E-Signatures or Digital Signatures? Celebrating National Cyber Security Awareness Month!

Posted by John Harris

cyber security monthHello everyone! Happy National Cyber Security Awareness Month! Yup, it’s that time of year again for bringing attention to the ever-present threat from malware, scammers and fraud. I have to wonder…is this a time you celebrate, or rather one where you cower in fear in front of your monitor? Hmm.

In any case, it’s a great time to talk about how we at SIGNiX take the security and assurance of your electronic signatures and documents very seriously. We recognize that e-signatures can make transactions speedy and convenient, but we can’t lose sight of the fact that signatures are also essential to the legal legitimacy of your organization.

With that in mind, this month we’ll be covering a number of topics that relate to how the SIGNiX digital signature service builds security and assurance into each electronic signature, and how your organization benefits. First up…digital signatures themselves.

It seems like everywhere you turn in the e-signature world these days folks are talking about digital signatures. However, not everyone really means ‘digital signatures.’ You see, digital signatures are non-proprietary, standards-based cryptographic tools meant to tie the identity of a signer with a document (data) to be signed, and produce tamper-evidence and integrity on said documents. “Digital signature” is an actual defined technical term that gets misused constantly. Most e-signature vendors use proprietary methods to tie the signer to a document, use incomplete tools to produce tamper-evidence, and tie document integrity to their website, meaning that you have to check back with the vendor to validate signatures. Can we say, “Vendor lock-in?”

Your organization’s documents belong to you…not the vendor who sells you the signature tools. Pen manufacturers aren’t on the hook for your document signatures, so why should these vendors? Moreover, inadequate and inconsistent means of tamper-evidence can turn into a real boondoggle when e-signed documents need to be validated in court. Do you really want to be on the hook to explain the proprietary signatures and processes? What if these vendors go out of business? What happens to your documents then?

SIGNiX has used true digital signatures since we started as a business nearly ten years ago because we recognized a key truth in business technology: sometimes you need to be both convenient and secure…not just one or the other. We combine the ease-of-use of a traditional e-signature service (no software/hardware to install, all accessible via your web browser) and then combine that with the security and assurance provided by digital signatures.

We understand that documents aren’t just transitory bits of information, rather they are in fact vital DNA for your business. We apply a standards-based digital signature for each and every signature and initial on the document. This means:

1. You can track the integrity and status of the document at each point in the signing process with free PDF viewers. The screenshots below show a document after three signatures (left image). With the PDF software you can easily see what the first signer was looking at when she signed (right image).

ViewSignedVersionViewSignedVersion2 

2. Each signature on the document is represented by a digital signature in the PDF. No inconsistencies. The screenshot below shows three signatures on the document and three signatures in the signatures panel on the left.

Three digital signatures

 

 

 

 

 

 

 

 

3. Any change in the document, even changing the capitalization of a word, will trigger the PDF viewer to notify you of a change. The topmost image below shows the original, valid document. The image below it shows the change in validity (see the red X icon?) with just a simple change in capitalization on the word 'American.'

valid digital signature

invalid digital signature

4. You can store your documents yourself without having to rely on us; digital signatures and their validation information travel with the document and aren’t inherently tied to our website.

5. Your documents may need to be trusted for five, ten, maybe even twenty years. With SIGNiX, signatures are timestamped and based on actual, published standards so you can validate those signatures at any time into the future. Try that with a standard e-signature!

    Digital signatures are a major piece of the security puzzle for SIGNiX, but not the only one. Next week we’ll cover the SIGNiX audit trail and show you how that event history can provide you a highly detailed evidentiary view of any transaction.

    If you’d like to see SIGNiX electronic signatures in action, please click the button below to sign up for a demo. 

    book a live demo

     Oh, and before we go…a quick web security tip!

    BlogTip1 resized 600

    Get a Digital Signature Quote Now

    GET A QUOTE

    Posts by Topic

    see all

    Subscribe for updates