In 2000, Bill Clinton signed the US Global and National Commerce Act with his digital signature. The president’s gesture signaled his trust in e-signature technology; and the message did not fall on deaf ears. One signature plus a lot of media attention left little doubt about the legal efficacy of digital signatures. The US lent the cause of digital commerce an even more helpful hand, by mandating that all federal agencies accept digital signatures by October of 2003. This mandate effectively forced the modernization of federal administrative infrastructure.
At present, the U.S. government publishes electronic versions of all its integral public communications and documentation, from the national budget to congressional bills; and all these come complete with the appropriate digital signatures. The result is significant administrative cost reduction; and all of the time and money that the feds have saved has, in turn, inspired the rapid adoption of digital alternatives to once endless paper trails in private sector industries.
What is so Important about Digital Signatures?
Signatures have been legal tender for centuries. Before the industrial and technological revolutions, trusted messengers delivered documents sealed with their authors’ unique marks, stamped into colored wax. The wax seal and emblem was an innovation that guaranteed a modicum of privacy and authenticity for remote communication.Kings and princes trusted state secrets and clandestine affairs to the authenticity promised by their own monograms, imprinted into the hot wax that sealed together the loose lips of printed language. Such were the safeguards of highly sensitive communications. Today, we have new and invisible messengers who speed through space and time, then magically reassemble coded and indelible signs of legal consent or rejection. The one constant throughout is the emblem of credibility: the signature, itself. Today, instead of using stamped wax, we communicate in bits and bytes with authenticity.
Figure 1: Possibly a secret missive circa 1884 A.D.
Today, communication is faster and more frequent. One could argue that the information era has proliferated the art of casual communication. When was the last time you read an important and top secret digital message behind closed doors, opening each email carefully and deliberately, your heart beating faster with every PDF attachment? All fun aside, there are some documents that must be assuredly safe and honestly sourced, authored, and approved. This need gave rise to our [modern] innovation for safe communication: the digital signature.
How Digital Signatures Work:
Digital signatures are based on asymmetric cryptography. The tool works by generating two keys a public key, which is guarded by the recipient of a document, and a private key, accessible only by the author, or sender. Both public and private keys are linked with a unique algorithm to input and then convert the document into a code, called a hash. The hash passes through the private key and to become encrypted hash. The encrypted hash can only be decrypted using its own public key, and once decrypted, it is compared, again, to the original as a final layer of to verify authenticity. If the hashes do not match, the file is deemed unauthentic and is either deleted or quarantined.
Figure 2 Digital Signature workflow
Digitization & Healthcare:
Digital signatures are of special value in regulated industries. The technology is also invaluable for reducing paper and saving natural resources, including time and energy spent on back-and-forth approval cycles and obtaining legal sign-offs. Electronic healthcare systems (EHS) enable automation for document, print, and mail service providers signing and approval processes, as well, thus serving as the solution for one of the longest links in a traditional regulated document workflow. In effect, the e-signature technology we use, today, has helped solve some of the customer communication hurdles to help speed up time to market, and offer user authentication for compliance.
The Department of Health and Human Services proposed rules for the use of electronic signatures in healthcare organizations. The Health Insurance Portability and Accountability Act (HIPAA) governs electronic communications, and requires documented:
- Message integrity
- User authentication
The beauty is, HIPAA compliance is built into the process embedded in digital signature technology.