With more businesses looking to automate and streamline as many of their business processes as possible, it’s no surprise that digital signatures are quickly replacing traditional ink and paper. Digital signatures offer myriad advantages over a hand-written signatures. But, the main business drivers are increased efficiency and automation. As more contracts are executed remotely without a physical handshake, a handwritten signature now requires a long process. This usually includes (1) printing the document, (2) signing/initialing the document by hand, (3) scanning the document back in, and (4) emailing the document. Then, the process has to repeat all over again by the counter-signing party. Not only is it a waste of time and paper, but it also offers very little in the way of security. Ink signatures cannot speak to the document’s integrity (content hasn’t been altered) or non-repudiation (preventing a signer from denying their signature). Digital signatures solve both the inefficiencies AND the security issues.
A Brief Explanation of Digital Signatures:
Whether you are signing an email (like with GlobalCerts S/MIME signatures), or a PDF or Word document, the process of applying a digital signature is almost identical. First, a ‘hash’ of the data to be signed is compute. This is basically a unique ‘fingerprint’ that corresponds to the unique bits of the document. If you change even one character or number, the fingerprint will be entirely different. Then this signature, along with other important data (like the timestamp, author, public key, etc.) is all encrypted using the ‘private’ key of the signer.
Verification: The program that receives a signed email or document automatically performs a few steps to verify that the signature was made by the indicated signer, and that the contents haven’t been modified. This is done by: (1) verifying the signer’s public certificate, (2) using the signer’s ‘public’ key in the certificate to ‘decrypt’ the signature, and then (3) computing the hash of the data independently and (4) verifying it matches the hash in the decrypted signature. This process not only guarantees that the document hasn’t been altered, but that it was signed by somebody (or some device) that has the correct private key.
If it sounds complicated, it is…but the good news is that the whole process happens behind the scenes automatically by your mail client (or SecureMail Gateway™), or your document viewer like Adobe Reader or Microsoft Word. The results are then presented in an easy to see summary displaying the signature’s date, author, validity, etc.
Looking Forward to the Future
According to the latest forecasts, the worldwide digital certificate market is expected to grow from a 630 million dollar market in 2016 to over 6.5 billion by 2025, a 26% annual growth rate. The digital signature market is currently dominated by a few big players (like Docusign and Adobe) that are primarily focused on a cloud-based service of ad-hoc digital document signatures. This type of process works OK for real estate transactions, loan documents, in a business to consumer (B2C) environment. However, it leaves much to be desired in automated and B2B environment where a given user may be transacting a dozen or more contracts with a single partner daily.
Digital signature providers have recognized this process can be cumbersome and have thus developed APIs that allow for custom software development efforts to integrate the signatures into a customer’s unique business processes and software environment. This allows for businesses to integrate digital signature solutions directly into their electronic document management (EDM) systems, so employees never have to leave their document interface to apply or request document signatures.
One of the missing components, especially for SMBs, has been automating the signature process within the email workflow. GlobalCerts offers automatic S/MIME signatures to all emails with the SecureMail Gateway. Because of legislation such as the U.S. “ESIGN” act, your email signature line, combined with these digital signatures can be used as legally binding signatures, and as proof that a given email body (and all attachments) were sent by the reported sender as received. Because the SMG is integrated at the gateway level, all the sender needs to do to digitally sign an agreement is include it in their email and tag the message with [sign] in the subject line. Managing the public/private keypairs and the signature and verification process is all done by the gateway, allowing senders to use mobile, web, or traditional desktop mail clients without needing to worry about having the private key available on each client.
If your organization uses their own certificate infrastructure/PKI, or uses a third party CA to issue email certificates, these can be easily uploaded and used by the SMG for digital signatures and encryption. GlobalCerts is continually expanding our certificate-based digital signature capabilities to keep pace with the ever growing needs of our customers, and we are excited to continue innovating.