Frequently Asked Questions

Electronic contracting (e-Contracting) simply means contracting in the electronic medium. An e-contracting process basically includes two stages: contract establishment (formation) and contract enactment (contract fulfillment or performance). E-contracting activities such as identifying, checking and validation of contractual parties, negotiation and validation contract, are included in the stage of contract establishment. Contract enactment is further separated into two phases: performance and post-contractual activities. Monitoring of contract performance and compensation activities belongs to the contract performance phase while contract enforcement may be involved in both the contract performance and post-contractual activities.

Benefits of eContracting:

• Protecting contractual partners in electronic environments/ e-commerce.
• Avoiding errors
• Re-using content after closing
• Reducing the time-to-contract
• Reducing process costs and contract management costs
• Providing machine-processible documents
• Minimizing risks in contractual agreements for ad hoc business relationships over public networks such as the Internet.   
  
  

Electronic signature is a broader term that refers to any electronic data that carries the intent of a signature. National legislation worldwide provides for the legal significance and validity of a variety of electronic signatures. Such legislation generally does not impose limitations on the technology used for creating or signing an electronic document. For instance, the Federal Electronic Signatures in Global and National Commerce Act of USA (E-SIGN) passed in 2000 provides that a signature in an electronic agreement can be "an electronic sound, symbol, or process attached to or logically associated with an electronic record and executed or adopted by a person with the intent to sign the electronic record". An electronic signature does not necessarily have to involve the name (handwritten or otherwise) of the signer.
Electronic signing can take several different forms:

1. Click signature: To buy something online, you fill in your personal information, enter a credit card number, and click a button to finalize the purchase. Clicking the button is equivalent to signing the register tape when you use a credit card at a brick-and-mortar store.
2. Typed signature: Some online agreements are executed by having the signer type his or her name into a browser-based form. Alternatively, a typed name in a contract can function as a signature. Like a click signature, a typed signature relies on a simple overt act to indicate the signer's acceptance of the terms of an agreement.
3. Digitized signature: This is what most people think of when they visualize an electronic signature—accepting a package by signing with a stylus on a digitizer strip. A similar process allows someone to sign on a computer screen using a light pen. Another type of digitized signature is created by signing on paper, then scanning the signature into an image file (biometric signature).
4. Digital signature: The most technologically advanced type of electronic signature. A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit (tamper-proof). Digital signatures are commonly used for software distribution, financial transactions, and  in other cases where it is important to detect forgery and tampering.

Digital signature is a subset of electronic signatures. It is the most technologically advanced type of electronic signature. Digital signatures are often used to implement electronic signatures, but not all electronic signatures use digital signatures. A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit (tamper-proof). Digital signatures are commonly used for software distribution, financial transactions, and in other cases where it is important to detect forgery and tampering.

The security and privacy of the data that is being exchanged via Internet, especially when you are sending sensitive information through it, is a major concern.  Among many ways of securing data, encrypting the sensitive data is the most popular and effective way to have data security. Encryption is translation of data into a secret code called a cipher text. Decryption is the process of decoding data that has been encrypted into a secret format - this requires a secret code or password.
Computer encryption uses the science of cryptography. Most of the encryption systems belong to one of following two categories.

1. Symmetric-key encryption: In this technique, a single key is used to encrypt and decrypt the message.

2. Asymmetric or Public-key encryption: This technique uses one key (private key) to encrypt (i.e. lock) a message while another key (public key) to decrypt (i.e. unlock) the message. Public-key encryption uses the combination of a private key and a public key. The private key is kept secret and is only known to the person who encrypts the message, while the public key is freely disseminated which helps to verify the message. To decode an encrypted message, the receiver uses the public key of the sender.

Encryption/Decryption is advisable while carrying out any kind of sensitive transaction, such as a online purchases or the communication of a company sensitive documents between different departments in the organization etc.
Digital signatures employ a type of asymmetric cryptography. For messages sent through an insecure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender.
During the signing, once the user initiates the process, a mathematical code is generated with the help of an algorithm and the digital contents. The code so generated, known as the 'message digest', is unique for each process and content. The individual's private key is now used to encrypt this code. This is termed as the 'Digital Signature'. Since the private key of a person is involved, the 'Digital Signature' is unique to that individual. This establishes the identity of the signer. This signature is then bound to the message and sent along with the document or the transaction. The public key of the individual is also sent.  A "signer" can be either a person or a computer, making this type of signature ideally suited for automated processes.
Though digital signatures use encryption technology, they do not hide anything about a signed document. Instead, they provide a way to validate the identity of a person signing a document, and the contents of the document itself.

Creating a digital signature requires a Digital Certificate, which is issued by an agency called a Certificate Authority (CA). This method of signing also requires a pair of numeric keys. The first is the private key, which is known only to the signer and must be kept absolutely secret for the entire system to work properly. The second key, the public key, is freely available to anyone who wants it, and is part of the public information in the signer's published digital certificate. Because of the mathematical nature of these two keys, only documents that are locked (encrypted) by one key can be unlocked (decrypted) by the other. The final requirement is a digital document, ready to be signed. Digital signature technology capitalizes on the fact that digital documents are (at their lowest level) just numbers, and mathematical operations can be performed on them. One such operation is the hash function by which a document's numerical content is processed in order to create a numeric "fingerprint" of that document. This signer's private key is used to encrypt the document fingerprint, resulting in a digital signature. The digital signature is embedded within the original document, creating a digitally signed document.

Authentication:
Anyone who receives a digitally signed document will want to authenticate it before accepting it as "real". Document validation ensures that a signature was created by the specified signer, and that the document has not been tampered with in any way. The validation process goes as follows:

1. After separating the document and signature, the original document is processed using the hash function. This creates a second document fingerprint.
2. The signer's public key is obtained, either from the certificate authority's online certificate repository or from within the document itself.
3. The public key is used to decrypt the digital signature, releasing the first document fingerprint.
4. The two document fingerprints are electronically compared.
5. If the two fingerprints are not absolutely identical, the document is considered invalid. If they match, then the signature—and the document to which it is attached are proved valid, and the signed document is accepted as legitimate.
   
   

For efficiency concerns, when organizations move away from paper documents and ink signatures or stamps, digital signatures can provide added assurances of the evidence to provenance, identity, and status of an electronic document as well as acknowledging informed consent and approval by a signatory. Digital signatures are equivalent to traditional handwritten signatures in many respects; properly implemented digital signatures are more difficult to forge than the handwritten type.

Authentication: Although messages may often include information about the entity sending a message, that information may not be accurate. Digital signatures can be used to authenticate the source of messages. When ownership of a digital signature secret key is bound to a specific user, a valid signature shows that the message was sent by that user. The importance of high confidence in sender authenticity is especially obvious in a financial context. For example, suppose a bank's branch office sends instructions to the central office requesting a change in the balance of an account. If the central office is not convinced that such a message is truly sent from an authorized source, acting on such a request could be a grave mistake.

Data Integrity: In many scenarios, the sender and receiver of a message may have a need for confidence that the message has not been altered during transmission. Although encryption hides the contents of a message, it may be possible to change an encrypted message without understanding it. (Some encryption algorithms, known as nonmalleable ones, prevent this, but others do not.) However, if a message is digitally signed, any change in the message after signature will invalidate the signature. Furthermore, there is no efficient way to modify a message and its signature to produce a new message with a valid signature, because this is still considered to be computationally infeasible by most cryptographic hash functions.

Non-repudiation: Digital signatures can also provide non-repudiation, meaning that the signer cannot successfully claim s/he did not sign a message, while also claiming their private key remains secret. Further, some non-repudiation schemes offer a time stamp for the digital signature, so that even if the private key is exposed, the signature is valid nonetheless. Digital signature schemes in the sense used here are cryptographically based, and must be implemented properly to be effective.

Digital/ Electronic signatures are mostly used by:

1. Businesses/ organizations with formal approval workflows that involve agreements, contracts, licenses, and other official documents
2. Businesses / Organizations that need to route documents requiring authorizations across multiple offices
3. Businesses/ Organizations employing field sales or service representatives that need to complete and send signed reports or contracts
4. Travelling executives whose signatures are required to execute processes
5. Businesses/ Organizations collaborating with external partners whose approvals are required for workflows
   

To mention a few institutions out of many across the globe:

1. United States Government Printing Office (GPO) publishes electronic versions of the budget, public and private laws, and congressional bills with digital signatures.
2. Universities including Penn State, University of Chicago, and Stanford are publishing electronic student transcripts with digital signatures.
3. PATH – the international non-profit organization that operates 29 offices worldwide with more than 1,000 professionals responding to a spectrum of health needs in more than 70 countries, uses an electronic signature service. PATH has been able to streamlines processes, maximizes agility and accelerates contracting process in more than 70 countries worldwide with the adoption of an electronic signature service.
4. NATIONAL ASSOCIATION of REALTORS®, Headquarters: 430 North Michigan Avenue, Chicago, real estate broker forms are signed in a flash with electronic signatures.
5. SAFE: The SAFE-BioPharma standard is used by large and small organizations to verify and manage digital identities and to apply SAFE-BioPharma digital signatures. Developed by a consortium of biopharmaceutical and related companies with participation from US Food and Drug Administration and European Medicines Agency. Managed by the non-profit SAFE-BioPharma Association.