Written by Ana Canteli on 27 october 2017
In a 100% digital world, there would be no need of printers, scanners or courier services. We wouldn’t need print documents, and the processes would work smoothly from the input devices to all output devices.
This that is reality for leading companies of the market, it is not so for the most of companies; either for their forms, contracts, programmes that are caught in the past century. Waiting for wet ink on paper from death trees.
Most companies face similar challenges: long processing times, delayed response times, slow review and processes, or poor accessibility and sharing procedures.
The e-signature can solve or introduce the necessary improvements to change these tendencies in our daily work with electronic documents.
A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document.
A digital signature scheme usually consists of 3 algorithms;
It is important not confuse the term with the digital certificate. A digital certificate is a “password” that allows a person, PC, company or organization, to exchange information securely over the Internet using the Public Key Infrastructure (PKI).
The Public Key Infrastructure is an electronic document used to prove the ownership of a public key. A Public Key is any cryptographic system that uses pairs of keys: public keys which may be disseminated widely, and private keys which are known only to the owner.
This accomplishes two functions:
In a normal public-key infrastructure (PKI) model, the certificate issuer is a certificate authority (CA), usually a company that charges customers to issue certificates for them. The most common format for public key certificates is defined by X.509. However, like any chain, a public key infrastructure is only as strong as its weakest link.
Another choice to approach to using a certificate authorities to authenticate public key information is a decentralized trust model called a Web of trust. Web of trust is a concept used in PGP, GnuPG, and other OpenPGP-compatible systems to establish the authenticity of the binding between a public key and its owner. Its decentralized trust model is an alternative to the centralized trust model of a public key infrastructure (PKI), which relies exclusively on a certificate authority (or a hierarchy of such). In a Web of Trust model, individuals sign each other's keys directly, in a format that performs a similar function to a public key certificate.
Most modern email programs support the use of digital signatures and digital certificates, making it easy to sign any outgoing emails and validate digitally signed incoming messages. Digital signatures are also used extensively to provide proof of authenticity, data integrity and non-repudiation of communications and transactions conducted over the Internet.
With the electronic signature companies can:
The e-signature is a legal concept used to capture a person’s intent to be legally bound by the terms of an agreement or contract.
While a digital signature is a mathematical algorithm. A cryptographic technology used to make data tamper evident, digitally sign of documents.
User adoption is driven by perception of process, trustworthiness and easy of use. But also the emotional and social prejudices are often underrated. Most people is afraid of e-signing as perceived as insecure. We will see in this article that this is untrue.
But think again about the risks of classy paper-based signing workflow. We can find problems from the beginning. From fraudulent forms to forging of signatures itself. After signing, the authorized documents can be subject of sniffing, or manipulation of signatures or content. Fraud attempts may be internal ( in branch ) or external ( paper in transit )
Trustworthy e-signing solutions can significantly reduce the risk of exposure.
The adoption of the e-signatures in our processes provides the following benefits:
The e-signature is based, protected and developed under specific laws and regulations promoted by EU and USA.
In the EU we rely on the elDAS ( electronic IDentification, Authentication and trust Services ) regulation. It removes the previous barriers to cross-border recognition of e-identities & e-signatures. It replaces the EU directive and applies uniformity to all EU member states, starting on July 2016. As regulation, it is automatically part of all member states law, and not open to member state interpretation. The eIDAS is more broader than the directive, defining concepts like e-delivery, time stamps, website, authentication, etc.
It promotes the Advances e-signature as widely adopted form of technology, neutral e-signature in the market today. (“can not be denied legal effect and admissibility as evidence solely, because it is an electronic form or does not meet the requirements for qualified electronic signatures”-eIDAS article 25 paragraph 1)
It maintains the qualified e-signature to support clear standards on stronger authentication where needed (“has the equivalent legal effect of a handwritten signature” - eIDAS Article 25, paragraph 2”)
In the United States we count on the UETA ( Uniform Electronic Transactions Act ). It provides the same legal framework in 47 states - Illinois, New York and Washington have alternatives-. The ESIGN ( Electronic Signatures in Global and National Commerce Act ) is a federal law to facilitate the use of electronic records and electronic signatures in interstate and foreign commerce; by ensuring the validity and legal effect of contracts entered into electronically.
Both laws legalizes electronic records and electronic signatures with respect to existing laws and regulations.They shows a technology neutral approach and covers contracts, records, disclosures and other documents required by law. They cover legally electronic delivery, retention, accessibility and notarization of electronic records.
The Uniform Commercial Code has been revised to align with ESIGN and UETA requirements. The article 9 enables sale, securitization, syndication of financial instruments, requiring unique original. ( “Contract or signature may not be denied legal effect validity or enforceability solely because it is in electronic form”)
We can become the implementation of the e-signature as an improvement opportunity throughout the company. To do so, we should establish an improvement process.
Through the OpenKM KCenter Platform, we can meet the special interface requirements of users and business processes.
E-signing has synergies with mobile ID, document composition, capture and preservation; workflow processing and management, as well as data integration via business process automation. The document management system of OpenKM can capture the information coming from multichannel sources, thanks the SDK'S in Java, PHP and.NET, that enable the integration of the document management software, with other applications that contain electronic documents to be signed. It is able to extract and verify the content of documents thanks the OCR engine and Text Extracted features, embedded on the system.
The e-signature is just a part of a whole signing process; often embedded into an overall use case, based on business process workflow. The enterprise content management of OpenKM offers a workflow engine inserted, that is able to support the most sophisticated business processes, inserting at the same time the digital signature step on them.
OpenKM provides a signature client that allows companies use the type of signature ( digital signature, electronic signature, advanced e-signature, qualified e-signatures ) most convenient to the purposes of the organizations and to the requirements of the users and customers.
The signature client of OpenKM let us sign the electronic documents already stored in OpenKM or inserting them, at the same time that we e-sign the documentation.
The Activity log of OpenKM provides detailed audit trail of every action performed over the file, included the event of signing, being able to following all the electronic transactions within the document .The Signature Client of OpenKM can serve too as a timestamp, as it registers reliably when the document has been signed, who has do it and how.
The signature client of OpenKM can be used to apply the tamper proof protection, because it helps to maintains the integrity of the document's content as each person sign.
In our personal lives, we are willing to e-sing, because it facilitates very much and makes easier the purchase of products and the hiring of services. But in our business we are reluctant. It is time to take the first step and bring the e-signing capabilities into our information ecosystem to benefit from the advantages that the e-signatures provides to all members of the society.
North America: Please call +1 646 206 6071.
Office Hours:
Monday - Friday: 08:00 am - 17:00 pm EDT for immediate assistance. Currently, it is Saturday 10:48 am in New York, USA.
Europe Spain: Please call +34 605 074 544.
Office Hours:
Monday - Friday: 09:00 am - 14:00 pm, 16:00 pm- 19:00 pm CEST for immediate assistance. Currently, it is Saturday 16:48 pm in Palma de Mallorca, Spain.
OpenKM worldwide: