An electronic signature, or e-signature, is
data
Data ( , ) are a collection of discrete or continuous values that convey information, describing the quantity, quality, fact, statistics, other basic units of meaning, or simply sequences of symbols that may be further interpreted for ...
that is logically associated with other data and which is used by the
signatory to sign the associated data.
This type of signature has the same legal standing as a handwritten signature as long as it adheres to the requirements of the specific regulation under which it was created (e.g.,
eIDAS
The eIDAS Regulation (for "electronic IDentification, Authentication and trust Services") is an regulation (European Union), EU regulation with the stated purpose of governing "electronic identification and trust service provider, trust service ...
in the
European Union
The European Union (EU) is a supranational union, supranational political union, political and economic union of Member state of the European Union, member states that are Geography of the European Union, located primarily in Europe. The u ...
,
NIST-DSS in the
USA
The United States of America (USA), also known as the United States (U.S.) or America, is a country primarily located in North America. It is a federal republic of 50 states and a federal capital district, Washington, D.C. The 48 contiguous ...
or
ZertES in
Switzerland
Switzerland, officially the Swiss Confederation, is a landlocked country located in west-central Europe. It is bordered by Italy to the south, France to the west, Germany to the north, and Austria and Liechtenstein to the east. Switzerland ...
).
Electronic signatures are a legal concept distinct from
digital signatures, a cryptographic mechanism often used to implement electronic signatures. While an electronic signature can be as simple as a name entered in an electronic document, digital signatures are increasingly used in
e-commerce
E-commerce (electronic commerce) refers to commercial activities including the electronic buying or selling products and services which are conducted on online platforms or over the Internet. E-commerce draws on technologies such as mobile co ...
and in regulatory filings to implement electronic signatures in a
cryptographically protected way. Standardization agencies like
NIST
The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into physical s ...
or
ETSI
The European Telecommunications Standards Institute (ETSI) is an independent, not-for-profit, standardization organization operating in the field of Information and communications technology, information and communications. ETSI supports the de ...
provide standards for their implementation (e.g.,
NIST-DSS,
XAdES or
PAdES).
The concept itself is not new, with
common law
Common law (also known as judicial precedent, judge-made law, or case law) is the body of law primarily developed through judicial decisions rather than statutes. Although common law may incorporate certain statutes, it is largely based on prece ...
jurisdictions having recognized
telegraph
Telegraphy is the long-distance transmission of messages where the sender uses symbolic codes, known to the recipient, rather than a physical exchange of an object bearing the message. Thus flag semaphore is a method of telegraphy, whereas ...
signatures as far back as the mid-19th century and
fax
Fax (short for facsimile), sometimes called telecopying or telefax (short for telefacsimile), is the telephonic transmission of scanned printed material (both text and images), normally to a telephone number connected to a printer or other out ...
ed signatures since the 1980s.
Description
The USA's
E-Sign Act,
signed June 30, 2000 by
President Clinton
William Jefferson Clinton ( né Blythe III; born August 19, 1946) is an American politician and lawyer who was the 42nd president of the United States from 1993 to 2001. A member of the Democratic Party, he previously served as the att ...
was described months later as "more like a seal than a signature."
An electronic signature is intended to provide a secure and accurate identification method for the signatory during a transaction.
Definitions of electronic signatures vary depending on the applicable
jurisdiction
Jurisdiction (from Latin 'law' and 'speech' or 'declaration') is the legal term for the legal authority granted to a legal entity to enact justice. In federations like the United States, the concept of jurisdiction applies at multiple level ...
. A common denominator in most countries is the level of an
advanced electronic signature
An advanced electronic signature (AES or AdES) is an electronic signature that has met the requirements set forth under EU Regulation No 910/2014 ( eIDAS-regulation) on electronic identification and trust services for electronic transactions in t ...
requiring that:
# The
signatory can be uniquely identified and linked to the signature
# The signatory must have sole control of the
private key
Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic alg ...
that was used to create the electronic signature
# The signature must be capable of identifying if its accompanying data has been tampered with after the message was signed
# In the event that the accompanying data has been changed, the signature must be invalidated
Electronic signatures may be created with increasing levels of security, with each having its own set of requirements and means of creation on various levels that prove the validity of the signature. To provide an even stronger
probative value
Relevance, in the common law of evidence, is the tendency of a given item of evidence to prove or disprove one of the legal elements of the case, or to have probative value to make one of the elements of the case likelier or not. Probative is a te ...
than the above described advanced electronic signature, some countries like member states of the European Union or Switzerland introduced the qualified electronic signature. It is difficult to challenge the authorship of a statement signed with a
qualified electronic signature - the statement is
non-repudiable.
Technically, a qualified electronic signature is implemented through an advanced electronic signature that utilizes a digital certificate, which has been encrypted through a security signature-creating device
and which has been authenticated by a
qualified trust service provider.
In contract law
Since well before the
American Civil War
The American Civil War (April 12, 1861May 26, 1865; also known by Names of the American Civil War, other names) was a civil war in the United States between the Union (American Civil War), Union ("the North") and the Confederate States of A ...
began in 1861,
morse code
Morse code is a telecommunications method which Character encoding, encodes Written language, text characters as standardized sequences of two different signal durations, called ''dots'' and ''dashes'', or ''dits'' and ''dahs''. Morse code i ...
was used to send messages electrically via the telegraph. Some of these messages were agreements to terms that were intended as enforceable
contract
A contract is an agreement that specifies certain legally enforceable rights and obligations pertaining to two or more parties. A contract typically involves consent to transfer of goods, services, money, or promise to transfer any of thos ...
s. An early acceptance of the enforceability of telegraphic messages as electronic signatures came from a
New Hampshire Supreme Court
The New Hampshire Supreme Court is the state supreme court, supreme court of the U.S. state of New Hampshire and sole appellate court of the state. The Supreme Court is seated in the state capital, Concord, New Hampshire, Concord. The Court is ...
case, Howley v. Whipple, in 1869.
In the 1980s, many companies and even some individuals began using fax machines for high-priority or time-sensitive delivery of documents. Although the original signature on the original document was on paper, the image of the signature and its transmission was electronic.
Courts in various jurisdictions have decided that enforceable legality of electronic signatures can include agreements made by email, entering a
personal identification number
A personal identification number (PIN; sometimes RAS syndrome, redundantly a PIN code or PIN number) is a numeric (sometimes alpha-numeric) passcode used in the process of authenticating a user accessing a system.
The PIN has been the key to faci ...
(PIN) into a bank
ATM, signing a credit or debit slip with a digital pen pad device (an application of
graphics tablet
A graphics tablet (also known as a digitizer, digital graphic tablet, pen tablet, drawing tablet, external drawing pad or digital art board) is a computer input device that enables a user to hand draw or paint images, animations and graphics, w ...
technology) at a
point of sale
The point of sale (POS) or point of purchase (POP) is the time and place at which a retail transaction is completed. At the point of sale, the merchant calculates the amount owed by the customer, indicates that amount, may prepare an invoice f ...
, installing software with a
clickwrap
A clickwrap or clickthrough agreement is a prompt that offers individuals the opportunity to accept or decline a digitally-mediated policy. Privacy policies, terms of service and other user policies, as well as copyright policies commonly emplo ...
software license agreement
An end-user license agreement or EULA () is a legal contract between a software supplier and a customer or End user, end-user.
The practice of selling licenses to rather than copies of software predates the recognition of software copyright, w ...
on the package, and signing electronic documents online.
The first agreement signed electronically by two sovereign nations was a Joint Communiqué recognizing the growing importance of the promotion of electronic commerce, signed by the United States and Ireland in 1998.
Enforceability
In 1996 the
United Nations
The United Nations (UN) is the Earth, global intergovernmental organization established by the signing of the Charter of the United Nations, UN Charter on 26 June 1945 with the stated purpose of maintaining international peace and internationa ...
published the UNCITRAL Model Law on Electronic Commerce. Article 7 of the UNCITRAL Model Law on Electronic Commerce was highly influential in the development of electronic signature laws around the world, including in the US. In 2001, UNCITRAL concluded work on a dedicated text, the UNCITRAL Model Law on Electronic Signatures, which has been adopted in some 30 jurisdictions. Article 9, paragraph 3 of the
, 2005, which establishes a mechanism for functional equivalence between electronic and handwritten signatures at the international level as well as for the cross-border recognition. The latest UNCITRAL text dealing with electronic signatures is article 16 of the UNCITRAL Model Law on the Use and Cross-border Recognition of Identity Management and Trust Services (2022).
Canadian law (
PIPEDA
The ''Personal Information Protection and Electronic Documents Act'' (PIPEDA; ) is a Canadian law relating to data privacy. It governs how private sector organizations collect, use and disclose personal information in the course of commercial bu ...
) attempts to clarify the situation by first defining a generic electronic signature as "a signature that consists of one or more letters, characters, numbers or other symbols in digital form incorporated in, attached to or associated with an electronic document," then defining a secure electronic signature as an electronic signature with specific properties. PIPEDA's secure electronic signature regulations refine the definition as being a digital signature applied and verified in a specific manner.
In the
European Union
The European Union (EU) is a supranational union, supranational political union, political and economic union of Member state of the European Union, member states that are Geography of the European Union, located primarily in Europe. The u ...
, EU
Regulation
Regulation is the management of complex systems according to a set of rules and trends. In systems theory, these types of rules exist in various fields of biology and society, but the term has slightly different meanings according to context. Fo ...
No 910/2014 on electronic identification and trust services for electronic transactions in the European
internal market
The European single market, also known as the European internal market or the European common market, is the single market comprising mainly the member states of the European Union (EU). With certain exceptions, it also comprises Iceland, ...
(
eIDAS
The eIDAS Regulation (for "electronic IDentification, Authentication and trust Services") is an regulation (European Union), EU regulation with the stated purpose of governing "electronic identification and trust service provider, trust service ...
) sets the legal frame for electronic signatures. It repeals
Directive 1999/93/EC.
The current and applicable version of eIDAS was published by the
European Parliament
The European Parliament (EP) is one of the two legislative bodies of the European Union and one of its seven institutions. Together with the Council of the European Union (known as the Council and informally as the Council of Ministers), it ...
and the
European Council
The European Council (informally EUCO) is a collegiate body (directorial system) and a symbolic collective head of state, that defines the overall political direction and general priorities of the European Union (EU). It is composed of the he ...
on July 23, 2014. Following Article 25 (1) of the eIDAS regulation, an
advanced electronic signature
An advanced electronic signature (AES or AdES) is an electronic signature that has met the requirements set forth under EU Regulation No 910/2014 ( eIDAS-regulation) on electronic identification and trust services for electronic transactions in t ...
shall “not be denied legal effect and admissibility as evidence in legal proceedings". However it will reach a higher
probative value
Relevance, in the common law of evidence, is the tendency of a given item of evidence to prove or disprove one of the legal elements of the case, or to have probative value to make one of the elements of the case likelier or not. Probative is a te ...
when enhanced to the level of a
qualified electronic signature. By requiring the use of a
qualified electronic signature creation device and being based on a certificate that has been issued by a qualified trust service provider, the upgraded advanced signature then carries according to Article 25 (2) of the eIDAS Regulation the same legal value as a handwritten signature.
However, this is only regulated in the European Union and similarly through
ZertES in
Switzerland
Switzerland, officially the Swiss Confederation, is a landlocked country located in west-central Europe. It is bordered by Italy to the south, France to the west, Germany to the north, and Austria and Liechtenstein to the east. Switzerland ...
. A qualified electronic signature is not defined in the United States.
The U.S. Code defines an electronic signature for the purpose of US law as "an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record."
It may be an electronic transmission of the document which contains the signature, as in the case of
facsimile
A facsimile (from Latin ''fac simile'', "to make alike") is a copy or reproduction of an old book, manuscript, map, art print, or other item of historical value that is as true to the original source as possible. It differs from other forms of r ...
transmissions, or it may be encoded message, such as
telegraphy
Telegraphy is the long-distance transmission of messages where the sender uses symbolic codes, known to the recipient, rather than a physical exchange of an object bearing the message. Thus flag semaphore is a method of telegraphy, whereas pi ...
using
Morse code
Morse code is a telecommunications method which Character encoding, encodes Written language, text characters as standardized sequences of two different signal durations, called ''dots'' and ''dashes'', or ''dits'' and ''dahs''. Morse code i ...
.
In the United States, the definition of what qualifies as an electronic signature is wide and is set out in the
Uniform Electronic Transactions Act
The Uniform Electronic Transactions Act (UETA) is one of the several United States Uniform Acts proposed by the National Conference of Commissioners on Uniform State Laws (NCCUSL). Forty-nine states, the District of Columbia, and the U.S. Virgin ...
("UETA") released by the National Conference of Commissioners on Uniform State Laws (NCCUSL) in 1999. It was influenced by
ABA committee white papers and the uniform law promulgated by NCCUSL. Under UETA, the term means "an electronic sound, symbol, or process, attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record." This definition and many other core concepts of UETA are echoed in the U.S.
ESign Act of 2000.
48 US states, the District of Columbia, and the US Virgin Islands have enacted UETA.
Only New York and Illinois have not enacted UETA,
but each of those states has adopted its own electronic signatures statute. As of June 11, 2020, Washington State Office of CIO adopted UETA.
In Australia, an electronic signature is recognised as "not necessarily the writing in of a name, but maybe any mark which identifies it as the act of the party.” Under the Electronic Transactions Acts in each Federal, State and Territory jurisdiction, an electronic signature may be considered enforceable if (a) there was a method used to identify the person and to indicate that person’s intention in respect of the information communicated and the method was either: (i) as reliable as appropriate for the purpose for which the electronic communication was generated or communicated, in light of all the circumstances, including the relevant agreement; or (ii) proven in fact to have fulfilled the functions above by itself or together with further evidence and the person to whom the signature is required to be given consents to that method.
Legal definitions
Various laws have been passed internationally to facilitate commerce by using electronic records and signatures in interstate and foreign commerce. The intent is to ensure the validity and legal effect of contracts entered electronically. For instance,
;
PIPEDA
The ''Personal Information Protection and Electronic Documents Act'' (PIPEDA; ) is a Canadian law relating to data privacy. It governs how private sector organizations collect, use and disclose personal information in the course of commercial bu ...
(Canadian federal law)
:(1) An electronic signature is "a signature that consists of one or more letters, characters, numbers or other symbols in digital form incorporated in, attached to or associated with an
electronic document
An electronic document is a document that can be sent in non-physical means, such as telex, email, and the internet. Originally, any computer data were considered as something internal—the final data output was always on paper. However, the ...
";
:(2) A secure electronic signature is an electronic signature that
::(a) is unique to the person making the signature;
::(b) the technology or process used to make the signature is under the sole control of the person making the signature;
::(c) the technology or process can be used to identify the person using the technology or process; and
::(d) the electronic signature can be linked with an electronic document in such a way that it can be used to determine whether the electronic document has been changed since the electronic signature was incorporated in, attached to, or associated with the electronic document.
;
ESIGN Act Sec 106 (US federal law)
:(2) ELECTRONIC- The term 'electronic' means relating to technology having electrical, digital, magnetic, wireless, optical, electromagnetic, or similar capabilities.
:(4) ELECTRONIC RECORD- The term 'electronic record' means a contract or other record created, generated, sent, communicated, received, or stored by electronic means.
:(5) ELECTRONIC SIGNATURE- The term 'electronic signature' means an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.
;
Regulation No 910/2014 on electronic identification and trust services for electronic transactions in the internal market Art 3 (European Union regulation)
:(10) ‘electronic signature’ means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign;
:(11) ‘advanced electronic signature’ means an electronic signature which meets the requirements set out in Article 26;
:(12) ‘qualified electronic signature’ means an advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures;
;
GPEA Sec 1710 (US federal law):
:(1) ELECTRONIC SIGNATURE.—the term "electronic signature" means a method of signing an electronic message that—
:(A) identifies and authenticates a particular person as the source of the electronic message; and
:(B) indicates such person's approval of the information contained in the electronic message.
;
UETA Sec 2 (US state law):
:(5) "Electronic" means relating to technology having electrical, digital, magnetic, wireless, optical, electromagnetic, or similar capabilities.
:(6) "Electronic agent" means a computer program or an electronic or other automated means used independently to initiate an action or respond to electronic records or performances in whole or in part, without review or action by an individual.
:(7) "Electronic record" means a record created, generated, sent, communicated, received, or stored by electronic means.
:(8) "Electronic signature" means an electronic sound, symbol, or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record.
;
Federal Reserve
The Federal Reserve System (often shortened to the Federal Reserve, or simply the Fed) is the central banking system of the United States. It was created on December 23, 1913, with the enactment of the Federal Reserve Act, after a series of ...
12 CFR 202 (US federal regulation): refers to the ESIGN Act
;
Commodity Futures Trading Commission
The Commodity Futures Trading Commission (CFTC) is an Independent agencies of the United States government, independent agency of the US government created in 1974 that regulates the U.S. derivatives markets, which includes futures contract, fut ...
17 CFR Part 1 Sec. 1.3 (US federal regulations):
:(tt) Electronic signature means an electronic sound, symbol, or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record.
;
Food and Drug Administration
The United States Food and Drug Administration (FDA or US FDA) is a List of United States federal agencies, federal agency of the United States Department of Health and Human Services, Department of Health and Human Services. The FDA is respo ...
21 CFR Sec. 11.3 (US federal regulations):
:(5) Digital signature means an electronic signature based upon cryptographic methods of originator authentication, computed by using a set of rules and a set of parameters such that the signer's identity and the integrity of the data can be verified.
:(7) Electronic signature means a computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual's handwritten signature.
;
United States Patent and Trademark Office
The United States Patent and Trademark Office (USPTO) is an List of federal agencies in the United States, agency in the United States Department of Commerce, U.S. Department of Commerce that serves as the national patent office and trademark ...
37 CFR Sec. 1.4 (federal regulation)
:(d)(2) ''S-signature.'' An S-signature is a signature inserted between forwarding slash marks, but not a handwritten signature ... (i)The S-signature must consist only of letters, or Arabic numerals, or both, with appropriate spaces and commas, periods, apostrophes, or hyphens for punctuation... (e.g., /Dr. James T. Jones, Jr./)...
:(iii) The signer's name must be:
:(A) Presented in printed or typed form preferably immediately below or adjacent to the S-signature, and
:(B) Reasonably specific enough so that the identity of the signer can be readily recognized.
Laws regarding their use
* Australia
Electronic Transactions Act 1999(which incorporates amendments from Electronic Transactions Amendment Act 2011)
Section 10 - Signaturesspecifically relates to electronic signatures.
* Azerbaijan
Electronic Signature and Electronic Document Law (2004)* Brazil
ttp://www.planalto.gov.br/ccivil_03/MPV/Antigas_2001/2200-2.htm Brazil's National Public Key Certificate Infrastructure Act (Infraestrutura de Chaves Públicas Brasileira - ICP-Brasil)* Bulgaria
Electronic Document and Electronic Certification Services Act* Canada
its regulations
and th
Canada Evidence Act
* China - Law of the People's Republic of China on Electronic Signature (effective April 1, 2005)
* Costa Rica
Digital Signature Law 8454
(2005)
* Croatia 2002, updated 2008
* Czech Republic – currently directly applicable eIDAS
The eIDAS Regulation (for "electronic IDentification, Authentication and trust Services") is an regulation (European Union), EU regulation with the stated purpose of governing "electronic identification and trust service provider, trust service ...
an
Zákona o službách vytvářejících důvěru pro elektronické transakce - 297/2016 Sb.
(effective from 19 September 2016), formerl
Zákon o elektronickém podpisu - 227/2000 Sb.
(effective from 1 October 2000 until 19 September 2016 when it was derogated)
* Ecuador �
Ley de Comercio Electronico Firmas y Mensajes de Datos
* European Union - eIDAS
The eIDAS Regulation (for "electronic IDentification, Authentication and trust Services") is an regulation (European Union), EU regulation with the stated purpose of governing "electronic identification and trust service provider, trust service ...
regulation on implementation within the EU is set out in the Digital Signatures and the Law.
* India - Information Technology Act
* Indonesia
Law No. 11/2008 on Information and Electronic Transactions
* Iraq - Electronic Transactions and Electronic Signature Act No 78 in 2012
* Ireland
* Japan - Law Concerning Electronic Signatures and Certification Services, 2000
* Kazakhstan
Law on Electronic Document and Electronic Signature (07.01.2003)
* Lithuania -
Law on Electronic Identification and Trust Services for Electronic Transactions
* Mexico - E-Commerce Act 000
Triple zero, Zero Zero Zero, 0-0-0 or variants may refer to:
* 000 (emergency telephone number), the Australian emergency telephone number
* 000, the size of several small List of screw drives, screw drives
* 0-0-0, a Droid (Star Wars)#0-0-0, dro ...
* Malaysia - Digital Signature Act 1997 and Digital Signature Regulation 1998 (https://www.mcmc.gov.my/sectors/digital-signature)
* Moldova - Privind semnătura electronică şi documentul electronic (http://lex.justice.md/md/353612/)
* New Zealand
Contract and Commercial Law Act 2017
* Paraguay
Ley 4017: De validez jurídica de la Firma Electrónica, la Firma Digital, los Mensajes de Datos y el Expediente Electrónico (12/23/2010)
Ley 4610: Que modifica y amplia la Ley 4017/10 (05/07/2012)
* Peru
Ley Nº 27269. Ley de Firmas y Certificados Digitales (28MAY2000)
* the Philippines
Electronic Commerce Act of 2000
* Poland - Ustawa o podpisie elektronicznym (Dziennik Ustaw z 2001 r. Nr 130 poz. 1450)
* Romania - LEGE nr. 214 din 5 iulie 2024 privind utilizarea semnăturii electronice, a mărcii temporale și prestarea serviciilor de încredere bazate pe acestea
* Russian Federation
Federal Law of Russian Federation about Electronic Signature (06.04.2011)
* Singapore
Electronic Transactions Act (2010)background informationdifferences between ETA 1998 and ETA 2010
* Slovakia
Zákon č.215/2002 o elektronickom podpise
* Slovenia - Slovene Electronic Commerce and Electronic Signature Act
* South Africa
Electronic Communications and Transactions Act [No. 25 of 2002
/nowiki>">o. 25 of 2002">Electronic Communications and Transactions Act [No. 25 of 2002
/nowiki>* Spain
Ley 6/2020, de 11 de noviembre, reguladora de determinados aspectos de los servicios electrónicos de confianza
* Switzerland - ZertES
* Republika Srpska (entity of the Bosnia and Herzegovina) 2005
* Thailand - Electronic Transactions Act B.E.2544 (2001
* Turkey
Electronic Signature Law
* Ukraine
Electronic Signature Law, 2003
* UK - s.7 Electronic Communications Act 2000
The Electronic Communications Act 2000 (c.7) is an Act of the Parliament of the United Kingdom that:
*Had provisions to regulate the provision of cryptographic services in the UK (ss.1-6); and
*Confirms the legal status of electronic signatures ( ...
* U.S. - Electronic Signatures in Global and National Commerce Act
The Electronic Signatures in Global and National Commerce Act (ESIGN, , ) is a United States federal law, passed by the U.S. Congress to facilitate the use of electronic records and electronic signatures in interstate and foreign commerce. T ...
* U.S. - Uniform Electronic Transactions Act
The Uniform Electronic Transactions Act (UETA) is one of the several United States Uniform Acts proposed by the National Conference of Commissioners on Uniform State Laws (NCCUSL). Forty-nine states, the District of Columbia, and the U.S. Virgin ...
- adopted by 48 states
* U.S. - Government Paperwork Elimination Act
The Government Paperwork Elimination Act (GPEA, Title XVII) requires that, when practicable, federal agencies use electronic forms, electronic filing, and electronic signatures to conduct official business with the public by 2003. In doing thi ...
(GPEA)
* U.S. - The Uniform Commercial Code (UCC)
Usage
In 2016, Aberdeen Strategy and Research reported that 73% of "best-in-class" and 34% of all other respondents surveyed made use of electronic signature processes in supply chain
A supply chain is a complex logistics system that consists of facilities that convert raw materials into finished products and distribute them to end consumers or end customers, while supply chain management deals with the flow of goods in distri ...
and procurement
Procurement is the process of locating and agreeing to terms and purchasing goods, services, or other works from an external source, often with the use of a tendering or competitive bidding process. The term may also refer to a contractual ...
, delivering benefits in the speed and efficiency of key procurement activities. The percentages of their survey respondents using electronic signatures in accounts payable
Accounts payable (AP) is money owed by a business to its suppliers shown as a liability on a company's balance sheet. It is distinct from notes payable liabilities, which are debts created by formal legal instrument documents. An accounts payable ...
and accounts receivable
Accounts receivable, abbreviated as AR or A/R, are legally enforceable claims for payment held by a business for goods supplied or services rendered that customers have ordered but not paid for. The accounts receivable process involves customer on ...
processes were a little lower, 53% of "best-in-class" respondents in each case.
Technological implementations (underlying technology)
Digital signature
Digital signatures are cryptographic
Cryptography, or cryptology (from "hidden, secret"; and ''graphein'', "to write", or '' -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adversarial behavior. More gen ...
implementations of electronic signatures used as a proof of authenticity, data integrity
Data integrity is the maintenance of, and the assurance of, data accuracy and consistency over its entire Information Lifecycle Management, life-cycle. It is a critical aspect to the design, implementation, and usage of any system that stores, proc ...
and non-repudiation
In law, non-repudiation is a situation where a statement's author cannot successfully dispute its authorship or the validity of an associated contract. The term is often seen in a legal setting when the authenticity of a signature is being challeng ...
of communications conducted over the Internet
The Internet (or internet) is the Global network, global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a internetworking, network of networks ...
. When implemented in compliance to digital signature standards, digital signing should offer end-to-end privacy with the signing process being user-friendly and secure. Digital signatures are generated and verified through standardized frameworks such as the Digital Signature Algorithm
The Digital Signature Algorithm (DSA) is a Public-key cryptography, public-key cryptosystem and Federal Information Processing Standards, Federal Information Processing Standard for digital signatures, based on the mathematical concept of modular e ...
(DSA)NIST
The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into physical s ...
or in compliance to the XAdES, PAdES or CAdES standards, specified by the ETSI
The European Telecommunications Standards Institute (ETSI) is an independent, not-for-profit, standardization organization operating in the field of Information and communications technology, information and communications. ETSI supports the de ...
.secure channel
In cryptography, a secure channel is a means of data transmission that is resistant to overhearing and tampering. A confidential channel is a means of data transmission that is resistant to overhearing, or eavesdropping (e.g., reading the conten ...
is not typically required. By applying asymmetric cryptography methods, the digital signature process prevents several common attacks where the attacker attempts to gain access through the following attack methods.National Institute of Standards and Technology
The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into Outline of p ...
(NIST) and the eIDAS
The eIDAS Regulation (for "electronic IDentification, Authentication and trust Services") is an regulation (European Union), EU regulation with the stated purpose of governing "electronic identification and trust service provider, trust service ...
RegulationEuropean Parliament
The European Parliament (EP) is one of the two legislative bodies of the European Union and one of its seven institutions. Together with the Council of the European Union (known as the Council and informally as the Council of Ministers), it ...
.OpenPGP
Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partit ...
is a non-proprietary protocol for email encryption through public key cryptography
Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic al ...
. It is supported by PGP and GnuPG
GNU Privacy Guard (GnuPG or GPG) is a free-software replacement for Symantec's cryptographic software suite PGP. The software is compliant with the now obsoleted , the IETF standards-track specification of OpenPGP. Modern versions of PGP are ...
, and some of the S/MIME
S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public-key encryption and signing of MIME data. S/MIME is on an IETF standards track and defined in a number of documents, most importantly . It was originally developed by ...
IETF
The Internet Engineering Task Force (IETF) is a standards organization for the Internet standard, Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster ...
standards and has evolved into the most popular email encryption standard in the world.
Biometric signature
An electronic signature may also refer to electronic forms of processing or verifying identity through the use of biometric "signatures" or biologically identifying qualities of an individual. Such signatures use the approach of attaching some biometric measurement to a document as evidence. Biometric signatures include fingerprints, hand geometry
Hand geometry is a biometric that identifies users from the shape of their hands. Hand geometry readers measure a user's palm and fingers along many dimensions including length, width, deviation, and angle and compare those measurements to measu ...
(finger lengths and palm size), iris patterns, voice characteristics, retinal patterns, or any other human body property. All of these are collected using electronic sensors of some kind.
Biometric measurements of this type are useless as passwords
A password, sometimes called a passcode, is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of password-protected services ...
because they can't be changed if compromised. However, they might be serviceable, except that to date, they have been so easily deceived that they can carry little assurance that the person who purportedly signed a document was actually the person who did. For example, a replay of the electronic signal produced and submitted to the computer system responsible for 'affixing' a signature to a document can be collected via wiretapping techniques. Many commercially available fingerprint sensors have low resolution and can be deceived with inexpensive household items (for example, gummy bear
Gummy bears (German: ''Gummibär'') are small, fruit gum candies, similar to a jelly baby in some English-speaking countries. The candy is roughly long and shaped in the form of a bear. The gummy bear is one of many gummies, popular gelat ...
candy gel).Face ID
Face ID is a Biometrics, biometric authentication facial recognition system, facial-recognition system designed and developed by Apple Inc. for the iPhone and iPad Pro. The system can be used for unlocking a device, making Apple Pay, payments, ac ...
on iPhone X
The iPhone X (Roman numerals, Roman numeral "X" pronounced "ten") is a smartphone that was developed and marketed by Apple Inc. It is part of the List of iPhone models, 11th generation of the iPhone. Available for pre-order from September 26, 2 ...
.
See also
* Authentication
Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an Logical assertion, assertion, such as the Digital identity, identity of a computer system user. In contrast with iden ...
* Long-term validation
* UNCITRAL Model Law on Electronic Signatures ( MLES)
References
External links
E-Sign Final Report
(2005, European Union
The European Union (EU) is a supranational union, supranational political union, political and economic union of Member state of the European Union, member states that are Geography of the European Union, located primarily in Europe. The u ...
)
Judicial Studies Board Digital Signature Guidelines
Dynamic signatures
{{DEFAULTSORT:Electronic Signature
Authentication methods
Biometrics
Cryptography
Computer law
Electronic identification
Signature
Records management technology