An electronic signature is a legal concept for using an electronic symbol to represent a person’s volitional consent to be bound to the terms of a document. What you must achieve with any business process that requires an enforceable document is to obtain a legally valid electronic signature for that document using the proper processes. This is what AlphaTrust e-Sign™ is designed to do.
A digital signature on the other hand is a technical security concept for a data integrity process using cryptographic data hashing and encryption. Simply applying a digital signature process to the data of a document will generally not result in an enforceable electronic signature. Digital signatures are a very important security tool and AlphaTrust e-Sign™ uses digital signature technology in its electronic signature processes via a cryptographic key set. AlphaTrust e-Sign™ uses its own private signature key to digitally sign (seal) documents and that key's matching digital certificate to verify the signed documents.
A digital signature is computed for the document (the information displayed to the signer) and the signer’s private key is used to digitally seal the document as they viewed it. Normally, signers do not possess a Public Key Infrastructure (PKI) based digital signature key and digital certificate. In this case, the AlphaTrust e-Sign™ uses its key and certificate to seal the document. The AlphaTrust e-Sign™ transaction can optionally be configured to use the private key on the signer’s computer (software-based or smart card-based keys are supported). A PKI digital signature keyset (digital certificate plus private key) is supplied with each instance of the software. A client may elect to use a keyset issued from any PKI system if prefers. AlphaTrust e-Sign™ supports standard X.509v3 digital certificates with strong public keys. Cryptographic digital signing operations involve hashing the data to be signed (usually the bytes of a PDF documents) using a SHA-256 hash algorithm. The hash is then encrypted by means of an RSA or Elliptic Curve algorithm using the private key of the public-private keyset assigned to the software instance. This signed data blob is then stored as an artifact of the transaction so that is may later be used to verify the authenticity (data integrity) of document by means of a standard digital signature verification process using the public key contained within the digital certificate associated with the public key of the public-private key set assigned to the software instance.
AlphaTrust provides the most cost effective and highest performance electronic signature process automation solutions available. Call us at +22.214.171.12400, option 1, or click the link below and fill out the brief form with a few details and let us show you how we can help you.