Business

Digital Signatures Across Time

by Conor Smith | December 5, 2017

Digital Signatures have come a long way from even a decade ago. In 1977 Ronald Rivest, Adi Shamir and Len Adleman invented the RSA algorithm, which was the first algorithm that was used to produce an early version of a digital signature. Then, in 1994, the US government made the Digital Signature Standards (DSS), introduced by the US National Security Agency (NSA), the standard for electronic document authentication. For the first time, digital signatures became a commonly accepted method of signing. Fast forward to 1999 and embedding digital signatures in PDF documents was added to PDF formats, making PDF inviting to big corporate players across the globe. The following year, in 2000, the Electronic Signatures in Global and National Commerce Act (ESIGN Act) made digital signatures legally binding to use in documents, making PDF technology all the more interesting to companies anywhere in the world. And finally, in 2008, there was a huge historical event that changed the history of PDF technology for the better — The International Organization for Standardization (ISO) introduced the PDF file format as an open standard including digital signatures as a core function to the format. This standard is known as ISO 32000-1. So much has happened in the space of 40 years that it may be hard to keep up with standards, so we have decided to summarise the most important digital signature standards around the world for you.

ESIGN ACT (2000)

Enacted on June 30th 2000, the Electronic Signatures in Global and National Commerce Act (ESIGN) is a federal law passed in the US to facilitate the use of electronic records and electronic signatures in the US and abroad by ensuring the legal validity of electronic contracts. The main aim of the law was to elevate electronic contracts and signatures to the same legal standing as paper documents with the advantage that electronic authenticity would be seen as just as valid as the paper equivalent. The outcome of this act was that digital signatures became more trustworthy and technology was seen as the future of business. With the act came increased use of digital signatures in retail and insurance, moving to banking and the financial industry sometime later.

ISO 32000-1 (2008)

ISO 32000-1:2008 is the industry standard for PDF across the world. It outlines the ways in which PDFs can be created, viewed and interacted with by a user or the environment in which they are present. The standards are created for PDF software developers who need to create industry standard PDF documents to be used in a corporate setting, or onsale to the general public. Among the features outlined in the standards, digital signatures played a big part. The standards outlines what PDF documents must have to be up to the industry stand and this includes, for example, the ability to provide digital signatures in PDF forms. Before 2008 there were no standards for creating PDF documents so Adobe decided, along with the ISO, to create this standard that PDF technology companies could benchmark their technology against. This meant that the industry standards were housed in one place and available to view by anyone who needed them With the industry standards set, it is important to find a PDF provider that is ISO 32000-1 compliant. These standards make it easy for customers to known what to expect from a provider and can become the outline for a PDF integration project in your company.

PAdES (2009)

PAdES stands for PDF Advanced Electronic Signatures and introduces a number of adaptations and extensions to PDF which will be included in the next release of the PDF standard, ISO 32000-2. In it, it states that all signatures must be uniquely linked to the signatory, and that signatures must be capable of identifying the signatory. There are many reasons why PAdES came about, one being the ever changing landscape of PDF and digital signature technologies. Through using PAdES electronically signed documents can remain valid for long periods, even if underlying cryptographic algorithms are broken. Due to the fact that digitally signed documents can be archived for years, despite technological advances it must be possible to authenticate the signature. This is known as long-term validation. If a company has been doing business for many years and needs to archive documents to free up server space, they are safe in the knowledge that the documents cannot be altered in anyway during the time they are archived without them knowing about it.

European eIDAS (2014)

eIDAS, or electronic Identification, Authentication and Trust Services, oversees electronic identification and trust services for electronic transactions in the European Union’s internal market. It regulates electronic signatures, and the likes, to provide a safe way for users to conduct business online like electronic banking or transactions. Instead of relying on traditional methods, such as mail, post, or face to face submissions, customers can now perform electronic transactions across borders within the EU. eIDAS has created standards for which electronic signatures enable electronic transactions with the same legal standing as transactions performed on paper. EU member states are required to recognize electronic signatures that meet the standards of eIDAS. With the increased security of digital signatures due to this regulation, e-commerce websites and financial institutions can do business with clients across the world without causing disruptions or providing brick and mortar stores for clients to do business with.

Conclusion

Digital signatures are a huge area at the moment, with countries passing laws and regulations ensure that they are safe to use for businesses around the world. With every passing year, electronic authorization is becoming a more common way to do business and this can only be a good thing for organizations. Companies can move away from brick and mortar stores and start working on improving customer service and other parts of the business. What is clear from all the outlined regulations above is that digital signatures are set to grow in the coming years with more emphasis on elevating them to the same level as their paper equivalents. Foxit understands the importance of digital signatures for all of our customers and that is why we provide a module that provides all the right functionality for all industries. These features include Digital and Hand Signature Tools, timestamps, security certificates, and much more. Sign up for a free trial of our Foxit PDF SDK or MobilePDF SDK and see how our PDF Technology can keep your organization ahead of the competition.