Digital signatures – not to be confused with electronic signatures such as scanned-in bit map images – are being adopted by businesses all over the world, gradually displacing pen and paper processes.
Why? Proponents cite a raft of benefits: security, resistant to fraud, compliance with a wide variety of legislation and standards, less time wasted collating signatures, reduced costs around paper, print and transporting documents for signing, plus integration with workflow, BPM, ECM and document management systems.
Ronan Lavelle, UK Country Manager of ARX, talks us through the facts, the benefits and some implementation advice.
TechRadar Pro: What are digital signatures and how long have they been around?
Ronan Lavelle: Digital signatures make it possible to sign documents while keeping them digital, portable and secure at all times. Once a document has been digitally signed, it becomes tamper-proof so that the signatures are invalidated if it is changed.
They've been around for a few years now and are compliant with a wide variety of international and local legislation and compliance requirements. In fact, just about the only document you can't sign digitally at the moment in the UK are related to probate and wills.
TRP: So what are the differences with this and electronic sigantures?
RL: The terms "electronic signature" and "digital signature" describe two very different technologies, yet they're often used as interchangeable terms. An electronic signature can be as basic as a typed name or a scanned image of a handwritten signature that is attached to the signed electronic record.
Because they lack measures for preventing forgery and information tampering, electronic signatures are very problematic in terms of maintaining security and integrity.
Electronic signatures can be provided by externally-managed, third-party services using proprietary technology, creating serious security, portability and usability limitations.
A digital signature, also known as an advanced, standard or secure electronic signature, is based on globally accepted Public Key Infrastructure (PKI) standards and provides the highest levels of security and universal acceptance.
Digital signatures are the result of a cryptographic operation that creates a 'fingerprint' unique to both the signer and the content, so that they cannot be copied, forged or tampered with.
This process provides proof of signer identity and data integrity for eliminating the possibility of anyone repudiating the signed documents. All this information can be easily verified using widely available applications such as Microsoft Office and most PDF readers.
TRP: What's wrong with old-fashioned paper-and-ink signatures anyway?
RL: Signatures play a much bigger role in business life than most of us realise. Research by AIIM found that worldwide, around half of organisations surveyed print documents just to get a (valid and legally enforceable) signature, and that number rises to 80 per cent in the UK, according to YouGov (YouGov research, Oct 2013).
All kinds of problems are created as soon as a document is printed out for signing. For a start, this breaks any 'end to end' processes that are in use, which defeats the purpose of automation and the push toward a paperless office.
These breaks easily lead to errors, regardless of whether the final version is kept as paper or is scanned back into the system.
Also, printing and routing documents for signing takes time and costs money: I know of one instance when a 20Kg box of documents was couriered to someone in Brazil who had to return them once they were signed, wasting significant amounts of both time and money. In fact, AIIM reckons that collecting 'wet ink' signatures adds on average 3 days to most processes.
Finally, there have been some high profile instances of fraud which was based on how easy it is to copy pen and paper signatures. Basic electronic signatures are arguably no more fraud-proof than manual signatures, but digital signatures are designed to overcome any security concerns.