Unlocking the Digital Signature Legitimateness for Engineering in Australia

How to eSign a document: digital signature legitimateness for Engineering in Australia

[Music] hello and welcome to today's global sign webcast on cloud-based digital signatures I'm Dan Farrell with the global sign marketing team and I'd like to thank you for joining us today I'd like to take just a moment to introduce our presenter Jose sway Smith Jose is one of our fantastic sales engineers here at Global sign and has been in the industry for five years today he's going to be discussing the need for digital signatures and how the latest cloud technologies are eliminating the barriers to adoption making it easier than ever to deploy legally acceptable trusted to doodle signatures and I'll turn it over to Jose thanks Daniel so to begin with we all know the typical discussion about going paperless a few years ago this was part of the conversation but at this point everyone understands why you don't want to deal with paper it's time-consuming inefficient wasteful you know the deal people don't want to deal with paper how many workflows and processes have been brought online as a result there's one area of document processing that continues to be an issue how to deal with signatures contracts invoices loan applications engineering drawings lab documents virtually every business across every industry deals with signatures at some point hence most of them are wondering what are the current options available now you may be thinking don't we already have an answer for this there are a ton of electronic signatures options out there you're not wrong about that but it's not that simple there are a few major areas of confusions as barriers to electronic signature adoption people when an electronic signing solution but that could be confusing there's the technology itself with a range of different solutions to different problems making it hard to figure out which one you actually need think about compliance and legality you need to make sure that whatever you are using is a legally accepted alternative and of course you have the topic of deployment first of all electronic signatures is kind of an umbrella term it includes a wide variety of signing actions and assurance levels it goes from simply shaking a box entering your initials typing your name inserting an image of your signature to using cryptographic based digital signature this can make it confusing when trying to choose a potential solution so how do you know which one you need well depending on your case it might be enough to just collect someone's initials but if you need higher level of assurances or need to meet certain regulations you need to be more careful this brings me to another point of confusion the difference between electronic and digital signatures and allow me to make this very clear these two terms are definitely not the same digital signatures are the type of electronic signature based on cryptographic technology so what does the underlying cryptography actually mean for you how does this translate to your business you will know that the document is authentic and comes from a verified source because a third-party verified the identity that is used to apply the signature you can actually interact with the signature and see more details about the signers identity non-repudiation the signature is applied with users cryptographic private key so unless the key has been compromised the signer cannot deny they sign the document document integrity one of the most important features of digital signatures so thanks to a hashing mechanism which is a unique code derived from the document this will let you know that document has not been modified since the moment it was signed time stamping third party time stance can be incorporated into digital signatures this way you know for certain that the signature was applied when it actually was now speaking about compliance well it's great that new regulations are emerging to help define what type of signatures are acceptable and that E is is actually established in international standards these regulations still don't go into specifics about which technologies or vendors you should use so you know what signatures you need but not necessarily which types meets those criteria and where to go and get them fortunately there are some common points if you start to read through the regulations you will see some of the same language same signatures must be unique to the signer and capable of identifying designer digital signatures achieve this because they are a link to your unique third-party verified identities with this information embedded in the signature itself signatures must be under sole possession of the signer again this comes back to the private key I mentioned earlier digital signatures are applied with the individual's private key so so long as this is kept private you know this site the signature was actually applied by that person the signature has to be linked to the data so that any change the data is detectable as I mentioned earlier our of the signature verification process involves checking the documents contents before and after the signature was placed thanks to the hashing and some regulations mentioned in timestamping including trusts third party time Stan will help you meet this requirement somewhat related to compliance or at least to general acceptance is a concept of public trust so let's take a look at the document that was signed we don't trust the signature the recipient gets clear warning on the top of the document stating the signature has problems and therefore you cannot really trust it on the other hand are publicly trusted signature clearly shows that is valid public trust comes down to the roots of the certificate authority where you get your credentials from there are two major routes tools for documents got the Adobe authorize trust lists ADL which is a successor of the certified document services DDS and the Microsoft root trust lists in order for your signatures to have a public trust and be automatically trusted the ca's routes needs to be included into these programs in you can see one of the major points that said digital signatures apart from other signatures above we see the public trust we discuss showing it has valid and you can also see the signers name plus time and date it was signed as a side note the looks of the signatures can be customized so for example you can include an image of your written signatures if you wish or perhaps a professional stamp instead clicking the signature brings up more details about the signature again you can clearly see that the signature is valid and the identity behind it what you can also see that the document hasn't been changed since it was signed and more details about the embedded time stamp at this point you can actually dig down even further into the credential that was used to apply the signature who issued it well what is when it was issued etc so based on what we have seen we can conclude that digital signatures are a great option for those of you looking for an alternative to your paper-based signature workflow but why isn't everyone already using them let's look into some of the barriers that have prevented adoption in the past and how the latest technologies are knocking them down honestly one of the biggest barriers in the past was the market confusion I mentioned before with so many signatures options which one is the best for you well the new regulations and standards give you a better overview of what you really need plus the education efforts from companies like us and others out there but beyond that even people who wanted to use the ITO signatures have some reservations thanks to our requirements Adobe's trust program which perhaps is most important given most people use it for PDFs requires signing credentials to restore on fips-compliant cryptographic power which are typically USB s or our secure models HSMs this represents a big investment in hardware maintenance plus a management if you are using USB s this by far is the most common complaint because it affects everyone who wants a digital sign another pain point has been on the document workflow or management systems one a full workflow that you can customize and automate make things easier for everyone usually this is was a tricky point for digital signatures because in order to integrate the signatures into the workflow there was often custom development work and cryptographic expertise required from your end or you have to outsourcing to integrators which of course led to more investments but fortunately there's a better way the answer to all of these problems I mentioned lies in the cloud moving to the cloud eliminates all the headaches I just mentioned in particular global science digital signing services the SS gives you everything you need to apply a legally admissible and compliant detail signatures in one cloud-based service you have the digital signing process itself and note the document itself and its contents never actually leave your environment the signing service only receive the hash of the document issuance of signees credentials or certificates which can be issued to individuals or a department level say if you want to sign something from the legal or finance department private key storage that Hardware require mention earlier no more s or HD seems to invest or manage private keys are securely stored in global science cloud HSN's trusted time stamping service there's a high demand for signatures to be timestamp due to compliance reasons or just higher assurance for the parties involved in general people want to know that the time associated with the signature can be trusted finally revocation checking essentially this is the part of the signature validation and the most important for long-term validation meaning signature stays valid even after designing credentials expired or is revoked so long as the credential was valid at the time of signing the signature will remain valid DSS is already integrated into many popular platforms it goes from general signing platforms to specific business applications and word and document workflows plus we continue working on expanding this list basically you just need an account with a platform and a DSS account and you can start signing just like that to show you how simple the signing process can be here's an example within adobe sign let's star in the main screen where you can start the sign-in process here you can just enter the email address of the signer and of yourself if you want to have a copy of it later just upload the document to be signed after processing the document you'll have the option to include a digital signature to it by just dragging a box to the desired location at the signature the recipient will receive a link to sign the document on their email and can easily click on the box to digitally sign it just select global sign on the list of providers enter your credentials of your enterprise directory service and after you'll receive a pin code for authenticating the signature later you will then see the certificate which will be used to sign and you can enter a sign in region if desired now you can just confirm and enter the pin code to complete and that's it you now have a signed PDF and straight download a copy from it and see the finalized document our goal is to make digital signatures accessible to everyone and we think a cloud-based offering is a solution for that all right thanks I say next up we've got three of our most frequently asked questions on the digital signing service or DSS as we like to call it so question number one what do you need to use DSS so in order to use DSS you'll need a signing platform or application and this can be one that we're already integrated with like Adobe sign or if you have your own application that you've created and want to build digital signatures in you can do the integration yourself using our simple REST API for example our customer donkey first provides electronic loan application software and they integrate with digital signing service so all forms and applications created within the software are digitally signed you'll also need a DSS account your account is configured based on the signature volume and the identities of your signers that is do you need your employees to sign or just department-level signatures the next question is what are the next steps if you want to start using DSS so this depends on whether you're using a signing application that we have already integrated with like Adobe sign or if you have your own application that you'd like to add digital signatures to if you're using an existing integration you need an account with the signing application and an account with us if you have your own application and want to integrate DSS we can share the API documentation and more information about getting this going either way give us a call and we'll get you started on the right path and the last question is do digital signatures comply with AI des so Global sign offers a full range of digital signing solutions meeting their requirements for advanced signatures under AI des and we're currently finishing up our audit to be a qualified trust service provider in the coming months and that's it thanks so much for checking out this webcast on global signs digital signing service if you have any questions or want to get started check out our website at thank you for watching for more global signed videos on identity cybersecurity and PKI please follow one of the links on your screen to keep up to date with the latest content please don't forget to subscribe to our Channel you