How to verify the authenticity of an electronic signature

It may be the case that you have in front of you a very important document that has been signed electronically, and you may wonder ”Is this a real signature? Should I trust this? ” There are several ways to ensure the authenticity of an electronic signature. Let’s talk about them.

The electronic signature has become an increasingly used tool, as its contributions in efficiency and mobility are great incentives for users.

However, as to their types, usage and legal validity of e-signatures still creates confusion among the general public. These doubts must be cleared up for this identification method to be more widely used.

One of the main questions raised by both individuals and entities when dealing with an electronically signed document is ensuring its authenticity.

To answer this important question, both institutions and companies in which digital signatures are a key part of their business activity have developed methods to verify the authenticity of their e-signatures. In this article we talk about them.

What are the requirements for an electronic signature? 

To find out exactly what is required to determine whether an electronic signature is 100% authentic, first of all we must review in depth the concept of electronic signatures, as well as the different types of signatures conformed in both Spanish and European laws.

The definition and everything related to the concept of electronic signatures is common to all member states of the European Union thanks to Regulation 910/2014/EC on electronic identification and trusted services, known as eIDAS Regulation.

The definition of e-signature according to eIDAS: ‘’[…] electronic form which is attached to or logically associated with other data in electronic form and used by the signatory to sign’’.

There are three types of electronic signatures:

  • Simple e-signature: Designed above
  • Advanced electronic signature:

– It is uniquely linked to the signatory

– Is capable of identifying the signatory;

– It is created using electronic signature creation data that the signatory can use , with a high level of confidence, under his sole control; and

– It is linked to the data signed therewith in such a way that any subsequent change in the data is detectable.

  • Qualified Electronic Signature: means an advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures

Although these three types of electronic signatures are valid if we were to face litigation, the qualified signature provides the highest level of admissibility in the EU courts and has the equivalent legal effect of a handwritten signature.

Evidences to ensure validity of an electronic signature

When we generate an electronic signature we can collect evidence that can be very useful to verify its authenticity. We have just discussed on the levels of admissibility for each type of electronic signature, and the evidence attached to these electronic signatures are:

  • Timestamp
  • Location
  • One-Time-Password (OTP)
  • Pictures
  • Utterance and video
  • Checks

Let’s now define each feature.

Timestamp

Time stamping allows a trusted third party (Timestamp Service Provider) to claim that a document has been electronically signed at a specific date and time that were set by state protocols. 

Timestamps make it easier to determine whether a document has been altered after signing, which makes them a powerful piece of evidence in the event of a legal dispute.

Timestamps are very useful to prevent fraudulent commercial transactions, increasing the level of trust of participants and therefore stimulating the overall business.

In addition, they are also very useful for merchandise distribution, fostering open data, as well as to prevent tax evasion, late payments and plagiarism.

Location

It is of equal importance to know exactly when and where the document was signed.

The location of the e-signature is another feature of Viafirma solutions and very useful in industries, especially those in which people in charge of collecting signatures are always on the move. 

Clear examples are carriers, deliverers or healthcare professionals who may need the patient to sign an informed consent form. In these cases we would normally use the biometric signature via tablet, iPad or a device specially designed for this purpose.

One-Time-Password SMS/ Email

This OTP is used at the time of signing. This code will previously be sent to the device or email of the person who signs via SMS.

Pictures

By pictures we mean photos of the signatory using the camera of the device. The solutions offered by Viafirma can show the movement, blinking or smiling of the person. In ‘’options’’ we can define the image quality and scale.

In addition, our software prevents counterfeiting in the event of scanning a printed photo or a screen that displays the image of the signatory.

Utterance and video

Another option to uniquely identify the signatory is via utterance or video.

Viafirma started offering this type of evidence since summer 2019. To record the application will request to read a text out loud and, in case a video is included, me must look at the device’s camera while recording it.

Checks

These allow the user to agree to specific clauses that can be defined in the document. This is very useful in the case of dealing with critical and highly sensitive information.

How to check the validity of an electronic signature? 

The availability of multiple options to electronically sign a document means that the validation processes for these signatures differ depending on the type of electronic signature involved. We will describe the most common methods of verification.

 Signing with digital certificate

To ensure the authenticity of an electronic signature with a digital certificate, the signature must go through a validation process. To validate a signature, the following 3 steps must be fulfilled:

  1. Verifying the identity of the signatory.
  2. Verification of the integrity of the signed document, i.e. that it has not been modified after the signature has taken place.
  3. Verification of the term of validity of the certificate used.

Validating an electronic signature in a PDF file

Software solutions such as Adobe Reader allow users to check the status of an electronic signature in terms of validation, verifying its integrity as well as ensuring that the certificate has been issued by a trusted entity.

In case of signing using Viafirma, at the bottom of the document there will be a box with the date, time, a web address and a QR code that will lead us to a site with the details of the signature.

If we wish to analyze in depth the properties of the digital certificate that was used for signing, we can click on the “Signature Panel” button. Here you will find information on whether the certificate used is valid, time of signing, term of validity of the certificate, etc.

In some cases, Adobe Reader may not trust the entity that issued the certificate for signing. To solve this problem, this software allows us to add Trust Service Providers (TSP) to our list so that the signature can then be validated successfully.

Tools to validate certificates

In order validate the certificate used for signing, regardless if it is a qualified certificate, it may be necessary to use a certificate validation platform, which is simply a computer system provided by a Trusted Service Provider, an entity responsible for: 

  • Issuing certificates
  • Revoking certificates
  • Publishing the list of revoked certificates
  • Publishing certificate validation services

In the case of qualified certificates, the issuing entity is called Qualified Trust Service Provider (QTSP). In some cases, each public entity may have an electronic signature verification system, such as the Social Security’s own certificate and signature verification Service.

Moreover, the Spanish Government has also made available to the public the VALIDe tool which enables us to carry out the following operations:

  • To validate a digital certificate.
  • To digitally sign with a certificate.
  • Verifying the validity of a document signed electronically.
  • To obtain reports on information of the electronic signature of a document.
  • Validating URLs of a specific website by checking its certificates. 

Once we verify a digital certificate through VALIDe, we can get 3 possible results:

  • Valid: the signature meets all the established requirements.
  • Expired: the certificate must be renewed or request a new one.
  • Revoked: the digital certificate is not valid, appearing in the certificate revocation list for security reasons. In these cases it will be necessary to request a new certificate.

Signing with OTP SMS or via email

The signature using an OTP (One Time Password) code meets advanced electronic signatures standards. Once this code has been entered, a certificate and timestamp will be added for the signature to be completed, as well as in the case of a biometric signature.

Viafirma solutions, besides the electronic data set included in the document once it is signed, allows us to verify graphically that the document has been signed with an OTP code by checking the stamp and a text (where the signatory’s phone number or email address are displayed) which are added at the bottom of the document.

Another way to validate this is by checking the dataset embedded in the signature (XML file) of the signed document, showing information such as:

  • Time and date of the signature
  • Geolocation: Exact coordinates where the process has been formalized
  • Device used for signing
  • Phone number and email address of the person who was signed

Biometric signature

When we biometrically collect the signature of a user via devices such as iPads or tablets used for signing, we are not just collecting the stroke.

For an electronic signature to be considered biometric and advanced, it must include features such as stroke speed, pressure, inclination, etc.

Once collected this data, the signature is completed once the certificate and timestamp is added, displaying when exactly the document was signed. 

By now you will have realized that the world of digital signatures can seem complex and requires a strong basis of legal and technological knowledge. Therefore, in order to streamline these business processes and make them available to as many people as possible, Viafirma works to provide you with efficient and user-friendly signature solutions.

Tools through which we will be able to create and manage fully secured and legal electronic signatures, as well as simplifying the day-to-day activities of companies, workers and citizens.

The free online CSS code beautifier takes care of your dirty code and strips every unwanted mess. Go to the CSS Cleaner to get started.