Understanding the differences between electronic and digital signing is key
In general, electronic signing covers a very broad spectrum of applicability. It is a generic function that can be accomplished in various forms such as:
- A click-wrap acknowledgement of terms and conditions;
- Applying your written signature on a phone or tablet;
- Use of a generic digital certificate.
The most important thing to note is that electronic signing does not require any type of validation of the signer's identity. This means that while it is a good means of collecting an acknowledgement of something, there is no way to ensure that the signer is actually the individual they say they are.
Digital signing requires the use of an identity-based digital certificate. The certificate is issued to only one individual, for whom the personal identity of that individual has been independently confirmed through verification of personally identifying information, otherwise known as PII. It is similar to a driver's license or passport with the verification methods being similar as well.
Digital signatures utilize a signing algorithm to request a unique electronic fingerprint that can be validated during and following the digital signing process. The digital signature contains various auditable attributes such as the name of the signer, date and time stamp, and the details of the certificate used to create the signature. Digital signatures issued by IdenTrust are non-repudiable meaning that, from a legal perspective and based on policies that govern digital signing, the signature is recognized as belonging to the individual to whom the certificate is associated.
It is important to understand the differences between electronic signing and digital signing, so IdenTrust has created an article in our Education Center titled Electronic versus Digital Signing.
IdenTrust's digital certificates are used for many different reasons, across many disciplines.