Ten Tips for Selecting the Best Digital Signature Solution
2009-06-02 16:12
507 查看
Ten Tips for Selecting the
Best Digital Signature Solution
Avoid the pitfalls when
transitioning from paper-based to electronic signatures
Author: John Marchioni
-Sept 2007
Introduction
As the traditional
“paper-based” world gives way to digital documentation and transactions,
enterprises are demanding innovative solutions for digitally signing and
authenticating such documents, files, and forms with iron-clad protection
against forgery. Solutions must guarantee non-repudiation and promise the same
level of security and trust that exists with conventional documentation. At the
same time, such a solution should be simple to use, easy to deploy and offer a
rapid Return on Investment (ROI).
In addition, with global
digital business now the norm, transactions and documents may need to be signed
by many people in different parts of the world. Users should be able to sign documents
directly from their desktop or via a zero technology footprint using any web
browser.
The need for verification
by recipients outside an organization, the ability of employees to sign
documents while traveling, and cross-platform capabilities – enabling the use
of numerous applications, such as Microsoft Word®, Adobe Acrobat®, and TIFF
images – all mean that, when it comes to selecting a digital signature
solution, an enterprise needs to be aware of several important criteria.
This White Paper outlines
the 10 most critical scenarios to take into consideration when making this
decision:
1. Seals
Documents
The best digital signature
solution seals the document using standard technology.
Your company has chosen an
electronic signature solution that ads an image of your graphical signatures to
documents; you can now attach a graphic representation of your signature to any
document created in Microsoft Word. This is all well and good, until you
discover that even though you have apparently signed the document, it can be
easily changed by any recipient – while the electronic signature remains
intact, just as you appended it. The door to fraud and forgery has been opened
wide!
The solution used has
simply placed a digitized “picture” of the signature on the document: it
doesn’t seal the document, it doesn’t verify the authenticity of the person
signing it, nor does it guarantee that the transaction cannot be altered.
In the traditional paper
world, transactions are validated by signing them either on an accepted form,
such as a check, or in front of a trusted third party, a notary or lawyer, who
the “stamps” the signatures so that they could not be changed.
In the virtual paperless
world, digital signatures must perform the same function, i.e. guarantee that the
signer is legitimate (that signatories are who they claim to be) and that
neither the signature nor anything written in the document can be changed
without authorization.
A digital signature must
be able to seal any electronic document and guarantee that it is tamperproof.
It is a one-time “fingerprint”, unique to both the signer and the document and
ensures that the signer is indeed the originator or owner of the document. This
“fingerprint” cannot be reused or reassigned and proves that the message has
not been altered in any way. Should the document be changed or altered, the
digital signature is automatically invalidated, providing total protection
against forgery.
2. Multiple
Application Support
The best digital signature solution supports multiple applications.
You are operating an
electronic signature solution that enables the signing of documents created
with the most commonly used applications – Microsoft Word and Adobe Acrobat. But
there are some documents produced by your ERP system that also need to be
signed and your electronic signature solution does not support this application
because the ERP application is not supported by the chosen electronic signature
solution.
Traditionally,
when signing paper documents, it didn't matter what type of document it was; a
form, an invoice or a typed contract. Now you need the same flexibility in a
paperless world.
A number
of different applications and document management systems are available. It is
important to select a digital signature solution that not only supports
different applications, such as Word, Excel, Outlook, PDF, TIFF, Auto CAD, InfoPath
and other third party applications, you should be able to add an electronic
signature to any document type. One way to guarantee support for any file format
is provided by solutions that convert any documents from any system into a
“signed” PDF file.
3. Graphical
Signatures
The best digital signature
solution offers the possibility of "seeing" the signature.
Traditionally, once a
document has been signed (with a “wet” signature), the signatures are visible.
It is possible to identify who signed the document and the capacity in which it
was signed; when renting an apartment, for example, the parties sign a lease. The
contract clearly displays the signatures and identifies who is the landlord and
who is the tenant. Anyone looking at the document can easily identify the
signatories and their roles.
In the virtual paperless
world, digital signature solutions offer trust and security but they do not
offer easy identification. Visual graphical signatures do not add any security
to the document, but they are important from a user’s acceptance point of view,
as they provide a natural user indication that the document is indeed signed.
It is
therefore important to include both the Digital Signatures, which preserve the
Data Integrity of the document and the digital signer’s authenticity and the
graphical image of the signer’s handwritten signature, which is a familiar form
of identifying the signer.
4. Multiple
Signatures
The best digital signature solution enables documents
to be signed by more than one person in more than one place.
There are
some electronic signature solutions that only allow one signature and when the
document has been signed and sealed, it is impossible to add more signatures.
Traditional
document-intensive organizations, such as insurance companies or financial
institutions, have large volumes of many different types of documents that must
be processed every day. Many of these documents must be reviewed, approved and
signed by more than one person. In some cases, one part must be approved by one
signatory while another section needs approval by a different person. With a
traditional "wet" signature, it is a simple matter of signing or
initialing any place in the document.
In the
virtual world, an effective digital signature solution should enable
"sectional signing", which allows signatories to edit and sign their
portion of
the document. For example, in
Microsoft Excel, the digital signature solution should be flexible enough to
allow multiple users to sign an entire workbook, different users to sign single
worksheets or even support different digital signatures for different ranges of
cells in the spreadsheet.
5. Zero IT
Management
The best digital signature
solution is easily installed, intuitive to use and does not require dedicated
support staff - it will work from the moment it is installed.
In the traditional world
of paper documents all that is needed to sign and manage documents is efficiency
and ink.
In the virtual world,
installing a new software system can generally be lengthy and
resource-intensive. Some solutions require extensive – and expensive –
customization to integrate with current or legacy software; often taking more
than a year to get it working, additional support staff and even a separate
help desk to support the signature application.
Users want to be able to
use the solution intuitively without the need to go through a long and lengthy
learning cycle or to be forced to employ a wizard process every time they want
to sign a document. If the system is bulky and difficult to use, people will
find a way to avoid it.
6.
Compliance
The best digital signature
solution complies with all legal requirements.
To be considered legally binding,
documents and transactions - paper-based or electronic - must meet many basic
requirements and strict standards. A digital signature solution must meet the
same criteria as a “wet” signature. These include the following basic
requirements:
1). Authenticity
– the signature can be authorized by a secure process
2).
Integrity – any tampering during transmission can be detected
3).
Privacy – the signature
cannot be accessed by unauthorized sources
4).
Enforceability – the signatures must be verifiable by all parties
5).
Non-refutability – the signature cannot be denied or disavowed
The first two requirements
prove that the recipient and the sender are authentic and authorized to perform
this transaction. The next two, provide methods to prove that the message
content is authentic and that the recipient can be certain that the data has
not been altered or lost in transit. The last and most important is that the
message must be able to “stand up in court”.
Referred
to as “non-repudiation”, this means that the digital signature must ensure that
the parties involved in the transaction cannot deny sending the message or its
contents.
In
addition to the above general requirements, some industries, such as finance or
pharmaceutical, have specific requirements. For many organizations, it is
critical to protect their data at all times with standard-based PKI methods
that meet the toughest regulations rather than a proprietary solution.
To avoid
returns and force the organization to prove that the solution is good enough, a
digital signature solution must meet the most stringent internationally
recognized regulations, for example:
1). FDA's 21 CFR Part 11
2). Health Insurance Portability and
Accountability (HIPAA)
3). Financial Services Modernization Act of
1999 (Gramm-Leach-Bliley);
4). Sarbanes Oxley
5). FAA's CFR Title 14
and
legislation, including:
6). Uniform Electronic Transactions Act
(UETA);
7). E-sign (Electronic Signature in Global and
national Commerce Act)
8). EU VAT Directive
9). EU Directive for Electronic Signatures
Only PKI based digital
signatures meet all these requirements. Other solutions may meet some but not
all requirements.
7.
Transportability
An effective digital
signature solution should ensure transportability.
Your company has
implemented its digital signature solution and has sent signed documents to a
client. But because the client has not installed the same digital signature
solution, he is unable to verify the document.
In the
traditional paper world, signed documents sent to third parties can be read and
understood without a problem.In the virtual paperless world, however, documents
must be recognized by the software application. To be truly versatile, a sender
must know that a digital signature will arrive unaltered anywhere in the world
and that it can be easily verified without the need for complicated,
proprietary third party applications.
For
example, if a document had been electronically signed in PDF, then the
recipient should be able to validate the document using the free Adobe Acrobat
Reader without any further software installations. Another example is when a
Microsoft Word® or Excel® document is signed, then it should be possible to
verify it on the receiving end without the need to install any special software
or plug-in for verification process.
8. Seamless
User Sign-Up
The best digital signature
solution offers simple-to-use, transparent sign-up.
In the
traditional paper world, people who need to sign documents are identified in
one of several ways: a signature card signed in person at the bank, a photo ID
or personal recognition.
In the
virtual paperless world, signatories register electronically and obtain a
digital certificate, which provides electronic identification similar to a
birth certificate or a passport. Digital certificates contain information about
the user, such as the certificate holder's name, e-mail address and other
specific identifying information. Digital certificates verify that the user is
who he or she claims to be. Certificates are generated by a Certificate
Authorities (CA) immediately after the identity of the user is validated thus
making the certificate a virtual equivalent of a Passport or a Birth
certificate.
Once a
digital signature solution has been deployed, it should be both simple to use
and as transparent as possible. Neither the users, nor the IT person, should be
aware of how a certificate is generated or maintained.
Moreover,
users should not need to use a wizard or call the Help Desk to be able to sign
documents. It should also be easy for the IT manager to make changes in the
users’ profile and these changes should be automatically reflected in the
users’ certificates.
In
addition, some systems require employees to re-enroll every year to verify that
they are still authorized by the company. Users will find this cumbersome as
will the IT and HR departments who need to deal with these registrations.
9.
Simple-to-Use
The best digital signature
solution is technologically simple to use.
In the
traditional paper world, signing a document is simple, intuitive and quick.
In the
virtual paperless world, signing a document should be just as easy. It should
take no more than 10 seconds or 1-2 mouse clicks – to ensure that the document
is signed, sealed and legally compliant.
But if
your digital signature solution requires the user to go through a tedious
wizard-type process to sign a document and each step of the process requires a
user interaction making the process complicated and difficult, the inadequacies
of the selected solution will soon become apparent. Users should not be
required to learn new technologies or require assistance from a Help Desk.
10. Total
Cost of Ownership
The best digital signature
solution has no hidden operation and management costs.
Traditional paper signing
leaves mountains of paperwork needing physical storage in archives that often
mushroom to warehouse proportions. To reduce costs and improve efficiency,
companies should move into the world of electronic processes.
Standards-based
digital signature solutions enable companies to become totally paperless. However,
when considering a digital signature solution, it is important to look into the
potential hidden costs.
Many
traditional digital signature solutions are based on complex PKI technology and
are difficult to deploy. They involve complicated software requiring a heavy
investment in IT support and development. Sometimes, a Help Desk needs to be
created or additional staff employed to support the solution. Other costs that
need to be checked include registration and renewal fees for digital
certificates, cost for smart cards, etc.
Conclusion
To ensure a smooth
transition from paper-based to paperless offices with a digital signature
system that:
1).guarantees
non-repudiation
2).offers a high level of
security
3).effectively seals
documents
4).allows multiple signers
to sign on a single document without difficulty
5).is
compatible with multiple applications
6).is
simple to use
7).offers
a rapid return on investment
8).has
no hidden costs
9).is
transportable without having to install proprietary software
Best Digital Signature Solution
Avoid the pitfalls when
transitioning from paper-based to electronic signatures
Author: John Marchioni
-Sept 2007
Introduction
As the traditional
“paper-based” world gives way to digital documentation and transactions,
enterprises are demanding innovative solutions for digitally signing and
authenticating such documents, files, and forms with iron-clad protection
against forgery. Solutions must guarantee non-repudiation and promise the same
level of security and trust that exists with conventional documentation. At the
same time, such a solution should be simple to use, easy to deploy and offer a
rapid Return on Investment (ROI).
In addition, with global
digital business now the norm, transactions and documents may need to be signed
by many people in different parts of the world. Users should be able to sign documents
directly from their desktop or via a zero technology footprint using any web
browser.
The need for verification
by recipients outside an organization, the ability of employees to sign
documents while traveling, and cross-platform capabilities – enabling the use
of numerous applications, such as Microsoft Word®, Adobe Acrobat®, and TIFF
images – all mean that, when it comes to selecting a digital signature
solution, an enterprise needs to be aware of several important criteria.
This White Paper outlines
the 10 most critical scenarios to take into consideration when making this
decision:
1. Seals
Documents
The best digital signature
solution seals the document using standard technology.
Your company has chosen an
electronic signature solution that ads an image of your graphical signatures to
documents; you can now attach a graphic representation of your signature to any
document created in Microsoft Word. This is all well and good, until you
discover that even though you have apparently signed the document, it can be
easily changed by any recipient – while the electronic signature remains
intact, just as you appended it. The door to fraud and forgery has been opened
wide!
The solution used has
simply placed a digitized “picture” of the signature on the document: it
doesn’t seal the document, it doesn’t verify the authenticity of the person
signing it, nor does it guarantee that the transaction cannot be altered.
In the traditional paper
world, transactions are validated by signing them either on an accepted form,
such as a check, or in front of a trusted third party, a notary or lawyer, who
the “stamps” the signatures so that they could not be changed.
In the virtual paperless
world, digital signatures must perform the same function, i.e. guarantee that the
signer is legitimate (that signatories are who they claim to be) and that
neither the signature nor anything written in the document can be changed
without authorization.
A digital signature must
be able to seal any electronic document and guarantee that it is tamperproof.
It is a one-time “fingerprint”, unique to both the signer and the document and
ensures that the signer is indeed the originator or owner of the document. This
“fingerprint” cannot be reused or reassigned and proves that the message has
not been altered in any way. Should the document be changed or altered, the
digital signature is automatically invalidated, providing total protection
against forgery.
2. Multiple
Application Support
The best digital signature solution supports multiple applications.
You are operating an
electronic signature solution that enables the signing of documents created
with the most commonly used applications – Microsoft Word and Adobe Acrobat. But
there are some documents produced by your ERP system that also need to be
signed and your electronic signature solution does not support this application
because the ERP application is not supported by the chosen electronic signature
solution.
Traditionally,
when signing paper documents, it didn't matter what type of document it was; a
form, an invoice or a typed contract. Now you need the same flexibility in a
paperless world.
A number
of different applications and document management systems are available. It is
important to select a digital signature solution that not only supports
different applications, such as Word, Excel, Outlook, PDF, TIFF, Auto CAD, InfoPath
and other third party applications, you should be able to add an electronic
signature to any document type. One way to guarantee support for any file format
is provided by solutions that convert any documents from any system into a
“signed” PDF file.
3. Graphical
Signatures
The best digital signature
solution offers the possibility of "seeing" the signature.
Traditionally, once a
document has been signed (with a “wet” signature), the signatures are visible.
It is possible to identify who signed the document and the capacity in which it
was signed; when renting an apartment, for example, the parties sign a lease. The
contract clearly displays the signatures and identifies who is the landlord and
who is the tenant. Anyone looking at the document can easily identify the
signatories and their roles.
In the virtual paperless
world, digital signature solutions offer trust and security but they do not
offer easy identification. Visual graphical signatures do not add any security
to the document, but they are important from a user’s acceptance point of view,
as they provide a natural user indication that the document is indeed signed.
It is
therefore important to include both the Digital Signatures, which preserve the
Data Integrity of the document and the digital signer’s authenticity and the
graphical image of the signer’s handwritten signature, which is a familiar form
of identifying the signer.
4. Multiple
Signatures
The best digital signature solution enables documents
to be signed by more than one person in more than one place.
There are
some electronic signature solutions that only allow one signature and when the
document has been signed and sealed, it is impossible to add more signatures.
Traditional
document-intensive organizations, such as insurance companies or financial
institutions, have large volumes of many different types of documents that must
be processed every day. Many of these documents must be reviewed, approved and
signed by more than one person. In some cases, one part must be approved by one
signatory while another section needs approval by a different person. With a
traditional "wet" signature, it is a simple matter of signing or
initialing any place in the document.
In the
virtual world, an effective digital signature solution should enable
"sectional signing", which allows signatories to edit and sign their
portion of
the document. For example, in
Microsoft Excel, the digital signature solution should be flexible enough to
allow multiple users to sign an entire workbook, different users to sign single
worksheets or even support different digital signatures for different ranges of
cells in the spreadsheet.
5. Zero IT
Management
The best digital signature
solution is easily installed, intuitive to use and does not require dedicated
support staff - it will work from the moment it is installed.
In the traditional world
of paper documents all that is needed to sign and manage documents is efficiency
and ink.
In the virtual world,
installing a new software system can generally be lengthy and
resource-intensive. Some solutions require extensive – and expensive –
customization to integrate with current or legacy software; often taking more
than a year to get it working, additional support staff and even a separate
help desk to support the signature application.
Users want to be able to
use the solution intuitively without the need to go through a long and lengthy
learning cycle or to be forced to employ a wizard process every time they want
to sign a document. If the system is bulky and difficult to use, people will
find a way to avoid it.
6.
Compliance
The best digital signature
solution complies with all legal requirements.
To be considered legally binding,
documents and transactions - paper-based or electronic - must meet many basic
requirements and strict standards. A digital signature solution must meet the
same criteria as a “wet” signature. These include the following basic
requirements:
1). Authenticity
– the signature can be authorized by a secure process
2).
Integrity – any tampering during transmission can be detected
3).
Privacy – the signature
cannot be accessed by unauthorized sources
4).
Enforceability – the signatures must be verifiable by all parties
5).
Non-refutability – the signature cannot be denied or disavowed
The first two requirements
prove that the recipient and the sender are authentic and authorized to perform
this transaction. The next two, provide methods to prove that the message
content is authentic and that the recipient can be certain that the data has
not been altered or lost in transit. The last and most important is that the
message must be able to “stand up in court”.
Referred
to as “non-repudiation”, this means that the digital signature must ensure that
the parties involved in the transaction cannot deny sending the message or its
contents.
In
addition to the above general requirements, some industries, such as finance or
pharmaceutical, have specific requirements. For many organizations, it is
critical to protect their data at all times with standard-based PKI methods
that meet the toughest regulations rather than a proprietary solution.
To avoid
returns and force the organization to prove that the solution is good enough, a
digital signature solution must meet the most stringent internationally
recognized regulations, for example:
1). FDA's 21 CFR Part 11
2). Health Insurance Portability and
Accountability (HIPAA)
3). Financial Services Modernization Act of
1999 (Gramm-Leach-Bliley);
4). Sarbanes Oxley
5). FAA's CFR Title 14
and
legislation, including:
6). Uniform Electronic Transactions Act
(UETA);
7). E-sign (Electronic Signature in Global and
national Commerce Act)
8). EU VAT Directive
9). EU Directive for Electronic Signatures
Only PKI based digital
signatures meet all these requirements. Other solutions may meet some but not
all requirements.
7.
Transportability
An effective digital
signature solution should ensure transportability.
Your company has
implemented its digital signature solution and has sent signed documents to a
client. But because the client has not installed the same digital signature
solution, he is unable to verify the document.
In the
traditional paper world, signed documents sent to third parties can be read and
understood without a problem.In the virtual paperless world, however, documents
must be recognized by the software application. To be truly versatile, a sender
must know that a digital signature will arrive unaltered anywhere in the world
and that it can be easily verified without the need for complicated,
proprietary third party applications.
For
example, if a document had been electronically signed in PDF, then the
recipient should be able to validate the document using the free Adobe Acrobat
Reader without any further software installations. Another example is when a
Microsoft Word® or Excel® document is signed, then it should be possible to
verify it on the receiving end without the need to install any special software
or plug-in for verification process.
8. Seamless
User Sign-Up
The best digital signature
solution offers simple-to-use, transparent sign-up.
In the
traditional paper world, people who need to sign documents are identified in
one of several ways: a signature card signed in person at the bank, a photo ID
or personal recognition.
In the
virtual paperless world, signatories register electronically and obtain a
digital certificate, which provides electronic identification similar to a
birth certificate or a passport. Digital certificates contain information about
the user, such as the certificate holder's name, e-mail address and other
specific identifying information. Digital certificates verify that the user is
who he or she claims to be. Certificates are generated by a Certificate
Authorities (CA) immediately after the identity of the user is validated thus
making the certificate a virtual equivalent of a Passport or a Birth
certificate.
Once a
digital signature solution has been deployed, it should be both simple to use
and as transparent as possible. Neither the users, nor the IT person, should be
aware of how a certificate is generated or maintained.
Moreover,
users should not need to use a wizard or call the Help Desk to be able to sign
documents. It should also be easy for the IT manager to make changes in the
users’ profile and these changes should be automatically reflected in the
users’ certificates.
In
addition, some systems require employees to re-enroll every year to verify that
they are still authorized by the company. Users will find this cumbersome as
will the IT and HR departments who need to deal with these registrations.
9.
Simple-to-Use
The best digital signature
solution is technologically simple to use.
In the
traditional paper world, signing a document is simple, intuitive and quick.
In the
virtual paperless world, signing a document should be just as easy. It should
take no more than 10 seconds or 1-2 mouse clicks – to ensure that the document
is signed, sealed and legally compliant.
But if
your digital signature solution requires the user to go through a tedious
wizard-type process to sign a document and each step of the process requires a
user interaction making the process complicated and difficult, the inadequacies
of the selected solution will soon become apparent. Users should not be
required to learn new technologies or require assistance from a Help Desk.
10. Total
Cost of Ownership
The best digital signature
solution has no hidden operation and management costs.
Traditional paper signing
leaves mountains of paperwork needing physical storage in archives that often
mushroom to warehouse proportions. To reduce costs and improve efficiency,
companies should move into the world of electronic processes.
Standards-based
digital signature solutions enable companies to become totally paperless. However,
when considering a digital signature solution, it is important to look into the
potential hidden costs.
Many
traditional digital signature solutions are based on complex PKI technology and
are difficult to deploy. They involve complicated software requiring a heavy
investment in IT support and development. Sometimes, a Help Desk needs to be
created or additional staff employed to support the solution. Other costs that
need to be checked include registration and renewal fees for digital
certificates, cost for smart cards, etc.
Conclusion
To ensure a smooth
transition from paper-based to paperless offices with a digital signature
system that:
1).guarantees
non-repudiation
2).offers a high level of
security
3).effectively seals
documents
4).allows multiple signers
to sign on a single document without difficulty
5).is
compatible with multiple applications
6).is
simple to use
7).offers
a rapid return on investment
8).has
no hidden costs
9).is
transportable without having to install proprietary software
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- The Ten Best Vocabulary Learning Tips
- [Z] The Ten Best Vocabulary Learning Tips
- Tips for the best development tools
- Windows cannot verify the digital signature for the drivers required for this device.. (Code 52) 错误解决办法
- Top Ten Security Tips for the Holidays
- Tutorial: The best tips & tricks for bash, explained | bash 入门| 极好的bash技艺
- How To Choose The Best XML Parser for Your iPhone Project
- Deploying a VSTO 3.0 solution for the Office 2007 using Windows Installers
- Get the content of an Iframe in Javascript – crossbrowser solution for both IE and Firefox
- Let's hope for the best
- Tips for speed up your algorithm in the CUDA programming
- 【转】Design Best Practices for the Mobile Web
- (转载)XML Tutorial for iOS: How To Choose The Best XML Parser for Your iPhone Project
- What is the best way to implement a heartbeat in C++ to check for socket connectivity?
- A 'C' Test: The 0x10 Best Questions for Would-be Embedded Programmers(想成为嵌入式程序员应知道的0x10个基本问题)
- Uva-1375 The Best Name for Your Baby(复杂DP)
- How To Choose The Best XML Parser for Your iPho...
- Google Hacks: Tips & Tools for Finding and Using the World's Information
- Question 12: In C++, which of the following is the best declaration for an overloaded operator[] to allow read-only access (and
- The Database Diagrams solution for SQL Server 2008