Because PKI based eSign is unscalable and simple eSigns are unsecure, unverifiable, so
Based on self-sovereign cryptographic digital identity, I-AM Crypto-ID, the Pi-Control platform embeds advanced eSignature to digital documents and transactions. This is a sleeker alternative for age old PKI based eSignature technology and a secure alternative to traditional simple eSignatures
"Using Pi-Control advanced esign we began signing all our internal and external digital transactions for better verifiability"
Business Head at Reputed Bank
An advanced eSign is a simple signature with additional elements in place to enhance the authenticity and security of digital documents and transactions. Here are the requirements for an advanced eSign, as per eIDAS guidelines:
It must be uniquely linked to the signatory
It must be capable of identifying the signatory
It must be created using data that the signatory can use under their sole control with a high level of confidence
It must be linked to the signed data in such a way that any subsequent change in the data is detectable
One of the benefits of eSign is that signers do not have to be present physically which increase convenience and boost electronic commerce. Due to this reason various governments have released their own set of regulations on electronic signatures. Most enterprises use either PKI based electronic signature or simple electronic signature.
PKI Based eSign is an extremely cumbersome model of eSignature implementation. Owing to the complex key management, high costs, and immense user education, these are highly unscalable forms of eSign
Simple eSign is data in electronic form attached to or mapped with other data in electronic form and which is used by the signatory to sign. This can be an image of your physical signature in digital form, or a checkbox that indicates your consent. Simple e signatures are scalable and easy to use but they are vulnerable to repudiation and other identity related cyber threats.
Sign42 is powered by I-AM Cryptographic digital identity platform and Pi-Control. Sign42 derives the trust based on a self-sovereign identities framework within I-AM It eliminates the need for manual overhead of key management and makes onboarding and eSigning simplified.
In addition to being fully compliant with the Model Law, Sign42 Pi-Control Advanced eSign follows eSignature guidelines as specified by regulatory bodies in Europe (eIDAS), USA (UETA/ eSIGN ACT) and India (IT Act2000 and 2008 amendment)
Sign42 is compliant with following eIDAS Advanced ESignature Regulation (Europe)
ESignature must be uniquely linked to the signatory
ESignature must be capable of identifying the signatory
ESignature must be created using data that the signatory can use under their sole control with a high level of confidence
ESignature must be linked to the signed data in such a way that any subsequent change in the data is detectable
Sign42 is compliant with following UETA and ESign ACT (USA)
Intent to sign: Electronic signatures, like traditional wet ink signatures, are valid only if each party intended to sign
Consent to do business electronically: The parties to the transaction must consent to do business electronically. Establishing that a business consented can be done by analyzing the circumstances of the interaction, but consumers require special considerations. Electronic records may be used in transactions with consumers only when the consumer has:
Received UETA Consumer Consent Disclosures
Affirmatively agreed to use electronic records for the transaction
Has not withdrawn such consent
Association of signature with record: In order to qualify as an electronic signature under the ESIGN Act and UETA, the system used to capture the transaction must keep an associated record that reflects the process by which the signature was created, or generate a textual or graphic statement (which is added to the signed record) proving that it was executed with an electronic signature.
Record retention: U.S. laws on eSignatures and electronic transactions require that electronic signature records be capable of retention and accurate reproduction for reference by all parties or persons entitled to retain the contract or record.
Sign42 Vs PKI Comparison
Unique ID Association
TTP assigns unique identities to signer
individuals choose their digital identity & private/public keys independently
One Time Use Signing Key
Document content specific, contextual, time-sensitive, dynamic
Same key is used multiple times, vulnerable to compromise
The signer can generate the key only after successful crypto authentication, thus the signature is undeniable
CA1 binds key K to user X, and CA2 binds key K to user Y, then either or both user can deny that he/she has not signed.
TTP makes sure the uniqueness of the identity and authentication, thereby signature is non-forgeable
Given the public key, it is hard to find the private key. So it is hard to forge
Control of Signing (Authorization)
Tamper Proof (Integrity)
Signing happens only after authentication, so signer has the sole control of signing
Control of signing is dependent of private key; finding private key from the public key is a hard problem. In this way signing activity is controlled.
The hash of the document is used both in signing and verifying process making it tamper proof
The hash of the document is used both in signing and verifying process. So it is tamper proof.
TTP authenticates each user and Enterprise in real time for every user interaction (signing/verifying)
The CA verifies only revocation list. It doesn’t authenticate the users or enterprise, leaving the responsibility to the respective parties
TTP helps generating the symmetric keys for message privacy using I-AM Crypto-ID of transacting parties and TTP
Public private key pair can be used for encrypting and decryption of the message.