According to the Code of Federal Regulation, electronic signatures are defined as a computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual's handwritten signature. A specific type of electronic signature is digital signatures. Digital signatures are defined as an electronic signature based upon cryptographic methods of originator authentication, computed by using a set of rules and a set of parameters such that the identity of the signer and the integrity of the data can be verified.
An entity such as a computer user can be assigned a unique digital signature. This digital signature is composed of a public key, a private key, and a digital certificate. As their names suggest, the public key should be shared amongst users who wish to carry out transactions amongst themselves, while the private key should be only known by its user. The digital certificate is used within a public-key infrastructure to allow a third-party certificate authority to verify that the digital certificate is correctly associated with that particular public key.
If a user is assigned a digital ID, and if that digital ID is composed of a unique public and private key, then that user is associated with a unique public and private key. As public keys are shared amongst a group of users, someone’s public key can be used to encrypt a document and their corresponding private key can be used to decrypt that document. Confidentiality and data integrity of the sent document can be practically guaranteed assuming if the recipient is the only one who knows their private key. Similarly, someone’s private key can be ‘embedded’ into a document to constitute an electronic signature, and the identity of the electronic signature may be verified by using that user’s public key.
The Michigan Attorney General’s office, in concurrence of the Federal Highway Administration, has issued a decision authorizing the Michigan Department of Transportation (MDOT) to use and accept digital signatures (see BOH IM 2012-02). MDOT currently authorizes the use of PKCS#12 standard for digital signatures. This standard requires the signer to enter their unique password each time they sign a document electronically (see links below). The standard is supported by many software products on MDOT’s personal computers such as Adobe Reader and Microsoft Word.
Proper retention, archiving, and storage of the electronic files must be considered when using digital electronic signatures. MDOT will address the records storage issue through the requirement that all electronically signed documents must be placed in the project directory in the ProjectWise document management program.
MDOT is also working on integration of electronic signatures on portable devices.
MDOT electronic signatures will need to conform to the following style guidelines: Adobe Software digital signature option selections:
- Graphic options shall be:
- “Name” Or “Imported Graphic” (as outlined below)
- Configure text shall be configured as:
- Uncheck the adobe “logo”
- Required to include: (“Name”, “Date”, “Location” and “Reason”)
- Optional “Distinguished Name” (includes job title)
- Optional for “labels”
- “left to right”
You may have multiple digital signature files configured for different purposes. It is even possible to configure a digital signature with an “Imported Graphic” (option noted above) containing an image of your scanned written signature or a scan of a professional license stamp. These are acceptable, but written signature images are not required and non-business related graphics are not acceptable.
Below are some Presentations on how to setup and administer electronic signatures
Adobe Reader(tm) can be used to sign forms which are enabled for electronic signature. The video below provides a demonstration on how to set up and sign a document digitally using Adobe Reader(tm).