OL Learn

COTG signature element - does it meet Gov'ts Secure Digital Signature compliance requirements


#1

When you capture a signature into COTG, does this meet the Canadian Gov’ts Secure Digital Signature compliance requirements?
as compared to a service such as DocuSign or other signing services

Thank you


#2

I’ll preface this by saying that I’m not a lawyer, nor am I an expert on digital signatures…

But going by this: http://laws-lois.justice.gc.ca/eng/regulations/SOR-2005-30/page-1.html

I’d have to say that the two technologies are inherently different.

A “Digital Signature”, as referred to in the above canadian regulations, is more akin to the certificates used to identify websites as valid. They are a shared key file and bare no resemblance to a traditional hand-written ink signature. Typically, for example in a PDF, they are embedded in the file and can then be compared with a known good copy to validate that a person is who he says he is. That verification can be done electronically, through systems like Verisign, only if that particular individual registered their digital signature with that certificate authority. This is a similar process to registering a certificate with a certificate authority for a website. Without a trusted third party to maintain and validate the certificate, the whole system falls apart.

The signature element included in COTG is a simple drawing capture region. It captures any hand-written input, whether a signature, drawn notes, etc, and reproduces it in digital image form. The end result is the equivalent of scanning a hand-signed paper document. The image could then be compared to a known good version of the individual’s physical signature for verification purposes.