A Bit of Background
The advent of document management systems (DMS) in the 1980's had begun the process of improving the manageability and efficiency of document workflows through electronic means. Later improvements to these software brought about electronic document management (EDM) systems, that allowed the workflow to occur almost entirely on the computer, reducing the need for physical storage space, tedious searching, and resulting paper waste. Unfortunately, one key step in this process remained stubbornly unchanged from antiquated paper-based methods, reducing some of the more notable benefits of the new, electronic method of document management: signatures.
Signing documents has long been an accepted way of confirming the authenticity and ownership of written documents. In the western world, especially, the hallmarks of a true signature include a idiosyncratic, cursive font that is oftentimes elaborated with so many flourishes as to be nigh unreadable. This means that signatures, by nature, have traditionally been handwritten.
Obviously, this requirement puts a speed bump in the otherwise smooth electronic workflow. It requires the document requiring a signature to be printed out, manually signed by someone authorized to do so, and then scanned back in to the software before it can continue along its way. This results in wasted time, wasted paper, and wasted money. Unfortunately, many people believe that there is no way around this complication, seeing as signatures are assumed to be handwritten by nature, and continue using this inefficient method. Fortunately, this belief is completely unfounded.
Introduction to Electronic Signatures
Electronic signatures, also known as e-signatures and e-sigs (not to be confused with e-cigs), are the digital versions of the typical calligraphic autographs that are traditionally used to authenticate documents, thus bypassing the need for paper copies. The concept is actually older than most people assume, with telegraph signatures being recognized by common law as early as the mid-19th century and faxed signatures becoming valid in the 1980's, despite being reproductions rather than originals. Other forms of electronic signatues include PIN's at ATM's, checkboxes to agree to terms of service when installing software, and digital signatures pads used at supermarket registers. All of these serve the same functional equivlanet as a signature without actually putting pen to paper.
When it comes to document management software, methods of applying a digital signature in a workflow vary. Common methods include:
- Applying a saved image of a signature to the document after entering a password
- Signing a connected input device such as a touchpad to transfer the signature
- Applying a digital signature with assymmetric cryptographic validation (see below)
Either way, the process is faster and easier than printing and scanning, and it saves on both paper and hardware costs, making it an obvious choice for efficient ECM systems.
Legality of Electronic Signatures
Many countries have laws recognizing valid electronic signatures as having the same legal consequences as traditional ones. These include the United States, the various component countries of the European Union, Australia, Brazil, and India, among many others.
In 1996, the United Nations published the UNCITRAL Model Law on Electronic Commerce, and the year 2000 saw the ESIGN Act (Electronic Signatures in Global and National Commerce Act), which stated that a contract or signature "may not be denied legal effect, validity, or enforceability solely because it is in electronic form". Article 9/Paragraph 3 of the United Nations Convention on the Use of Electronic Communications in International Contracts (2005) internationally established functional equivalence between electronic and handwritten signatures.
Digital vs. Electronic Signatures
Officially, there is a difference between electronic and digital signtatures, but this differentiation in terminology is not always adhered to, even by software developers, so it is suggested to find out the exact features of the product before making an assumption based on wording alone.
The difference is that, officially, digital signatures are a subset of electronic signatures. Whereas an electronic signature is any type of electronic means that indicates that a person approves the contents of a document, a digital signature is a type of electronic signature that uses a mathematical scheme for demonstrating the authenticity of a digital message. In other words, a digital signature uses public-key cryptography, also known as asymmetric cryptography, to ensure that the document and signature has not been tampered with, even when sent through an unsecure channel.
Properly implemented digital signatures are more secure than regular electronic signatures and are even more difficult to forge than the handwritten type. Digital signatures can also ensure that the signer cannot claim that they did not sign a message without admitting that their private key has been compromised. Some digital signatures offer a time stamp, so that even if the private key is exposed, earlier signatures remain valid.
A digital signature usually consists of three different, but interrelated algorithms:
- Key generation algorithm to produce the private key and a corresponding public key
- Signing algorithm to produce a signature, given valid private key and message
- Verifying algorithm to check the authenticity of a signature, given message and public key
The authenticity of a signature generated from a particular message and the corresponding private key can be verified by using the appropriate public key. It is computationally infeasible to generate a valid signature for a party without knowing that party's private key.
Software that includes E-Signature Capability
ScanStore offers a number of products that support electronic signatures, including:
Digitech Systems PaperVision Enterprise allows users to include a validated electronic form or signature with a document as part of a review or approval process, with built-in security measures.
CompuThink Contentverse includes an "electronic signature capture" module, which enables users across the system to enter their signature into a secure data bank (featuring a unique username and password for each user) within the program, and can pull it up (once their identity is validated) to apply to documents as needed.