eSignatures Go Keyless in the Cloud

Tuesday, October 02, 2012

Victor Cruz


It has been 12 years since the United States passed a law to facilitate the use of electronic records and electronic signatures. Called the Electronic Signatures in Global and National Commerce Act (ESIGN), its general intent in black and white is quoted in the very first section of the legislation; that a contract or signature “may not be denied legal effect, validity, or enforceability solely because it is in electronic form.”

eSignatures save a lot of waste. No need to get into a car and drive paper documents to your attorney’s office for a real estate contract or to a bank to settle a mortgage application.

And it’s not too often you hear about a business partnership that seems custom made for the marriage altar, but these two companies fell for each other on first sight.

One has a mission to ensure the authenticity and integrity of digital data wherever it may reside. The other aims to give legal documents a signing authority.

A Swedish start-up called Scrive  offers their eSignature service that can produce electronic documents that are provable until the end of time. While Guardtime with operations in Estonia, Singapore and California, has patent-pending “Keyless Signature” technology that gives any kind of data proof of origin and that not a single bit has changed since a specific point in time.

Both companies share a common vector: securing the long-term independent non-repudiation of signed electronic documents.

Says Lukas Duzcko, CEO of Scrive, “Guardtime Keyless Signature integration is key to making Scrive the only eSignature solution in the world that can provide contracts that are enforceable and independent from the existence of Scrive or any other third party.”

Scrive is using Guardtime’s API for integrating the Keyless Signature service with its e-signing service, so that every PDF generated by the system becomes tamper-evident on its own, independently from the Scrive’s platform.

Since Keyless Signatures never expire, the tamper-evidence stays with the signed electronic contract for its entire lifetime.

Case in point is Avanza Bank. When Scrive was asked to produce a bullet-proof e-signing service, the bank asked that many conditions be met:

  • Electronically signed contracts were required to maintain its non-repudiation properties throughout the entire agreement lifecycle, often 10 years or more.
  • The evidence for contract integrity needed to be independently verifiable by Avanza Bank and its customers with no third-party involvement.
  • Service needed to be integrated with existing e-signing platform and customized for Avanza Bank’s needs in less than one month.

After researching various PKI-based solutions for data integrity for several years, Scrive teamed up with Guardtime as the only option that could fulfill these stringent requirements for Avanza Bank.

"We have experienced an explosive growth in demand for dematerialization solutions all across the globe,“ says Mike Gault, Guardtime CEO.  “Scrive's e-signing platform for Avanza Bank is another great example of this trend and we're happy to be part of it by securing long-term independent non-repudiation for signed electronic documents."

Possibly Related Articles:
Cloud Security Security Awareness
Information Security
Authentication Cloud Security Digital Signature ESIGN eSignature
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.