When the pandemic pushed us into greater reliance on digital tools, it sped up a process that was already well underway. One of the technologies that catapulted into greater prominence is electronic signing.
eSignature software for law firms can greatly speed up the process of formalizing a document and reaching an agreement while more closely catering to all parties’ needs. According to Forbes, since 2019:
- The number of businesses using eSignature has grown by 50%
- Individual users have increased by 13%
- Nearly 70% of signer still prefer eSignature over in-person signing when there are no pandemic concerns
But not all eSignatures are equal. Some are more secure, more authenticated, and easier to legally enforce.
How do you ensure that your eSignature platform is secure and compliant with state and federal law? Here are some aspects to consider:
The legal basis for eSignature software
In 2000, the Electronic Signatures in Global and National Commerce (ESIGN) Act was formalized into US law. The Act broadly equalizes eSignatures with pen-and-paper signatures. If all parties choose to use eSignatures, they are generally as valid as paper signatures are. You can’t deny a signature simply because it’s electronic.
Individual states followed suit, adopting their own laws which assert:
- A contract cannot be denied legal effect or enforceability just because it’s electronic
- Where there’s a legal requirement for a record to be in writing, an eSignature meets that requirement
- An eSignature satisfies the legal requirement for a signature
Some documents still require physical — also known as ‘wet’ signatures — such as wills, divorce and custody documents, and court orders. As always, check the rules governing your jurisdiction.
To comply with laws and standards, an eSignature platform should validate identity, demonstrate an intent to sign, and demonstrate proof of signing. But how do they fulfill these requirements?
Digital vs. electronic signature
Many people use ‘digital signature’ as a synonym for ‘electronic signature.’ But in information security circles, they are distinct.
Digital signatures are a kind of electronic signature that has gone through a specific process to certify them as authentic. Digital signatures are tamper-evident — once the document is signed, the signature is displayed as invalid if changes are made.
Notaries were invented to help verify physical signatures. In the same way, digital signatures were invented to help verify eSignatures. They do this through the use of Public Key Infrastructure and Certificate Authorities.
How does PKI work?
Public Key Infrastructure, or PKI, was dreamed up by a British intelligence agency before the internet even existed. Though their work was originally shrouded in secrecy, PKI is now ubiquitous. Even if you’ve never heard of it, PKI has been helping you securely communicate with the world for years.
PKI was invented to solve cryptography’s ‘key’ problem. To keep a message confidential, you encrypt it. But for the intended recipient to decode what you’ve written, they need a key. How do you give them a key, if you can’t just send it separately and hope it doesn’t get intercepted?
That’s why PKI uses two keys, a public one and a private one. The public key, which isn’t secret, can only be used to encrypt messages — it can’t be reverse-engineered to decrypt that information. The private key, which decrypts the message, is held only by the recipient.
The message sender encrypts with the recipient’s public key, and the recipient decrypts with their private key. Additionally, to ensure that the recipient is truly who they claim to be, the system requires encrypted digital certificates, which trusted Certificate Authorities (CA) issue once they’ve verified a person’s identity.
What does this mean for users of eSignature platforms? PKI helps protect customers’ data and ensure that signed documents are valid.
Protecting PKI with an HSM
Another technique can further protect the entire cryptography system. A hardware security module (HSM) is a secure network computer that’s dedicated only to cryptographic operations, such as key management, key exchange, and encryption.
The HSM is like a locked safe, allowing no unauthorized access. It’s built from specialized hardware that’s been certified in special laboratories. It runs off a security-focused OS. And it actively protects cryptographic material.
eSignature platforms like Vinesign use an HSM to verify documents by locking them once they’ve been signed. In the case of multi-sign documents in Vinesign, the HSM verifies each signature individually as they are collected. Documents that have already been signed cannot be re-uploaded as a new document in Vinesign for validation purposes. Additionally, once all signatures have been completed, documents cannot be edited or re-sent, as they are locked once fully signed.
Additional layers of security
The world has yet to create a perfectly secure environment, online or off. Many efforts consist of building up layers of security measures so that a compromise in one layer is warded off by another layer.
Maybe you keep your most important possessions inside a locked safe that’s inside your locked house, so any would-be thief would have to figure out two secure environments to steal them. Or perhaps you use 2-factor authentication for your email and case management software, so even if someone stole your login credentials, they wouldn’t have the login code that was sent to your cell phone.
Similarly, you can fortify the security of your eSignatures with additional layers of security.
One optional layer provided by Vinesign is gesture authentication. When gesture authentication is enabled, the signee will be asked to take a selfie making the gesture you request, such as a thumbs-up sign or a peace sign.
Learn how a secure eSignature platform can help you
Document signing can significantly slow down any agreement process, especially when the signee must physically come to your office or sign paper documents and return them by mail. eSignature has grown popular because it speeds up the process and allows signees to do their part from their home, office, or wherever they may be.
Vinesign is a popular platform for legal professionals and others in search of secure, transparent, and fast electronic signatures options. It utilizes PKI and HSM technology to help protect your most important information. To learn more about the ways you can benefit from this technology, visit www.vinesign.com.