Changes

Jump to navigation Jump to search
no edit summary
Line 19: Line 19:  
    
 
    
 
Essentially, an electronic signature (also denoted as “e signature” for short ) can be virtually any form of electronic representation that can be linked or attached to an electronic document or transaction.  Although not intended to represent an exhaustive list, examples of e-signatures include:
 
Essentially, an electronic signature (also denoted as “e signature” for short ) can be virtually any form of electronic representation that can be linked or attached to an electronic document or transaction.  Although not intended to represent an exhaustive list, examples of e-signatures include:
 +
*user authentication combined with a mouse click on some form of acknowledgment button to capture intent (i.e., “click to sign”)
 +
*using a stylus on a tablet touchscreen to write a signature by hand and capture it in electronic form
 +
*a typed name or signature block in an email
 +
*a scanned hand-written signature on an electronic document
 +
*a sound such as a recorded voice command (for example, a verbal confirmation in response to a question)
 +
*a digital signature
 +
*a secure electronic signature
 +
 +
Notice that both digital signatures and secure electronic signatures are considered to be a form of an e-signature. 
 +
 +
In the context of the GC the earliest definitions for digital signature date back over two decades with the introduction of the Payments and Settlements Requisitioning Regulation and the Electronic Payments Regulation.  Both regulations define a digital signature exactly the same as follows: “the result of the transformation of a message by means of a cryptosystem using keys such that a person having the initial message can determine:
 +
*whether the transformation was created using the key that corresponds to the signer’s key, and
 +
*whether the message has been altered since the transformation was made.”
 +
 +
The Canadian Centre for Cyber Security also provides a definition for digital signature in ITSP.40.111:
 +
“a cryptographic transformation of data which provides the service of authentication, data integrity, and signer non-repudiation.”
 +
 +
In essence, a digital signature is a type of e-signature based on asymmetric cryptography.  The signer of the message, document or transaction uses their private signing key to create a digital signature and anyone with access to the signed data and the signer’s public key verification certificate can verify the digital signature
 +
 +
However, not all digital signatures are created equal and some are more reliable or robust than others.  For example, the manner in which a signer’s identity is verified before issuing their public key verification certificate, the type of token used to store the signer’s private signing key, the trustworthiness of the Certification Authority (CA) that issues the public key verification certificate and the digital signature algorithm and key length (among other things) collectively determine the reliability of the digital signature. 
 +
 +
This is where the term “secure electronic signature” comes in.  A secure electronic signature is also a digital signature but with specific characteristics as defined in Part 2 of PIPEDA as follows:
 +
*the electronic signature resulting from the use by a person of the technology or process is unique to the person;
 +
*the use of the technology or process by a person to incorporate, attach or associate the person’s electronic signature to an electronic document is under the sole control of the person;
 +
*the technology or process can be used to identify the person using the technology or process; and
 +
*the electronic signature can be linked with an electronic document in such a way that it can be used to determine whether the electronic document has been changed since the electronic signature was incorporated in, attached to or associated with the electronic document.

Navigation menu

GCwiki