A digital signature is an electronic signature that can be used to legally sign and approve any business process that has been digitised.
The digital signature authenticates the identity of the sender of a message, or the signer of a document, and ensures that the original content of the message or document that has been sent is unchanged. It involves cryptographic action. But how does it work?
“Let's assume that you want to send a draft contract to your lawyer, who is based in another city,” commented Maeson Maherry, Solutions Director at LAWtrust and a leading expert in South Africa on electronic signatures, “and you need to assure your lawyer that it was unchanged from what you sent and that it was really sent from you.”
“The process is quite straightforward on both sides,” continued Maherry. It works as follows:
From your side, you:
* Obtain a digital certificate and private key for signing from a Certificate Authority, which is a trusted third party responsible for the identification of the certificate subscriber;
* Upload your Word, Excel or PDF document into a signature boardroom or equivalent signature-capable software;
* Drag a signature box to where you want the signature and simply click on the signature box. This triggers the automatic creation of a hash function that acts as a forensic test for originality;
* Your private key is used to automatically encrypt the hash, which secures the identity of the signatory as well as the original content against tampering, and this is known as your digital signature;
* Your digital signature complies with all legal requirements of a signature, as well as assures the integrity of the data message from accidental or malicious alteration;
* Share the document with relying parties or other signatories via the signing boardroom or e-mail.
From the lawyer's side:
* The lawyer opens the digitally-signed PDF document in the free Adobe Reader software found on most computers;
* This automatically triggers a signature validation process where a hash of the received message is created as a forensic test for the integrity of the content and the sender's identity;
* The signer's digital certificate is automatically used to decrypt the hash function sent with the message as a reference test result;
* The hashes are compared, and if successfully matched, Adobe Reader will display a clear notice saying all signatures are valid and the contents of the document can be trusted.
“This process is functionally equivalent to a witnessed wet signature in the real world,” concluded Maherry, “so the overall process is extremely easy to understand. However, the benefit really lies in the proactive forensic test process, which detects alterations before any fraudulent instruction is executed. This means that the risk of signing electronically is far lower than with a wet signature, as well as more efficient.”
For further information, please contact Christi Peens; tel. (012) 676 9240; fax (012) 665 3997; e-mail christi@lawtrust.co.za.
Share
LAWtrust
LAWtrust, a member of the LAW Holdings Group, is the security partner of choice for organisations in the areas of cryptographic-based security such as digital certificates, PKI, digital signing, encryption, integrity and non-repudiation. In this regard, it has relationships with many international vendors, and using these and its own locally developed products, creates effective solutions to complex security needs and is noted for its prompt delivery of the relevant solutions, i.e. it is a specialist applications security integrator.
LAWtrust Intelligence is rated as a level 2 contributor BBBEE company and includes customers in both the public and private sectors such as the largest departments in central government and the 'Big Six' banks.
Editorial contacts