Electronic vs Digital Signatures: Defining the Difference

Featured

electronic vs digital signatures EDITED“Electronic” and “digital” are often used as interchangeable prefixes to the word “signature” – but there are vast differences between the two.

We are all familiar with, and have at some stage in our daily goings-on, dealt with the traditional “wet-ink” signature. In today’s digitally-charged world, however, this is fast becoming obsolete as more secure, efficient means of signing documents are developed.

A signature is essentially a means of binding an individual to the contents of a document, by way of an intentional mark. It typically signifies knowledge, approval, acceptance, or obligation.

That may be common knowledge, however, the advent of the digital signature has turned the humble handwritten signature on its head, introducing a number of new (and entirely exciting) facets, including a whole new set of terminology.

A digital signature, in its base form, is a digital code created and authenticated by public key encryption, which is attached to an electronic document to verify its contents and the sender’s identity.

But, largely dependent on where you are in the world, “digital” and “electronic” are often confused – or wrongly used interchangeably – in both conversation and law. Often described in unison, digital signatures and electronic signatures individually are different technologies, have different meanings, and they carry different legal weight.

So what exactly is the difference then? Let’s demystify this once and for all…

Electronic signatures: The superficial sign

Also referred to as an “ordinary electronic signature”, an electronic signature is generally defined as “Symbols or other data in digital form (whether it be a sound, process or symbol) attached to an electronically transmitted document as verification of the sender’s intent to sign the document”.

There are many different scenarios here. An electronic signature can be as basic as a scanned image of a handwritten (wet-ink) signature that is copied onto a signed document, in Word for example. Another case of an electronic signature would be your name, typed at the end of an email.

An electronic signature can even be verbal, a simple click of a box, or drawn on a hardware device such as a signature pad.

Given the examples above, it is evident that, by the sheer nature of electronic signatures, these types of signatures are difficult to maintain, and proof of identity, security, authentication and integrity is low.

Electronic signatures do not have the ability to lock documents for editing after the signing process, nor do they carry any active verification capability. This leaves documents signed with electronic signatures wide open to fraud and repudiation.

Digital signatures: The cryptographic mark

As alluded to earlier, digital signatures involve cryptography. They are the most advanced and secure type of electronic signature, and they guarantee the contents of a message or document have not been altered in transit.

A digital signature is also referred to as an advanced or secure electronic signature. It is based on Public Key Infrastructure (PKI) technology, using accredited personal X.509 digital certificates to provide the highest levels of security and universal acceptance.

These electronic signatures on steroids are created using a cryptographic operation that creates a hash-code unique to both the signer and the content, so that it cannot be copied, forged or tampered with.

This process provides strong proof of the signer’s identity, protects the data integrity of the document and provides absolute non-repudiation of signed documents.

Digital signatures can be verified without the need for any special proprietary software. Depending on the document format, the latest versions of free Adobe Reader or Microsoft Office application can verify the signature. Simply click directly on the digital signature to view the properties, signer’s identity, time and reason for signing – all of which are embedded in the document.

When a digital signature is applied to a document, a digital certificate is attached to the data being signed into one unique fingerprint, including cryptographic credentials.

That said, it is obvious digital signatures would carry far more legal weight and be preferable should security be even a slight concern.

In a nutshell, you could say electronic signatures verify documents, whereas digital signatures secure documents.

* SigniFlow only utilises Digital signature technology. Every signature on a document signed with SigniFlow is a Digital signature that carries the unique cryptographic credentials of the signer.

[REFERENCES]  

  1. za – Electronic Communications and Transactions Act, 2002
  2. Michalsons – Guide to the ECT Act in South Africa
  3. Difference Between – http://www.differencebetween.net/technology/difference-between-digital-signature-and-electronic-signature/

Brand new Hybrid Server range in the offing

Featured

carbonite-hybrid-server-for-business2The SigniFlow team has once again gone all out to ensure all our customers’ needs are met in every way, with our latest range of Hybrid Server licences.

Following an overwhelmingly positive response to our hybrid server solution, SigniFlow has pulled out all the stops to create a product that covers all bases, serves every one of our customers according to their specific needs and – above all – is first-class and failsafe.

A native cloud application utilising cloud computing frameworks and network-attached Hardware Security Modules (HSMs) to perform cryptographic signature operations, the SigniFlow solution was born out of the need for enterprise-level businesses to have maximum control over their data.

“For most small-to-medium businesses, accessing applications in the cloud was no problem, in fact it was in many cases preferred, but at an enterprise level, where highly sensitive documents and international legislation were involved, the need for more control was imminent,” explains Leon van der Merwe, Digital Director at SigniFlow.

In response to this need, SigniFlow launched its first open-enterprise on-premise SigniFlow Hybrid Server in 2017.

The term ‘Hybrid’, which we’ve used to name our server offering, refers to the combination of technology it employs – a dedicated hosted server, virtualisation technology and cloud-based cryptography.

Although often referred to as an on-premise solution, the SigniFlow Hybrid server is at home in a private server room or data centre, as well as in any hosted environment (private or public-cloud) and in a secure cloud services platform, like the popular Amazon Web Services (AWS) or Microsoft Azure.

The SigniFlow Hybrid brought about the ultimate in customisation, rebranding, enterprise information control, and an unrivalled bespoke integration landscape.

Highly successful among the big businesses the solution was intended for at the time, the technology drew such interest in the market at large during 2018, that suddenly businesses from across the spectrum wanted it.

“By listening to our customers, we realised that the solution, originally built for the enterprise, needed to be more flexible and scalable, to cater to medium – and even smaller – businesses,” says Van der Merwe.

“The SigniFlow team has once again gone full tilt in the idea factory, and we are very excited about our brand new Hybrid Server offerings for 2019.”

How the new licences work

The new SigniFlow Hybrid Server range consist of five new licences, the NANO-50, MEGA-250, TERA-500, PETA-1000 and the exciting new document-based open-enterprise license, the EXA-OPEN.

As its name suggests, the NANO-50 is a single tenant Hybrid that caters for up to 50 users, unlimited documents and unlimited signatures.

Similarly, the MEGA-250, TERA-500 and PETA-1000 cater for up to 250, 500 and 1 000 users respectively, all with document limits removed, and fully scalable and upgradeable licence plans.

From the MEGA-250 onwards, the servers can be duplicated to cater for more than 1 000 users and farmed for high-volume load balancing. Each comes with a second licence that can be used for disaster recovery (DR), or user acceptance testing (UAT or pre-prod). These models are also multi-tenant and can feature multiple business profiles per server.

The EXA-OPEN introduces a new approach to enterprise licensing. Documents, which may contain any amount of signatories, are bought in packs, ranging from 1 000 to 400 000 documents per pack, at incredibly low rates per document.

The real benefit of the EXA-OPEN kicks in for customers with document volumes above 400 000 per year, as the licence has a ceiling-charge equal to the 400 000 pack’s price. This means that after 400 000 documents, a flat annual rate is charged – no matter how many documents are involved or how many users are utilising the system.

The new Hybrid Server Licence Models are available in South Africa, South America, the United States, Europe, the Nordics and the United Kingdom.

 

For more information on how our Hybrid Server range can benefit your company, contact the team via support@signiflow.com  or phone:

South Africa : (+27) 10 300 4898

Americas: (+1) 603 717 4248

Europe: (+32) 494 102 095