John Marchioni is currently the Vice President of Business Development at ARX - The Digital Signature Company. John has over 20 years experience in US and international high-technology markets creating partnerships through strategic sales, technology licensing and large-scale systems-integration projects.
8 Tips for Selecting a Digital Signature Solution
As the traditional “paper-based” world gives way to digital documentation and transactions, enterprises are demanding innovative solutions for digitally signing and authenticating such documents, files, and forms with iron-clad protection against forgery. Solutions must guarantee non-repudiation and promise the same level of security and trust that exists with conventional documentation. At the same time, such a solution should be simple to use, easy to deploy and offer a rapid Return on Investment (ROI). With the rise of global digital businesses, transactions and documents may need to be signed by many people in different parts of the world. Users should be able to sign documents directly from their desktop or via a zero technology footprint using any web browser.
Digital signature solutions should be able to: 1) Verify recipients outside of an organization; 2) Enable employees to sign documents while traveling; 3) Enable cross platform capabilities; 4) Enable the use of numerous applications, such as Microsoft Word®, Adobe Acrobat®, and TIFF images.
1. Sealing Documents
Digital signature systems should allow you to seal the document using standard technology, allowing you to add your graphical signature to the document.
Some solutions add a graphical signature image to any document created in Microsoft Word. This signed document can be easily changed by any recipient while the graphical electronic signature remains intact. This security flaw opens the door to fraud and forgery. The solution used has simply placed a digitized “picture” of the signature on the document, it doesn’t seal the document, verify the authenticity of the person signing, or guarantee the transaction cannot be altered.
In the traditional paper world, transactions are validated by signing them either on an accepted form, such as a check, or in front of a trusted third party. A notary or lawyer, then “stamps” the signatures, so that they cannot be changed. In the virtual paperless world, digital signatures must perform the same function. A digital signature must be able to seal any electronic document and guarantee that it is tamperproof. It uses a one-time “fingerprint”, unique to both the signer and the document to ensure that the signer is indeed the originator or owner of the document. This “fingerprint” cannot be reused or reassigned and proves that the message has not been altered in any way.
2. Multiple Application Support
A digital signature system needs to support multiple applications. Many electronic signature systems enable the signing of documents created with the most commonly used applications, such as Microsoft Word or Adobe Acrobat. However, many electronic signature systems do not support popular applications like AutoCAD, ERP, and others. Traditionally, when signing paper documents, it doesn't matter what type of document it is, be it a form, an invoice or a typed contract. The paperless world requires the same flexibility.
3. Multiple Signatures
It should be possible for more than one person in more than one place to sign a document. There are some electronic signature systems that only allow one signature and when the document has been signed and sealed, and it is impossible to add more signatures.
Traditional document-intensive organizations, such as insurance companies or financial institutions, have large volumes of many different types of documents that must be processed every day. Many of these documents must be reviewed, approved and signed by more than one person. In some cases, one part must be approved by one signatory while another section needs approval by a different person. With a traditional "wet" signature, it is a simple matter of signing or initialing any place in the document. In the virtual world, an effective digital signature system should enable "sectional signing", which allows signatories to edit and sign their portion of the document.
To be considered legally binding, documents and transactions – paper-based or electronic – must meet many basic requirements and strict standards. A digital signature solution must meet the same criteria as a “wet” signature. These include the following basic requirements:
- Authenticity – the signature can be authorized by a secure process.
- Integrity – any tampering during transmission can be detected.
- Privacy – the signature cannot be accessed by unauthorized sources.
- Enforceability – the signatures must be verifiable by all parties.
- Non-refutability – the signature cannot be denied or disavowed.
The first two requirements prove that the recipient and the sender are authentic and authorized to perform this transaction. The next two provide methods to prove that the message content is authentic and that the recipient can be certain that the data has not been altered or lost in transit. The last important requirement is that the message must be able to “stand up in court”. Referred to as “non-repudiation”, this means that the digital signature must ensure that the parties involved in the transaction cannot deny sending the message or its contents. In addition to the above general requirements, some industries such as finance or pharmaceutical have specific requirements.
An effective digital signature system should ensure transportability. If a company implements a digital signature solution and sends a signed document to a client who has not installed the same digital signature system, they will not be able to verify the document. In the traditional paper world, signed documents sent to third parties can be read and understood without a problem. In the paperless world, however, documents must be recognized by the software application. To be truly versatile, a sender must know that a digital signature will arrive unaltered anywhere in the world and that it can be easily verified without the need for complicated, proprietary third party applications.
6. Seamless User Sign-Up
In the traditional paper world, people who need to sign documents are identified in one of several ways: via a signature card, in-person or through a photo ID. In the virtual paperless world, signatories register electronically and obtain a digital certificate. The certificate provides electronic identification similar to a birth certificate or a passport. Digital certificates contain information about the user, such as the certificate holder's name, e-mail address and other specific identifying information. Digital certificates verify that the user is who he or she claims to be. Certificates are generated by the Certificate Authorities (CA) immediately after the identity of the user is validated. Once a digital signature system has been deployed, it should be both simple to use and as transparent as possible. Neither the users, nor the IT person, should be aware of how a certificate is generated or maintained.
7 -- Simple-to-Use
In the traditional paper world, signing a document is simple, intuitive and quick. In the virtual paperless world, signing a document should be just as easy. It should take no more than 10 seconds or 1-2 mouse clicks – to ensure that the document is signed, sealed and legally compliant. Users should not be required to learn new technologies or require assistance from a Help Desk.
8 -- Total Cost of Ownership
Traditional paper signing leaves mountains of paperwork. This requires physical storage in archives that often mushroom to warehouse proportions. To reduce costs and improve efficiency, companies should move into the world of electronic processes. Standards-based digital signature systems enable companies to become totally paperless. However, when considering a digital signature solution, it is important to look into the potential hidden costs. Many traditional digital signature systems are difficult to deploy. They involve complicated software requiring a heavy investment in IT support and development. Sometimes, a Help Desk needs to be created or additional staff employed to support the system. Other costs that need to be checked include registration and renewal fees for digital certificates, cost for smart cards, etc.
Some other posts that may be of interest: