"a digital Signature is a code that is generated with public key encryption. This uses the certificate identifying the signee in conjunction with a summary of the document. These are then cryptographically computed as a code (the signature) and assembled back into the document. Authentication is via the same public key encryption, and is typically automated when the document is digitally viewed”
Flaws with eSignature Type Legacy Systems
of signee cannot be easily and independently identified
of the document cannot be validated (unchanged) from the time after it was signed by the signee
Accounts / Credentials
are required for access to sign (complexity and inconvenience)
Uncertainty or Low Confidence
of correctness of document (limited access when signing)
Storage of Signatures and Documents
(cyber security breach risks)
Tamper proof and Fraud resistant
Any modification on the document will render the signature invalid.
Any signature on a modified document will seal the proof of the modification.
Validation is self-contained in the document
Identity Authentication (the person who signed)
Document Integrity (the document has not changed)
National Digital Identities are already provisioned
Your certificate of Identity is in your singpass app
Signing of any document is done within your singpass app.
Digital Signatures differ from eSign type signatures in that they don't use email or phones numbers or images as a forms of identification. No passwords or accounts are required either. The issuance of a National Digital Identity from the government, along with the mechanisms and infastructure to support this security, is all that is required.
For PDF files, the Digital Signatures are embedded in the document (PDF) and usually have a visual representation as an annotation on the document. When opening a PDF, these are automatically authenticated to validate the Identity of the signee (who signed), and the Integrity of the document (not altered). This can also be manually authenticated when the PDF is opened.
These types of signatures are not identified by email or phone numbers or third parties, rather by issued National Digital Identities from the government. The validation mechanism does not require a third party, and is already built into the national digital identity framework provisioned and managed by the government.
If you have the singpass app, your National Digital Identity is already there, and this will allow you to sign documents.
It is created uniquely for each document you choose to sign. The signature is generated on your device after you scan the QRCode, and this is then securely enciphered and placed back inside the document.
The signature annotation you see placed on the document is just an image representing the details of the embedded digital signature. This image is just a view provisioned by singpass to indicate the document is digitally signed using singpass.
Just open the document in Adobe Acrobat Reader, and it will automatically validate any and all signatures on the document. You can click on each signature image, and validate individually if needed.