Making your enterprise Digital Signature ready

In digital signature by Lino Aravindan

digital-signature-paperless

What is a digital signature?

A digital signature—a type of electronic signature—is a mathematical algorithm routinely used to validate the authenticity and integrity of a message (e.g., an email, a credit card transaction, or a digital document). Digital signatures create a virtual fingerprint that is unique to a person or entity and are used to identify users and protect information in digital messages or documents. In emails, the email content itself becomes part of the digital signature. Digital signatures are significantly more secure than other forms of electronic signatures.

Digital signatures increase the transparency of online interactions and develop trust between customers, business partners, and vendors

What is digital signature certificate and issuing authorities?

Digital Signature Certificates (DSC) are the digital equivalent (that is electronic format) of physical or paper certificates. Few Examples of physical certificates are drivers’ licenses, passports or membership cards. Certificates serve as proof of identity of an individual for a certain purpose; for example, a driver’s license identifies someone who can legally drive in a particular country. Likewise, a digital certificate can be presented electronically to prove one’s identity, to access information or services on the Internet or to sign certain documents digitally.

Certificate authority (CA) – A CA is a trusted third party that validates a person’s identity and either generates a public/private key pair on their behalf or associates an existing public key provided by the person to that person. Once a CA validates someone’s identity, they issue a digital certificate that is digitally signed by the CA. The digital certificate can then be used to verify a person associated with a public key when requested.

The different types of Digital Signature Certificates are:
  1. Class 2: Here, the identity of a person is verified against a trusted, pre-verified database.
  2. Class 3: This is the highest level where the person needs to present himself or herself in front of a Registration Authority (RA) and prove his/ her identity.

The Certifying Authorities are authorized to issue a Digital Signature Certificate with a validity of one or two years.

What are the application and documents for digital signature?

Individuals and entities who are required to get their accounts audited have to file their income tax return compulsorily using a digital signature. Furthermore, the Ministry of Corporate Affairs has made it mandatory for companies to file all reports, applications, and forms using a digital signature only

Physical documents are signed manually, similarly, electronic documents, for example e-forms are required to be signed digitally using a Digital Signature Certificate.

Legality of digital signature
  • Indian law has recognized electronic signatures, or e-signatures, under the Information Technology Act, 2000 (IT Act) for over 18 years. With its increased emphasis on improving the ease of doing business; streamlining the storage of records; and improving the safety, security, and cost-effectiveness of records, the Government of India has promoted the use of digital technologies by Indian citizens and corporations. As a result, there has been a recent increase in the use of e-signatures, with more and more services using them.

The IT Act treats electronic signatures recognized under it as equivalent to physical signatures, subject to a few exceptions. It also generally allows documents to be signed using any form of e-signatures. However, an e-signature must satisfy a number of conditions, and certain checks must be done before it can be relied upon.

The IT Act broadly provides for the enforcement of electronic signatures and recognises two types of electronic signature as having the same legal status as handwritten signatures. This lets companies choose the method best suited to their unique requirements. The methods specifically recognised under the IT Act are:

  • Electronic signatures that combine an Aadhaar identity number with an electronic Know-Your-Customer (eKYC) method (such as a one-time passcode). This method is known as the eSign online electronic signature service.
  • Digital signatures that are generated by an “asymmetric crypto-system and hash function.” In this scenario, a signer is typically issued a long term (1- to 2-year) certificate-based digital ID stored on USB token, which is used—along with a personal PIN—to sign a document.
    For the two types of e-signatures to be valid under Indian law, they must satisfy these additional conditions (Reliability Conditions):
  • E-signatures must be unique to the signatory (they must be uniquely linked to the person signing the document and no other person). This condition is met with a certificate-based digital ID.
  • At the time of signing, the signatory must have control over the data used to generate the e-signature (for example, by directly affixing the e-signature to the document).
  • Any alteration to the affixed e-signature, or the document to which the signature is affixed, must be detectable (for example, by encrypting the document with a tamper evident seal).
  • There should be audit trail of steps taken during the signing process.
  • Signer certificates must be issued by a Certifying Authority (CA) recognised by the Controller of Certifying Authorities appointed under the IT Act. Only a CA licensed by the Controller of Certifying Authorities can issue e-signature or digital signature certificates. View a list of licensed Certifying Authorities.

If each of the Reliability Conditions is satisfied, then there is a legal presumption in favour of the validity of any document signed using an electronic signature

Government use of e-signatures.

Government authorities such as the Ministry of Corporate Affairs, Department of Revenue, and Ministry of Finance accept electronic records authenticated using digital signatures. In the case of e-filing with the Ministry of Corporate Affairs, income tax and GST (goods and service tax) filings, digital signatures are the preferred mode of execution.

The Reserve Bank of India (RBI) has allowed small finance banks and payment banks to rely on electronic authentication for confirmation of the terms and conditions of the banking relationship. The RBI also allowed a one-time PIN (OTP) based eKYC process for onboarding customers by all regulated entities, subject to certain conditions. These examples indicate the shift towards the use of e-signatures.

Where electronic signatures cannot be used

The following documents cannot be electronically signed and must be executed using traditional “wet” signatures in order to be legally enforceable:

  • Negotiable instruments such as a promissory note or a bill of exchange other than a cheque
  • Powers of attorney
  • Trust deeds
  • Wills and any other testamentary disposition
  • Real estate contracts such as leases or sale agreements
Other considerations when signing electronically.

Requirement to stamp.

In India, certain documents must be stamped before or at the time of execution. Currently, no law in India prescribes a method for stamping electronic documents.

Some states such as Maharashtra, Karnataka, and Delhi specifically extend the requirement for stamping to electronic records. Companies should always confirm with their internal legal team whether a document needs to be stamped before signing and executing the document electronically. If a document is signed and executed electronically and is required to be stamped, then the company should ensure that a physical copy of the document is prepared and stamped. If a document is not properly stamped, then in some circumstances, financial penalties may be imposed. Some states penalise deliberate non-stamping of documents with imprisonment and/or fine (although these provisions are rarely enforced). If a document is not properly stamped, then in some circumstances financial penalties may be imposed. Some states penalise deliberate non-stamping of documents with imprisonment and/or fine (although these provisions are rarely enforced).

Summary

The Government of India’s Digital India initiative focuses on digital infrastructure and aims to transform India into a paperless economy. In the past few years, the government’s initiative to promote a digitised economy has resulted in a widespread acceptance of electronic records and electronically signed documents by government authorities.
For organisations implementing e-signatures, it is recommended that only electronic and digital signatures as recognised by the IT Act be used to avoid any risks, such as admissibility and enforceability of documents or contracts signed electronically, before the authorities.

Importance of digital signature integration with business application like SAP

Reasons to use digital signatures for SAP®

Efficiency, higher security, cost-effective & Customer relationship
When an organisation has to deal with a large number of documents, the validation and sign-off can be a time-consuming process. With various stakeholders, departments and perspectives involved, the approval step can prove to be a bottleneck that delays productivity and getting things done

Companies that use document management systems and file repositories often have to create, store and approve hundreds of documents on a weekly basis. Often, approval is completed upon the sign-off from the relevant validator to complete the process. However, physical signatures require that digital documents are printed before being approved and signed-off, adding a time-consuming activity that could result in lost files or damaged documents.

Digital signatures are the solution to this bottleneck. They speed up the approval process, pave the way for a paperless future and help your organisation become more productive, especially when dealing with extensive document management solutions like SAP.

Digital signatures have digital encryption and audit trails to help keep your signatures secure, protect your company against fraud and keep your data safe.

With remote working and enforced social distancing, businesses have had to adapt from all industries. It is far more convenient and easier for customers to digitally sign deals, contracts, and other important documents than printing, scanning, and returning. In a market where customers are becoming ever more valuable, enhancing customer experience is essential to retention and business continuity.

A digital signature does not require your customers to download or install anything. They can simply approve documents from anywhere with an internet connection, simplifying the process of doing business with your company.

OptiSign:

Here is why IVL, with rich experience and gain domain expertise in SAP and Cloud helps address digital signature automation with its class leading solutions for the enterprises .Offering a variety of options which will suite industry needs based on customer enquiries in our data base.
Below are solutions on offer:

  • SAP Server Model (API based integration with Windows server hosted on premise or Cloud)
  • Web UI Model (Windows server based solution enabled with URL (can be opened via Web browser)
  • SAP Server side solution with ADS (Adobe document services)
  • Client Model (Individual PC/Laptop solution)

Here are some of the key features and benefits of our digital signature solution:

  • Add-on solution once implemented will serve digital signature automation on a long run.
  • Adaptability of solution on any ERP platforms (min ECC EHP 5 and above) hosted on premises or cloud
  • One time installation, No additional Licence required for user and signatory addition in solution.
  • No impact on existing formats or layout sets in existing prints used in Business.
  • Compatible with all DSC types (Class2, Class3, Document signer certificates) individual, organizational from recognised Certifying Authorities (CA’s).
  • HSM cloud integration supported for Class3 DSC
  • Complies with Indian IT ACT 2000.
  • Easily integrated with existing business scenarios on document attachments using DMS.
  • External portal integration ready ( FTP services to be enabled )
  • Jurisdictions covered

Share this Post

About the Author

Lino Aravindan

Having 17 years of experience in IT Service industry performing various roles in project delivery and consulting. Experienced in handling presales activities and handling large deals successfully. Pre-Sales support for solution architecture, Bid Management, Proposal Preparation and estimation of SAP solutions in small to large scale environments. With proven experience overseeing all aspects in public/hybrid/cloud solutions Having a track record of identifying business opportunities and driving profitable success, outstanding relationship-building skills and ability to develop strong working partnerships.