Lesson 5: Defining "Valid Electronic Signatures"
So what makes a valid electronic signature As defined in § 3.3 of CROMERR, an electronic signature on an electronic document that has been created with an electronic signature device that the identified signatory is uniquely entitled to use for signing that document, where this device has not been compromised, and where the signatory is an individual who is authorized to sign the document by virtue of his or her legal status and/or his or her relationship to the entity on whose behalf the signature is executed.?
A valid electronic signature on an electronic document As defined in § 3.3 of CROMERR, any information in digital form that is conveyed to an agency or third-party, where "information" may include data, text, sounds, codes, computer programs, software, or databases. "Data," in this context, refers to a delimited set of data elements, each of which consists of a content or value together with an understanding of what the content or value means; where the electronic document includes data, this understanding of what the data element content or value means must be explicitly included in the electronic document itself or else be readily available to the electronic document recipient. is one that is created with an electronic signature device As defined in § 3.3 of CROMERR, a code or other mechanism that is used to create electronic signatures. Where the device is used to create an individual's electronic signature, then the code or mechanism must be unique to that individual at the time the signature is created and he or she must be uniquely entitled to use it. The device is compromised if the code or mechanism is available for use by any other person. that is:
- Uniquely entitled to a signatory
- Not compromised
- Used by a signatory who is authorized to sign the electronic document
Resources:
- User Identification, Verification, and Authentication: Challenge Question Second-Factor Approach (pdf)
- CROMERR Application Challenges and Solutions (pdf) , specifically the "Common Application Challenges" section