All content copyright © TME Consulting Limited, 2006. Terms of Use
Home | News | CoSign | FAQ | CoSign FAQ | CoSign Demos | Contact Us |Jobs
Digital Signatures FAQ
Just heard about digital signatures and need to know more? Perhaps you are already an industry expert who requires more detailed information on CoSign Digital Signatures prior to making a purchase decision?
What are digital signatures?
Digital signatures take the concept of traditional paper-based signing and turn it into a digital "fingerprint". Digital signatures enable you to easily migrate from cumbersome paper-based processes to a secure and efficient paper-free environment.
This "fingerprint", or coded message, is unique to both the signer and the document. This ensures that the person who signed is indeed the originator of the message. This fingerprint cannot be reused or reassigned to anyone else at any time. The digital signature authenticates the originator of the message and ascertains that the message has not been modified after sending. If any changes were made to the document after it was signed, they would automatically invalidate the signature, thereby protecting against forgery.
Digital signatures help organizations sustain signer authenticity, accountability, data integrity and non-repudiation of documents and transactions.
What is the difference between digital and electronic signatures?
There is a clear difference between electronic and digital signatures, though these terms are often used interchangeably:
Digital signatures (sometimes referred to as Advanced or Secure Electronic Signatures) are a result of a cryptographic operation. The technology behind digital signatures is an industry standard known as Public Key Infrastructure (PKI), which guarantees data integrity and non-repudiation of transactions. The digital signature cannot be copied, tampered or altered. On the other hand, Electronic signatures are electronic images that are physically or logically attached to the signed data. Adding a sentence “I, John Doe, sign this document” is good enough to be considered as an electronic signature; however, it is clear that electronic signatures are easy to forge, unlike Digital Signatures.
What is CoSign?
CoSign is AR's simple-to-use and quick to deploy, digital-signature solution that delivers an innovative way to digitally sign documents, files, forms and transactions, while enforcing iron-clad protection against signature forgery. With CoSign, organizations can easily sign in numerous applications such as Microsoft Word, Adobe Acrobat, TIFF images and leading Content Management Systems. CoSign digital signatures “seal” an electronic document, ensuring the authenticity, integrity and confidentiality of the electronic transaction, guaranteeing non-repudiation.
Is CoSign a hardware or software solution?
CoSign includes a tamper-proof hardware appliance for centralized key generation, storage and signing operations, while consisting of software components for integration with various 3rd party applications (such as Microsoft Office) and User Management Systems (such as Active Directory).
Simply right-click the signature and choose the "Validate" option.
Validating the signature enables the recipient to authenticate the identity of the signer and view the reason, date and time of the signature. Validation guarantees that the signed document was not tampered with and/or modified, ensuring that the signer was a valid employee, for example, at the time of signing the document. CoSign allows receiving parties to validate signatures without requiring software installation. For example, electronic signature solutions always require proprietary software to validate signatures.
Note: Validating a signature varies slightly according to the application and its version.
Yes! Any changes made to the document data, even altering a single letter, will invalidate the electronic signature validation process (refer to CoSign Architecture). The decrypted message will not match the encrypted message which would result in signature failure. CoSign ensures maximum security and compliance to core business processes.
Note: The electronic signature does not prevent a document from being changed and later re-signed.
How does a user ensure the identity of the signer?
CoSign electronic signatures authenticate the content of documents by attributing the signer to the signed document. Every signer is identified by a CoSign issued certificate (or by that of an external trusted entity - CA). This identification is based on the fact that the user is a recognized employee in the organization.
When signing, CoSign ensures that only the legitimate user has access to his/her signing key. User authentication can be achieved with passwords, one-time tokens, biometric or otherwise.
What happens to the electronic signature if changes are made to the signed document?
Any changes made to a signed document will automatically invalidate the electronic signature. After such tampering, when a receiver attempts to validate the electronic signature they receive notification that the signature is invalid. In Microsoft Word for example, a red cross appears on the signature. Users can view additional information about the signature and the signer's credentials.
Digital and Graphical signatures
CoSign introduces a solution that merges both digital
technologies and electronic graphical signatures
(see illustration). This combination offers both unforgeable
digital signatures and visual identification of the signer,
using his/her visual graphical signature.
CoSign provides users with an electronic representation (graphical image) of their handwritten signature which integrates with a digital signature on the electronic document. Both the graphical signature image and the digital signature are secure and easily deployed. The signature can also be validated ensuring the authenticity of the user.
