How is an Electronic Signature Different from a Digital Signature?
We’ve been asked the question lately about what is the distinction between an Electronic Signature and a Digital Signature in the context of recording agreement on documents. Most people get confused on this topic, so we thought we would simplify things here:
An Electronic Signature is a legal term defining what constitutes a record of intent to form agreement. A Digital Signature is a digital authentication technology.
Only a few electronic signature services (RSign and the few that have licensed RSign patents) combine electronic signature capture processes with digital signature authentication technology. The result: a record of agreement that is court admissible with strong evidential weight.
There you have it. Simplified.
Now, for those more inquisitive types, we’ll get into more detail. (Of course, we’re still summarizing here. A useful resource is in the legalities section of the RPost.com website). Hang onto your seat.
What is an Electronic Signature?
Various countries have written laws to define what an Electronic Signature is. For example, in the United States, the most pointed-to definition is in the Electronic Signatures in Global and National Commerce Act (ESIGN, the Federal statute) in which it broadly defines an electronic signature (paraphrased) as a sound, symbol, or mark, made with intent to sign (applied to a document) logically associated with the content. (Read more about the electronic signature laws by state).
If the electronic signature meets the legal definition, it is a legal electronic signature. So, what makes a legal electronic signature strong evidence if there is ever a dispute as to who agreed to what with whom?
What is a Legal Electronic Signature with High Evidential Weight?
Here, one should look to see whether the record that memorializes the electronic signature (sound, symbol, or mark) that is logically associated with the content agreed to includes other metadata related to the transaction. Metadata is a fancy term for data about the data record itself.
An example of strong metadata about the e-sign transaction record that can provide strong evidential weight to the record is (a) an audit trail that records the timestamps and server/IP addresses associated with sending, delivery, opening, signoff, and (b) the audit trail, timestamps, content, and electronic “sound, symbol, or mark” packaged together in a form that can be authenticated — determined untampered, authentic, original content.
This is where Digital Signatures come in. In the context of electronic signatures, robust electronic signature services will apply a digital signature to the electronic signature record. Digital Signatures are a technical term for an encrypted hash of a set of data (that set of data in this context being an electronic signature applied to a PDF record with agreement content and transaction metadata for example).
This electronic signature record (of the sound, symbol, or mark logically associated with the content with markings making it apparent that there was an intent to sign) is, with the RSign service, prepared as a PDF record of the agreement and electronic signature markings plus an appended electronic signature certificate. Combined, this RSign e-sign record is in the form of an RSign PDF.
With RSign, the RSign PDF electronic signature record then has a Digital Signature applied to it.
This is a process of essentially running the content of the RSign PDF through an algorithm to generate a digital fingerprint (a one-way hash) of the content. This means that if the content is unchanged and passed through the algorithm again, it would generate an identical digital fingerprint. This digital fingerprint is then encrypted and applied to the RSign PDF electronic signature record. The RSign PDF electronic signature thus, additionally has a Digital Signature applied to it by the RSign system.
This means, in short, the RSign electronic signature service creates a robust legal record of an electronically signed agreement in that it:
- records the legal agreement ceremony (sound, symbol or mark made with intent to sign);
- is logically associated to the content of the agreement;
- does so with timestamped audit trail transaction metadata associated for greater evidential weight; and
- is rendered tamper detectable with the entirety of the record using Digital Signature technology.
In summary (and again simplified), an electronic signature is a definition of a legally acceptable way to record agreement and a digital signature is a technology. When applied together as part of an electronic signature service, you get a strong, legal, court-admissible evidential record of an electronically signed agreement. Only RPost patented technology employed by RMail, RSign and licensed by a few others, provides this industry-best legal e-sign record.
Originally published on: Digital Signature Vs Electronic Signature.