Signing Up: Digital Signatures Mature Through Industry Collaboration
by Dan Puterbaugh
posted on 06-27-2016
Business, both large and small, is increasingly conducted on a global scale. Whether it’s sourcing from another part of the world – for cost concerns or product variety – or selling across the globe for similar reasons, globalization has presented new challenges and opportunities. While one may be able to discover new distribution channels or vendors in remote countries, it’s always difficult to establish trusted business relationships when in-person visits are impractical or unwarranted.
The Digital Signature Divide
In the same way that your house has good locks but Fort Knox has better, a digital signature is the most advanced and secure type of electronic signature and is typically reserved for more sensitive agreements, where signer identification is critical.
Digital signatures differ from electronic signatures in several ways. They require the use of a digital ID issued by a trusted certificate provider, which often requires an in person visit to the provider itself. That can be a real inconvenience in the midst of a high-pressure work day. The digital ID is an encrypted string of characters stored on a secure device, such as a smart card or USB drive, which plugs into a computer loaded with special software. The software is often difficult to use on a desktop or laptop and impossible to use on a tablet or phone without the proper ports for a card or USB. This setup is not only a cumbersome experience for the user but is completely reliant on the desktop in a world populated by an increasingly mobile workforce.
However, these inconveniences are growing pains. With the establishment of new laws and the increase in demand from the commercial sector, the motivation to streamline and improve the digital signature experience is strong.
Legislation Drives Innovation
US-based organizations doing business in their home country have had the ESIGN Act to protect digitally-signed agreements, but trading in the European Union hasn’t been so straightforward. Each member state has had its own set of laws and regulations, and trading partners had to be knowledgeable about each one. Even the largest enterprises with the biggest and best legal departments have struggled to keep up with so many sets of rules, while small companies simply found the situation impossible. The digital signature laws were intended to protect, but in practice they were adding layers of risk for businesses trying to expand into new markets.
Now, the European Commission has responded with a new Regulation on Electronic Identification and Trust Services (eIDAS). On July 1st, a rigorous new requirement for secure signatures will become law throughout the EU. The EC’s purpose is to smooth the way for the single digital market, but there is still some technical work to be done before every company user can sign securely on every device.
A Common Purpose
In order to simplify compliance with this new regulation, Adobe and twelve other industry-leading organizations have formed the Cloud Signature Consortium to build a new open standard for cloud-based digital signatures.
Adobe has a long history of supporting open standards, most notably by making the PDF specification open and available to all through ISO, and we’re aiming to follow that same path for cloud-based digital signatures. Today, most digital signature solutions are based on proprietary technology that limits the choice of trusted certificate providers. This prevents developers of mobile apps and other technologies from building tools that increase the reach of digital signatures across different platforms and applications.
This new open standard for cloud-based digital signatures will allow anyone to digitally sign documents from anywhere and on any device – such as applying for a business license, government benefits, or signing for a large loan.
Pioneers of Innovation
Comprised of industry and academic leaders, the consortium is initially focusing on the EU. However, the consortium’s work is expected to impact all countries as the need for secure digital signatures grows. The new standard specifications are planned for the end of 2016, with the first cloud-based implementations to follow shortly after.
Currently, there are 13 organizations participating in the Adobe-led effort, but additional cloud-based digital signature providers, trust services providers, academics, and standards and security focused organizations are encouraged to join the consortium.
|Initial Membership of Cloud Signature Consortium|
|Adobe – GlobalAsseco Data Systems – PolandBundesdruckerei / D-Trust – GermanyCryptolog / Universign – FranceDocapost / Certinomis – FranceInfoCert – ItalyIntarsys Consulting – Germany||Intesi Group – ItalyIzenpe – SpainSafelayer – SpainSwissSign – SwitzerlandGraz University of Technology – AustriaUnibridge – Norway|
Building the Future
Adobe has always been committed to open standards – it’s in our DNA. We led industry-wide efforts to turn PDF into an open standard, and today it’s the leading format for billions of critical business transactions every year, around the globe. We also contributed to the first digital signature standard, but now it’s time for an update. Because we know that success depends on technical depth and industry alignment, we’ve brought together a broad consortium of companies and experts from a range of disciplines to make digital signatures as ubiquitous as PDFs.
This open standard effort for cloud-based digital signatures will drive the industry forward by greatly improving the user experience and ultimately streamlining business. We can’t wait to see what the future holds!