Updated: Jul 20, 2020
What is signature verification?
The widespread adoption of electronic signatures has raised many questions. Perhaps the most pressing for would-be users relate to security. While many companies and individuals see the benefit of transitioning from the traditional way of signing documents – which involves printing, scanning, hand-signing, and re-scanning – they have uncertainties about security. In particular, they’re unsure about how the process of verification works. The answer to this aims to demystify the electronic signature verification process.
How do digital signatures work?
The first point to outline is the difference between electronic and digital signatures. Digital signatures, which are a highly secure type of electronic signature, have a very specific and robust verification process.
The term “electronic signature”, on the other hand, can be used to refer to any virtual mark (like an image file) that is included in a document to signify approval. Digital signatures work by leveraging an encrypted system that is based on a standard technological framework called the Public Key Infrastructure (PKI). Certificate Authorities (CAs) provide individuals with a “digital certificate” which is securely stored by them, sometimes on a special USB stick.
Whenever the individual wants to sign a document, they will attach their digital certificate to the document using special software. An encrypted “hash” (a string of data) that’s specific to the signed document is then created. The person responsible for sending the document is then able to “match” this hash with a public digital certificate, thus verifying the signature.
How are electronic signatures verified?
Various major pieces of legislation – including ESIGN (The Electronic Signature in Global and National Commerce Act), UETA (The Uniform Electronic Transactions Act), and eIDAS (Electronic Identification, Authentication, and trust Services) – endorse the validity of electronic signatures. The process for verifying electronic signatures bears a lot of resemblance to traditional methods used to prove the validity of pen-and-ink signatures.
Verification is essentially about proving that an electronic signature was made by the intended signee by establishing the date, location and time the signature was made and ensuring that a document was not tampered with. Different software solutions, like PandaDoc, offer added layers of security for electronic signatures by creating certificates, security checks, and various levels of encryption as soon as a document is signed.