Understanding E-Sign concepts and requirements

This is for informational purposes only.

Within the E-Sign Act there are three consistent concepts that are either acknowledged in almost every law, guideline or opinion as it relates to electronic signatures.  The concepts are the Authentication of the signer, the Integrity of the signed document, and Non-repudiation of the signature and the intentions of the signers.  The following sections will explain these concepts in detail, as well as assist in the understanding and compliance of these concepts.

Authentication

Authentication is defined as the act of establishing or confirming someone as authentic or in the world of electronic signatures, they are who they say they are.  There are many ways to accomplish this.  Traditionally, this may have been done by providing a passport, driver’s license or other forms of identification, but in the World Wide Web this is not always going to be a viable option, so other methods may be used.

The most common and perhaps popular way on the Internet today is to use an email based identifier.  Most people who have an email address have probably experienced this at some point.  You may have encountered a web site where you were required to put in your email address.  That site then emails you a verification code or a link that you had to click on. After you enter the verification code provided, you were then a verified member.  This method is typically known as an email based ID system.

There are also other ways to prove identity or validation using third party solutions.  In other words, use a method where the person or entity has presumably already been verified through.  Again, you may have already experienced this.  Some sites may require a credit card number, address or zip code, or maybe even an account number.  The presumption is that the person told the truth to those entities, and it should match the information provided on the website.

The point being there are countless methods for authenticating and identifying individuals. 

Integrity

Integrity in the electronic world simply means that there is a reasonable belief that the file or document in question has not been tampered with or altered by anyone or anything since its creation or since it was signed.  The concept of integrity is straightforward and easy to understand, and its requirement is completely justified.  Say for example you’re dealing with a paper document, some discrepancies are easy to find, but with electronic documents it can be very difficult if not impossible to manually or even visually tell if a document has been altered.  In order to demonstrate or prove document integrity a service may use an encryption algorithm or fingerprint to lock a file once it has been completely signed.  Going even beyond that, some of the better services such as DocVerify will continually capture a documents fingerprint, and then create a final version of the document once it has been completely signed by also embedding fingerprints and certificates directly into the document.  Most fingerprinting technology which is in use today for the purposes of identification can be more accurate that even DNA.

 Non-repudiation

Non-repudiation is a concept of ensuring that a party in a dispute cannot refute the validity of an electronic document.  Someone can always say, “That is not my signature” and claim their signature was forged.  After all, someone could have easily copy pasted an image of the persons signature they found on the Internet, and fax it back to you.  Under most circumstances you can never be 100% certain that the person you are doing business with is in fact who they say they are.  Even if the person is there physically there can still be a risk.  You are probably aware of this fact, but identity theft is the fastest-growing form of crime, and criminals are doing more with your identity than buying things on Amazon.  So what can you do to protect yourself against electronic signature fraud or abuse?

Electronic signature systems such as DocVerify use various verification methods to insure the signer understands the purpose and the intent of the signature process as well as protecting the document itself from tampering.  However, the road to successful electronic signature implementations lies in the careful understanding of all three concepts.  Too many providers out there cut corners, which may hurt you in the long run such as allowing multiple signers to use the same email address.

The bottom line is it’s important to combine good business practices with a solid electronic signature system such as DocVerify which will make non-repudiation less of an issue.

For more information about electronic signatures, please visit www.docverify.com

references: www.isaacbowman.com

Advertisements

One thought on “Understanding E-Sign concepts and requirements

Comments are closed.