Digital Signatures with AlphaTrust e-Sign
An electronic signature is a legal concept for using an electronic symbol to represent a person’s volitional consent to be bound to the terms of a document. What you must achieve with any business process that requires an enforceable document is to obtain a legally valid electronic signature for that document using the proper processes. This is what AlphaTrust e-Sign™ is designed to do.
A digital signature, on the other hand, is a technical security concept for a data integrity process using cryptographic data hashing and encryption. Simply applying a digital signature process to the data of a document will generally not result in an enforceable electronic signature. Digital signatures are a very important security tool, and AlphaTrust e-Sign™ uses digital signature technology in its electronic signature processes via a cryptographic key set. AlphaTrust e-Sign™ uses its own private signature key to digitally sign (seal) documents and that key's matching digital certificate to verify the signed documents.
A digital signature is computed for the document (the information displayed to the signer), and the signer’s private key is used to digitally seal the document as they viewed it. Normally, signers do not possess a Public Key Infrastructure (PKI)-based digital signature key and digital certificate. In this case, AlphaTrust e-Sign™ uses its key and certificate to seal the document. The AlphaTrust e-Sign™ transaction can optionally be configured to use the private key on the signer’s computer (software-based or smart card-based keys are supported). A PKI digital signature keyset (digital certificate plus private key) is supplied with each instance of the software. A client may elect to use a keyset issued from any PKI system if preferred. AlphaTrust e-Sign™ supports standard X.509v3 digital certificates with strong public keys. Cryptographic digital signing operations involve hashing the data to be signed (usually the bytes of a PDF document) using a SHA-256 hash algorithm. The hash is then encrypted by means of an RSA or Elliptic Curve algorithm using the private key of the public-private keyset assigned to the software instance. This signed data blob is then stored as an artifact of the transaction so that it may later be used to verify the authenticity (data integrity) of the document by means of a standard digital signature verification process using the public key contained within the digital certificate associated with the public key of the public-private keyset assigned to the software instance.
Electronic Signatures
Creating enforceable electronic transactions is a major long-term initiative for most enterprise and governmental organizations. Except for a few specialized markets, most critical business transactions are still documented on paper today. The credit/debit card industry has created a method for enforceable electronic transactions using electronic networks over the last 25 years. It is effective for small-value purchases. Electronic Data Interchange (EDI) exists in certain vertical markets among large enterprises.
Web Services API
The AlphaTrust e-Sign™ Web Services API is the recommended interface for all integration and development activity. Web Services in AlphaTrust e-Sign™ have been implemented using Windows Communication Foundation (WCF), which can support more than Web-based (HTTP-based) protocols. AlphaTrust e-Sign™ supports both the WSI-Basic Profile (also known as "classic" web services, SOAP 1.1) and a profile supporting WS-* services (SOAP 1.2). To see just how flexible our API is, view our detailed API Documentation.