Higher education, for example, faces significant risks of attacks, viruses, and spam on a daily basis. Not only would the broad adoption of digital signatures protect sensitive information transacted online, cost savings in paper, filing, ink, and shipping costs would be substantial.