27
Wed, Nov
0 New Articles

How Do You Verify Digital Signatures in Electronic Documents?

Typography
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

If your company needs to securely manage signed documents, secure digital signature capture could be the answer.

 

In today's world, where people are constantly signing their names on an electronic signature pad at stores, restaurants, and other establishments, what methods can be used to ensure that a digital signature is authentic, and how do companies keep that information safe and secure ? This article explores physical signature capture, which is a key method of keeping signatures safe in the ever-expanding world of digital signature capture.

 

Digital signatures generally come in two forms: digital certificates, which are Internet-based files issued to allow a person to sign a document, and physical signature capture from signature pads, which is generally referred to as "digital signature capture" or "electronic signature capture."

 

One definition of a digital certificate signature is as follows: a digital signature on an object is created by using a form of cryptography and is like a personal signature on a written document. A digital signature provides proof of the object's origin and a means by which to verify the object's integrity. A digital certificate owner "signs" an object by using the certificate's private key. The recipient of the object uses the certificate's corresponding public key to decrypt the signature, which verifies the integrity of the signed object and verifies the sender as the source. Another way to think of it is like sealing an envelope for mailing. You seal a document before it is sent, and the seal is broken by the recipients only if they have the correct digital certificate or password on the receiving end.

 

Using digital certificates is not really a very practical way of managing the capture of physical signatures because an electronic certificate must be issued by a trusted online certificate provider. Digital certificates must also be managed in the Web browser or a repository called a "key store." This typically becomes unwieldy for an end user to set up and use. Digital certificate use is also typically limited to Internet-based applications, which don't translate well to physical signing in a retail or warehouse environment, where merchandise is picked up and delivered.

 

A more conventional or generally used definition of a digital or electronic signature is as follows: a digital signature is a signature that is applied to a document by using a physical representation of the signer's signature. A digital signature is applied to a document when the signer writes his name on a digital signature capture tablet or some other signing device that can be used to capture a representation of the signature. Once captured, the signature is applied to the appropriate electronic document format.

 

For most practical business applications, the physical signing process is the most useful. Let's look at an example. There are many businesses out there where customers or truck drivers are picking up merchandise at a storefront location or from a warehouse. The typical process goes something like this: a customer or driver comes in to pick up some merchandise. Multiple copies of an order, invoice, or bill of lading document are printed for signatures. Each copy is then signed. The customer or driver takes one copy. The store or warehouse employees file another copy locally and then ship yet another copy to corporate headquarters, where the final copy is scanned into an imaging system or simply filed manually.

 

Let's see how using digital signature capture might streamline and secure this process. In a streamlined merchandise pickup scenario, the customer or driver would enter a store or warehouse to pick up merchandise. He would visually review a copy of the order, invoice, or bill of lading document on a monitor at the pickup counter. Then he would simply sign his name on a signature capture pad and click a button to confirm the signature. He could also possibly place notes on the document prior to signing that notate that broken or defective merchandise was picked up. After signing, the counter operator would click the application's print button to print a single copy of the appropriate documents already signed. Then a copy of the merged documents with signature applied could be manually or automatically saved to a network folder or to the customer's electronic document-management software and made available immediately and securely for customer requests.

 

The above signing scenario could also apply to several other industries, such as banking, where customers are signing loan and account application documents. Merchandise delivery drivers could collect signatures and print receipts right away for a customer or instantly email a signed receipt after a transaction document is electronically signed. Retail customers could get a signed copy of their receipt as soon as the transaction is completed, and the store could have an instant electronically signed copy instead of relying on the paper transaction. Hospital patients can sign their admittance documents. Quality control departments can facilitate electronic approvals for manufactured products and materials. Any application where a physical signature is captured today is an ideal candidate to turn into an electronic signature–based process.

 

You now understand some of the various applications for capturing physical signatures, but how do you ensure that the signature data is stored safely and kept secure? The most important way to ensure that an electronic signature is authentic is to never store the signature separately from the final document it belongs to. An example of this might be when a customer at a store or restaurant signs an electronic signature pad to complete a transaction. The signature could be instantly applied to the receipt document and printed for the customer. Then an electronic copy of the document could be automatically saved for recall. Today, most retail and other point-of-sale (POS) systems simply store the signature data separately from the actual transaction data.

 

With so many file formats available, only a few document formats are really amenable to electronic signing. The two main signable document formats are TIFF and PDF. The reason that TIFF and PDF documents are so conducive to signing is that a signature can be captured from an electronic signature pad or signature server software and can be easily merged into the final document, creating a single composite final-form copy of the document with a signature on it. By burning the signature image into the final-form document, the signature cannot be re-used or hijacked because the immutable image has been burned into the original document. Verifying the document authenticity is as simple as opening the document and viewing the completed, signed document. The merged document can then be reprinted or stored in an electronic document management system, in Microsoft SharePoint, or on a Windows file system. The electronically stored copy of the document becomes the official record of the transaction. Because PDF and TIFF documents can be date/time stamped, the timing of the document creation can also be recorded within the document. PDF also has added benefit in that the files can be password-protected and encrypted if desired for an added level of document security.

 

In a corporate environment where documents are signed over and over by the same person during the day and passed between departments, it might be desirable to store a copy of an employee signature on an electronic signature server where the original signature image is password-protected and encrypted. Instead of physically signing each document, the signer opens a document in the appropriate viewing application and signs it by entering a password that applies a visual representation of the signature to the selected document and applies it into the document image. This can be highly useful in a quality control environment or a banking or financial environment, where several documents must be signed and approved by a worker on a daily basis. Since a signature server also burns the image into the final-form document, the signature is immutable and cannot be easily removed from the document.

 

Another application for a signature server would be to store electronic signatures that can be automatically applied to checks and other documents that are generated by a company. This is a great scenario for merging a securely pre-captured signature to a form document to create a final signed document. Another great use for pre-captured signatures is generating accounts payable, payroll, or other checks within an organization. For use with automatic check generation, signatures can be pre-captured and encrypted or stored on a secure USB thumb drive. Signatures, MICR fonts, and check numbers are applied electronically as checks get generated. Most modern form products allow users to automatically apply one or more signatures to a check, based on dollar amount thresholds or other specific criteria, thus eliminating the need for management teams to physically sign every check document that gets generated.

 

When setting up a secure document signing environment, you will usually purchase signature capture pads from vendors such as Topaz, Ingenico, Verifone, or others. Ingenico and Verifone not only have the ability to capture signatures, but also are commonly used to capture credit and debit card information for electronic transactions. The same signature pad can be used for both purposes. Next, you will purchase signature capture software that utilizes the signature pads to collect signatures and apply the signatures to the appropriate documents.

 

There are several general and industry-specific applications in the marketplace to facilitate document signing and serving up secure electronic signatures to users who spend their days signing lots of documents. Make sure to research available solutions completely before making a purchase decision. You will want a signature capture solution that meets your needs today and as your needs grow.

 

If your company captures a lot of signed documents and has a need to securely manage the signed documents along with signatures, you could likely benefit from secure digital signature capture.

as/400, os/400, iseries, system i, i5/os, ibm i, power systems, 6.1, 7.1, V7,

Richard Schoen is the president and chief technology officer of RJS Software Systems, an information-management and data-integration solutions developer for the System i platform. RJS also provides commercial classes for introducing System i developers to .NET development. Richard founded RJS in 1990 and today guides the direction and development of all of the company's core products. Richard can be reached at This email address is being protected from spambots. You need JavaScript enabled to view it..  
BLOG COMMENTS POWERED BY DISQUS

LATEST COMMENTS

Support MC Press Online

$

Book Reviews

Resource Center

  • SB Profound WC 5536 Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application. You can find Part 1 here. In Part 2 of our free Node.js Webinar Series, Brian May teaches you the different tooling options available for writing code, debugging, and using Git for version control. Brian will briefly discuss the different tools available, and demonstrate his preferred setup for Node development on IBM i or any platform. Attend this webinar to learn:

  • SB Profound WP 5539More than ever, there is a demand for IT to deliver innovation. Your IBM i has been an essential part of your business operations for years. However, your organization may struggle to maintain the current system and implement new projects. The thousands of customers we've worked with and surveyed state that expectations regarding the digital footprint and vision of the company are not aligned with the current IT environment.

  • SB HelpSystems ROBOT Generic IBM announced the E1080 servers using the latest Power10 processor in September 2021. The most powerful processor from IBM to date, Power10 is designed to handle the demands of doing business in today’s high-tech atmosphere, including running cloud applications, supporting big data, and managing AI workloads. But what does Power10 mean for your data center? In this recorded webinar, IBMers Dan Sundt and Dylan Boday join IBM Power Champion Tom Huntington for a discussion on why Power10 technology is the right strategic investment if you run IBM i, AIX, or Linux. In this action-packed hour, Tom will share trends from the IBM i and AIX user communities while Dan and Dylan dive into the tech specs for key hardware, including:

  • Magic MarkTRY the one package that solves all your document design and printing challenges on all your platforms. Produce bar code labels, electronic forms, ad hoc reports, and RFID tags – without programming! MarkMagic is the only document design and print solution that combines report writing, WYSIWYG label and forms design, and conditional printing in one integrated product. Make sure your data survives when catastrophe hits. Request your trial now!  Request Now.

  • SB HelpSystems ROBOT GenericForms of ransomware has been around for over 30 years, and with more and more organizations suffering attacks each year, it continues to endure. What has made ransomware such a durable threat and what is the best way to combat it? In order to prevent ransomware, organizations must first understand how it works.

  • SB HelpSystems ROBOT GenericIT security is a top priority for businesses around the world, but most IBM i pros don’t know where to begin—and most cybersecurity experts don’t know IBM i. In this session, Robin Tatam explores the business impact of lax IBM i security, the top vulnerabilities putting IBM i at risk, and the steps you can take to protect your organization. If you’re looking to avoid unexpected downtime or corrupted data, you don’t want to miss this session.

  • SB HelpSystems ROBOT GenericCan you trust all of your users all of the time? A typical end user receives 16 malicious emails each month, but only 17 percent of these phishing campaigns are reported to IT. Once an attack is underway, most organizations won’t discover the breach until six months later. A staggering amount of damage can occur in that time. Despite these risks, 93 percent of organizations are leaving their IBM i systems vulnerable to cybercrime. In this on-demand webinar, IBM i security experts Robin Tatam and Sandi Moore will reveal:

  • FORTRA Disaster protection is vital to every business. Yet, it often consists of patched together procedures that are prone to error. From automatic backups to data encryption to media management, Robot automates the routine (yet often complex) tasks of iSeries backup and recovery, saving you time and money and making the process safer and more reliable. Automate your backups with the Robot Backup and Recovery Solution. Key features include:

  • FORTRAManaging messages on your IBM i can be more than a full-time job if you have to do it manually. Messages need a response and resources must be monitored—often over multiple systems and across platforms. How can you be sure you won’t miss important system events? Automate your message center with the Robot Message Management Solution. Key features include:

  • FORTRAThe thought of printing, distributing, and storing iSeries reports manually may reduce you to tears. Paper and labor costs associated with report generation can spiral out of control. Mountains of paper threaten to swamp your files. Robot automates report bursting, distribution, bundling, and archiving, and offers secure, selective online report viewing. Manage your reports with the Robot Report Management Solution. Key features include:

  • FORTRAFor over 30 years, Robot has been a leader in systems management for IBM i. With batch job creation and scheduling at its core, the Robot Job Scheduling Solution reduces the opportunity for human error and helps you maintain service levels, automating even the biggest, most complex runbooks. Manage your job schedule with the Robot Job Scheduling Solution. Key features include:

  • LANSA Business users want new applications now. Market and regulatory pressures require faster application updates and delivery into production. Your IBM i developers may be approaching retirement, and you see no sure way to fill their positions with experienced developers. In addition, you may be caught between maintaining your existing applications and the uncertainty of moving to something new.

  • LANSAWhen it comes to creating your business applications, there are hundreds of coding platforms and programming languages to choose from. These options range from very complex traditional programming languages to Low-Code platforms where sometimes no traditional coding experience is needed. Download our whitepaper, The Power of Writing Code in a Low-Code Solution, and:

  • LANSASupply Chain is becoming increasingly complex and unpredictable. From raw materials for manufacturing to food supply chains, the journey from source to production to delivery to consumers is marred with inefficiencies, manual processes, shortages, recalls, counterfeits, and scandals. In this webinar, we discuss how:

  • The MC Resource Centers bring you the widest selection of white papers, trial software, and on-demand webcasts for you to choose from. >> Review the list of White Papers, Trial Software or On-Demand Webcast at the MC Press Resource Center. >> Add the items to yru Cart and complet he checkout process and submit

  • Profound Logic Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application.

  • SB Profound WC 5536Join us for this hour-long webcast that will explore:

  • Fortra IT managers hoping to find new IBM i talent are discovering that the pool of experienced RPG programmers and operators or administrators with intimate knowledge of the operating system and the applications that run on it is small. This begs the question: How will you manage the platform that supports such a big part of your business? This guide offers strategies and software suggestions to help you plan IT staffing and resources and smooth the transition after your AS/400 talent retires. Read on to learn: