How to Set Up Digital Identities for Document Signing

With the high costs of fraudulently exchanged documents and the extreme ease of obtaining digital signatures to protect against that, there's no longer a good excuse for organizations not to set up digital identities for signing important documents. Here, Knowledge Center contributor John Adams explains how to set up digital identities for signing Microsoft Office 2007 and Adobe Acrobat v8 PDF documents.

bug_knowledgecenter_70x70_%282%29.jpg

Today, more and more documents and intellectual property exist only in digital form. The question of the integrity of digital content and the authenticity of the author is thus becoming all the more vital. Digital signatures can be applied to documents, forms, e-mails, macros and software. The benefits of applying digital signatures establish the following three assurances:

1. Authenticity: The digital signature helps to ensure that the signer is who he or she claims to be.

2. Integrity: The digital signature helps to ensure that the content has not been changed or tampered with since it was digitally signed.

3. Non-repudiation: The digital signature helps to prove to all parties the origin of the signed content. "Repudiation" refers to the act of a signer's denying any association with the signed content.

To make these assurances, the content creator must digitally sign the content by using a signature that satisfies the following four criteria:

1. The digital signature is valid (legitimate, current, and not expired or revoked).

2. The certificate associated with the digital signature is current (not expired).

3. The signing person or organization, known as the publisher, is trusted.

4. The certificate associated with the digital signature is issued to the signing publisher by a reputable certificate authority.

Individual digital certificates can typically be purchased online from a number of trusted certificate authorities. Organizations that have an ongoing need for trusted certificates should explore offerings that use the software as a service (SAAS) model for issuing trusted certificates to their employees. Such services enable companies to exchange secure documents without incurring capital costs, hardware, software or network changes.