How Do You Verify Digital Signatures in Electronic Documents?

Document Management
Typography
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

If your company needs to securely manage signed documents, secure digital signature capture could be the answer.

 

In today's world, where people are constantly signing their names on an electronic signature pad at stores, restaurants, and other establishments, what methods can be used to ensure that a digital signature is authentic, and how do companies keep that information safe and secure ? This article explores physical signature capture, which is a key method of keeping signatures safe in the ever-expanding world of digital signature capture.

 

Digital signatures generally come in two forms: digital certificates, which are Internet-based files issued to allow a person to sign a document, and physical signature capture from signature pads, which is generally referred to as "digital signature capture" or "electronic signature capture."

 

One definition of a digital certificate signature is as follows: a digital signature on an object is created by using a form of cryptography and is like a personal signature on a written document. A digital signature provides proof of the object's origin and a means by which to verify the object's integrity. A digital certificate owner "signs" an object by using the certificate's private key. The recipient of the object uses the certificate's corresponding public key to decrypt the signature, which verifies the integrity of the signed object and verifies the sender as the source. Another way to think of it is like sealing an envelope for mailing. You seal a document before it is sent, and the seal is broken by the recipients only if they have the correct digital certificate or password on the receiving end.

 

Using digital certificates is not really a very practical way of managing the capture of physical signatures because an electronic certificate must be issued by a trusted online certificate provider. Digital certificates must also be managed in the Web browser or a repository called a "key store." This typically becomes unwieldy for an end user to set up and use. Digital certificate use is also typically limited to Internet-based applications, which don't translate well to physical signing in a retail or warehouse environment, where merchandise is picked up and delivered.

 

A more conventional or generally used definition of a digital or electronic signature is as follows: a digital signature is a signature that is applied to a document by using a physical representation of the signer's signature. A digital signature is applied to a document when the signer writes his name on a digital signature capture tablet or some other signing device that can be used to capture a representation of the signature. Once captured, the signature is applied to the appropriate electronic document format.

 

For most practical business applications, the physical signing process is the most useful. Let's look at an example. There are many businesses out there where customers or truck drivers are picking up merchandise at a storefront location or from a warehouse. The typical process goes something like this: a customer or driver comes in to pick up some merchandise. Multiple copies of an order, invoice, or bill of lading document are printed for signatures. Each copy is then signed. The customer or driver takes one copy. The store or warehouse employees file another copy locally and then ship yet another copy to corporate headquarters, where the final copy is scanned into an imaging system or simply filed manually.

 

Let's see how using digital signature capture might streamline and secure this process. In a streamlined merchandise pickup scenario, the customer or driver would enter a store or warehouse to pick up merchandise. He would visually review a copy of the order, invoice, or bill of lading document on a monitor at the pickup counter. Then he would simply sign his name on a signature capture pad and click a button to confirm the signature. He could also possibly place notes on the document prior to signing that notate that broken or defective merchandise was picked up. After signing, the counter operator would click the application's print button to print a single copy of the appropriate documents already signed. Then a copy of the merged documents with signature applied could be manually or automatically saved to a network folder or to the customer's electronic document-management software and made available immediately and securely for customer requests.

 

The above signing scenario could also apply to several other industries, such as banking, where customers are signing loan and account application documents. Merchandise delivery drivers could collect signatures and print receipts right away for a customer or instantly email a signed receipt after a transaction document is electronically signed. Retail customers could get a signed copy of their receipt as soon as the transaction is completed, and the store could have an instant electronically signed copy instead of relying on the paper transaction. Hospital patients can sign their admittance documents. Quality control departments can facilitate electronic approvals for manufactured products and materials. Any application where a physical signature is captured today is an ideal candidate to turn into an electronic signature–based process.

 

You now understand some of the various applications for capturing physical signatures, but how do you ensure that the signature data is stored safely and kept secure? The most important way to ensure that an electronic signature is authentic is to never store the signature separately from the final document it belongs to. An example of this might be when a customer at a store or restaurant signs an electronic signature pad to complete a transaction. The signature could be instantly applied to the receipt document and printed for the customer. Then an electronic copy of the document could be automatically saved for recall. Today, most retail and other point-of-sale (POS) systems simply store the signature data separately from the actual transaction data.

 

With so many file formats available, only a few document formats are really amenable to electronic signing. The two main signable document formats are TIFF and PDF. The reason that TIFF and PDF documents are so conducive to signing is that a signature can be captured from an electronic signature pad or signature server software and can be easily merged into the final document, creating a single composite final-form copy of the document with a signature on it. By burning the signature image into the final-form document, the signature cannot be re-used or hijacked because the immutable image has been burned into the original document. Verifying the document authenticity is as simple as opening the document and viewing the completed, signed document. The merged document can then be reprinted or stored in an electronic document management system, in Microsoft SharePoint, or on a Windows file system. The electronically stored copy of the document becomes the official record of the transaction. Because PDF and TIFF documents can be date/time stamped, the timing of the document creation can also be recorded within the document. PDF also has added benefit in that the files can be password-protected and encrypted if desired for an added level of document security.

 

In a corporate environment where documents are signed over and over by the same person during the day and passed between departments, it might be desirable to store a copy of an employee signature on an electronic signature server where the original signature image is password-protected and encrypted. Instead of physically signing each document, the signer opens a document in the appropriate viewing application and signs it by entering a password that applies a visual representation of the signature to the selected document and applies it into the document image. This can be highly useful in a quality control environment or a banking or financial environment, where several documents must be signed and approved by a worker on a daily basis. Since a signature server also burns the image into the final-form document, the signature is immutable and cannot be easily removed from the document.

 

Another application for a signature server would be to store electronic signatures that can be automatically applied to checks and other documents that are generated by a company. This is a great scenario for merging a securely pre-captured signature to a form document to create a final signed document. Another great use for pre-captured signatures is generating accounts payable, payroll, or other checks within an organization. For use with automatic check generation, signatures can be pre-captured and encrypted or stored on a secure USB thumb drive. Signatures, MICR fonts, and check numbers are applied electronically as checks get generated. Most modern form products allow users to automatically apply one or more signatures to a check, based on dollar amount thresholds or other specific criteria, thus eliminating the need for management teams to physically sign every check document that gets generated.

 

When setting up a secure document signing environment, you will usually purchase signature capture pads from vendors such as Topaz, Ingenico, Verifone, or others. Ingenico and Verifone not only have the ability to capture signatures, but also are commonly used to capture credit and debit card information for electronic transactions. The same signature pad can be used for both purposes. Next, you will purchase signature capture software that utilizes the signature pads to collect signatures and apply the signatures to the appropriate documents.

 

There are several general and industry-specific applications in the marketplace to facilitate document signing and serving up secure electronic signatures to users who spend their days signing lots of documents. Make sure to research available solutions completely before making a purchase decision. You will want a signature capture solution that meets your needs today and as your needs grow.

 

If your company captures a lot of signed documents and has a need to securely manage the signed documents along with signatures, you could likely benefit from secure digital signature capture.

as/400, os/400, iseries, system i, i5/os, ibm i, power systems, 6.1, 7.1, V7,

BLOG COMMENTS POWERED BY DISQUS