E sign Requirements - How to make sure an esignature is valid

Remember about 15 years ago talking about the ‘paperless office’ and what a
great idea it was; not just because of the climate change benefits, but also
because it was just really convenient. At that time, it was fairly nascent, we
had all embraced software that created digital documents, but some of the
operations of using electronic communications were still a little…’out of the
ark’.
Now, we are in a much better place. We have more seamless and connected
document handling, and Cloud based creation and control of documents – in fact
I am writing this using Google docs so I can access it from anywhere, using any
device, as long as I log in. However, the paperless office is still not quite there. In a
report by Fujitsu, they found that 62% of organizations said that their paper
consumption has remained the same, if not increased. There may be many reasons
why the paperless office is more like the ‘almost, but not quite, paperless office’. At
ApproveMe we believe that one of those is that documents are not just typing on a
page, they are interactive, often requiring sign-off. However, adding esignatures to
an electronic document needs to be done so that they are valid. In this article we
will look at what makes an esignature valid, and how this can take, at least some of
the paper burden, off the shoulders of commerce.
Technology to make an esignature valid?
Esignatures are applied to a digital document using specialist software
applications. There are a number of methods of applying an esignature but there
are certain technological methods that make an esignature actually valid. The e
sign requirements that make for a truly valid esignature are:
Hashing: This is a mathematical transformation, not quite waving a magic wand,
but almost. Hashing takes the content of a document and creates a ‘hash’ from it –
this creates a unique fingerprint of the data, sort of like its DNA. This hash is then
associated with the document and used later to check the document; you, as the
user of the document, see the content as normal. The neat thing about this, is that
if someone tries to change the document content AFTER it has been signed, the
hash changes and any signatures on the document will become ‘invalid’ – that is
you will see a change has occurred, usually within an audit trail or the esignature
itself may indicate it.
Authentication of the signatory: The person that signs the document needs to
be identified as being, who they say they are. In the real world this is usually done
by a notary checking an identity document, such as a driver’s license.
In the digital world, this is done using a digital certificate. Digital certificates are
issued by companies called ‘certificate authorities’ and certificates represent a digital
version of you. They are composed of two main parts, a private key (that is never
revealed but used to encrypt things) and a public key which is used to decrypt
something encrypted using the matching private key. It’s like the digital version of
ying and yang.
Encryption: The document hash is encrypted using the private key of the certificate
of the user; this makes the actual digital signature or esignature. A timestamp is also
associated with the signature at the point of adding it; this is important for nonrepudiation. If you check any of the esignatures on a contract, they will only show
as valid IF the hash hasn’t changed. Remember the hash is equivalent to the content
at the time a signature is applied. If that content changes, the hash changes, and so no
longer matches – this sets the signature as invalid.
Laws to make an esignature valid
Hopefully you’ll never end up in court over a disputed contract, but if you do, you’ll
want to make sure that the effort you have put into making your contract process fully
digitized is worthwhile.
Fortunately, there are laws governing the use of esignatures. In the USA there is
the ESIGN Act. This act, which came into law in June 2000, sets out what criteria
an esignature needs to meet to be upheld in a court of law. The following esign
requirements will protect your esignature reputation:
All signatories need to have access to the signed file. So for
example, ApproveMeallows you to create a document portal using your own
WordPress website. The portal is where all contracts and documents reside.
Anyone associated with a document can then be given access to it through this
portal.
All parties must agree to the use of an electronic signature in any given
transaction
You must be able to prove document integrity (this is where the hash and the
encryption come in)
You must be able to prove the identities of the signatories (this is where the
digital certificate and sometimes sign in credentials come in)
Other countries have similar laws set up to encourage and make legal the use of
esignatures, for example in Europe you have the eSignature Directive
(1999/93/EC).
Making it count
Esignature software, like ApproveMe uses the three parts of e signing
requirements to create securely signed digital documents that are compliant with
laws like ESIGN.
However, to make e signing seamless and easy to use, you need to build a process
around the whole contract creation and signing event; in other words you need to
have more that just the basics. ApproveMe offers you an esignature platform,
which gives you contract templates, allows you to manage the lifecycle of those
documents and contracts, and apply multiple, secure e signatures to them. It also
gives you a full audit trail of the process so you can spot any anomalies and make
sure that if you do end up in court with a contested contract, you have all the
evidence you need to make sure you win. We may not quite be paperless yet, but
with secure esignature technologies we have no real excuse to not be.
Article Resource: https://www.approveme.com/e-signature/e-signrequirements-make-sure-esignature-valid/