This is one of the more confusing topics for people new to electronic signatures. To make it simple we can refer to ESIGN for the definition of Electronic Signature
“an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.” (emphasis mine).
We will also rely on the US government for the definition of a digital signature (from FIPS 186-2, the Digital Signature Standard)
“This Standard specifies algorithms appropriate for applications requiring a digital, rather than written, signature. A digital signature is represented in a computer as a string of binary digits. A digital signature is computed using a set of rules and a set of parameters such that the identity of the signatory and integrity of the data can be verified.”
Note that there is no mention of the emphasized section of the ESIGN definition, and no reference to the process which is critical in establishing intent and creating a legally binding electronic signature. A digital signature is a cryptographic structure using asymmetric cryptography which may produce a legally binding electronic signature, depending on the proper process being followed.
The PKI algorithms such as RSA encryption and the Secure Hash Algorithm (SHA) used in digital signatures can be part of the electronic signature process. In fact digital certificates, the most common exemplar of a digital signature, are often used at some stage in the electronic signing process to create a tamper evident seal around the transaction.
The SAFE Biopharma Association is an organization that creates standards using digital signatures to create electronic signatures. They are primarily focused on creating FDA rule 21 CFR 11 compliant electronic signatures for the pharmaceutical industry using token-based PKI.
Subscribe to Esignature Post feed
