What makes an electronic signature legally binding?
To conform with global contract law, a signature, whether electronic or on paper, must fulfil three key requirements. If someone challenges the validity of a signed document, you must be able to show evidence of: the signing party’s intent to enter into a binding agreement, the signing party’s identity and the document’s integrity, i.e., that it has not been altered.
This third requirement, document integrity, is why you need a digital signature.
Document integrity
For both paper and digital documents, integrity protection is a key requirement. You can retain a paper original, but anyone could easily manipulate an electronic document and claim it’s the original. This makes the integrity aspect even more important when you use electronic signatures.
Document integrity means that in the event of a dispute, you can prove that:
- no one has altered the original document
- the document you’re presenting isn’t a forgery
To ensure integrity, as soon as a document is electronically signed, Scrive seals it with a digital signature in partnership with our supplier Guardtime. Guardtime uses a method called Keyless Signature Infrastructure (KSI), which uses blockchain technology. Once a document has been sealed with KSI, you can verify its integrity immediately, a year later, even decades later.
Keyless security
Scrive has chosen KSI rather than PKI (Public Key Infrastructure), which is the most common method. PKI works on the model of a trusted party that issues certificates and keys to par
ties who want to protect the integrity of their documents. The issued keys and certificates are used to seal documents. These keys and certificates can be traced back to the trusted party, and trustworthiness is assigned to that party. This is a well-known and relatively straightforward way of sealing documents.
A notable disadvantage of PKI is that the seal becomes more vulnerable to forgery over time, as the possibility increases that someone could mathematically break the seal. As an analogy, a thief trying to break into someone’s bank account using their ATM card would have an increasing chance of success if the ATM didn’t limit them to three attempts to guess the 4-digit PIN.
KSI is not based on certificates and keys, hence keyless, and doesn’t rely on third parties. And unlike PKI, KSI seals become stronger over time because KSI is based on blockchain technology. With KSI, a unique fingerprint of each document is generated and then published in a way that allows you to verify with absolute certainty that your document:
- has not been altered in any way
- was created on the same date and at the exact time indicated on the document.
For a deeper dive into how Scrive secures document integrity, visit the Trust Center.