E-Signatures vs. Digital Signatures

E-Signatures vs. Digital Signatures

One of the most basic security tenets of corporate workflow and document management systems is the requirement to keep files within the security of the corporate four walls as much as possible.  When files are sent outside the organization, errors or other bad things can happen — certainly, we understand the vulnerability of giving out our personal information even to innocuous providers like Target or Equifax.

There are many instances where the delivery of native files is a necessity but even then, there are methods to control and secure files.  Sending out links to files that force users to view, print, and check out files is still the preferred means, and meets security guidelines as issued by NIST.

Often, in workflows, there is a need to assign a formal approval to a document or a group of documents, or completion of a specific step irrespective of related documents.  This approval can be represented using several methods, including freeform signatures, electronic and digital signatures, or simple application “I accept” buttons.

Non-digital signatures

Use of free form signatures was once the rage, but when institutions figured out how easy they were to copy and how drawing them was not the same as using a pen, they moved away from this method.  Instead, some systems allow users to type their names using a script font, though these still present the same potential issues of security and uniqueness.

Sending out files for e-signatures

Most e-signature providers are similar in that they provide an independent authentication authority when it comes to the signing of documents.  They provide this service by a) being a signature authenticator and b) keeping copies of files to which signatures have been associated.  The authenticator asks users to submit files for signature and identifies signature and related fields to be filled out by the file recipient.  Files are typically transmitted using SSL or other encryption technologies.

Signatures by the recipient are held by the authenticator as means of proof of execution. This workflow requires the sender to forward the file to the e-signature organization every time a file needs a recipient’s signature or approval.

Third-party e-signature companies provide some comfort as being external to the organization requesting a signature.  But this independence comes at a cost, in terms of both money and security.  Using a third party for e-signatures can be expensive, with many charging on a transaction basis or on a per-user basis.  This can add up.  In addition, files are transmitted to a third party and kept by them.  Though e-signature entities provide relatively high levels of security, they are still adding unnecessary transmission vulnerability and storage hacking risk into the equation.

Using digital signatures instead

For many use cases, the signature being applied is simply a designation of approval and is not a legal signature as defined in ESIGN and UETA legislation in the U.S.  The signature may be to indicate the finality of a document, an agreement with the changes made to a document, that the file(s) have not been tampered with, or simply a means of moving a workflow ahead, as in “this step is complete.”

So, for the majority of situations in business today, there is no requirement for a legally binding signature and using third party e-signatures is not needed, as well as unnecessarily costly.  An alternative is a digital signature, assigned to a file or workflow to indicate the appropriate endorsement.  The receiver just needs to know that the document or drawing or step has been approved by an entity with appropriate authority for release and the file has not been altered or changed since issued.  Neither of these requirements needs a legally binding signature.

How is a digital signature different?

Digital signatures are very much like e-signatures.  The major difference is that files signed with digital signatures don’t need users to access a third party to assign a signature.  That is, the company becomes a self-authenticator through the use of a digital certificate, issued either by a certificate authority or by the company itself, attached to the file, similar to the certificate authentication process used in SSL (Secure Sockets Layer) connections.

The certificate is assigned to the file and any application using the file first authenticates the certificate is valid and thereafter doesn’t allow any changes to the file.  For situations where revisions or redlines are needed, the user must first make a copy of the file.  Even if the file is renamed with the same name, the new file does not carry the certificate and, as such, is identified as a different file than the original.

Signatures for workflows

Many organizations use a project manager or professional engineer’s signature as a means of approving the completion of a workflow step or task (an engineer’s signature can even be augmented with the engineer’s seal stamp).  This is a consistent method of advancing workflows, and while keeping an audit trail of who approved particular steps and when is useful for analysis, it certainly does not need to be authenticated by a third party.

For instance, a simple internal authentication against the organization’s Active Directory is more than sufficient to indicate consent.  Using a digital signature rather than a simple “approved” button adds the assurance that the signer is not only who he says she/he is but that the workflow step has not been altered after the fact.  This provides all workflow users, including external parties, that there is integrity in the workflow and participant reviews.

Digital signatures get the job done

So, though e-signatures can be used for workflow management, it is often more costly and more than is needed and makes analysis of audit trails more difficult. Digital signatures can provide the needed consents and the assurance the workflow steps have not be altered.

Approvals and signatures, though not the same, can be used interchangeably with a digital signature providing the added assurance that the signer is authentic and the signature has not been tampered with.  Moreover, digital signatures done internally by your workflow system don’t require a connection to a third-party authenticator which makes them more secure and less costly.

 

Our EDMS solutions

ImageSite and EngineBox are eQuorum’s robust workflow and document management solutions, created to help workers manage their essential workflows while maintaining complete control over their engineering files and documents.  Not only do they provide a secure collaboration site for workers, but they also help organizations manage document distribution with third parties like vendors, contractors, and customers. Both systems are offered at a competitive price, enabling organizations to get a quick return on their investment by providing the features and functionality needed to help organizations improve efficiency, productivity, and collaboration.  Companies can choose from concurrent user subscriptions or named user subscriptions, ensuring organizations have subscription options that make sense for their business.

Learn more why our solution is trusted by industry leaders.

ImageSite

ImageSite®

Our single source engineering workflow and document management system. Built in HTML5 so there is no software to deploy to client computers or mobile apps to download. Offered as an On-premise or Private Cloud system.

Explore ImageSite® 

EngineBox™

EngineBox is a cloud based workflow and document management version of ImageSite that resides outside the corporate network.

Explore EngineBox™

Our EDMS solutions

ImageSite and EngineBox are eQuorum’s robust workflow and document management solutions, created to help workers manage their essential workflows while maintaining complete control over their engineering files and documents.  Not only do they provide a secure collaboration site for workers, but they also help organizations manage document distribution with third parties like vendors, contractors, and customers. Both systems are offered at a competitive price, enabling organizations to get a quick return on their investment by providing the features and functionality needed to help organizations improve efficiency, productivity, and collaboration.  Companies can choose from concurrent user subscriptions or named user subscriptions, ensuring organizations have subscription options that make sense for their business.

Learn more why our solution is trusted by industry leaders.

Engine-Box
EngineBox™

EngineBox is a cloud based workflow and document management version of ImageSite that resides outside the corporate network.

Explore EngineBox™

The eQuorum Customer Promise

In 2005, eQuorum developed the first all browser-based EDMS. The system, although for on-premise use, was still created to remove client software and JAVA from user computers and allow users to have a single viewer based on the simple navigation functionality of browsers. Today, eQuorum provides that same application in a private Cloud or a SaaS Cloud option.  We can do this because we are, and have always been, browser-based, understanding the enhanced speed, security, and usability of this technology.

With the abundance of document management systems on the market today, there’s no doubt that choosing the right Cloud document management software can be a difficult decision. eQuorum is here to provide a comprehensive, powerful, and most importantly – affordable Cloud document management solution. We believe in providing real value to our customers by eliminating unnecessary costs, providing industry-leading functionality, and equipping your team with the right tools using cutting edge technology to bring your products to market faster.

Schedule a demo or sign up for a free trial of the software