Lesson 6: Signature Validation
Checklist items 13 through 17 are grouped under the Signature Validation Process, and represent CROMERR requirements that the system must satisfy as part of ensuring that electronic signatures it receives are valid.
Select each item under the Submission Process to learn more.
- Credential Validation
- Signatory Authorization
- Procedures to Flag Counterfeit Credential Use
- Procedures to Revoke or Reject Compromised Credentials
- Confirmation of Signature Binding to Document Content
13. Credential Validation
For each electronic signature As defined in § 3.3 of CROMERR, any information in digital form that is included in or logically associated with an electronic document for the purpose of expressing the same meaning and intention as would a handwritten signature if affixed to an equivalent paper document with the same reference to the same content. The electronic document bears or has on it an electronic signature where it includes or has logically associated with it such information. received, CROMERR requires that the system verify that the identified signer is actually authorized to sign the submittal.
Reference:
- Review the Regulation Language: § 3.2000(b)(5)(i)
- Definition of Valid Electronic Signature As defined in § 3.3 of CROMERR, an electronic signature on an electronic document that has been created with an electronic signature device that the identified signatory is uniquely entitled to use for signing that document, where this device has not been compromised, and where the signatory is an individual who is authorized to sign the document by virtue of his or her legal status and/or his or her relationship to the entity on whose behalf the signature is executed.
- Definition of Electronic Signature Device As defined in § 3.3 of CROMERR, a code or other mechanism that is used to create electronic signatures. Where the device is used to create an individual's electronic signature, then the code or mechanism must be unique to that individual at the time the signature is created and he or she must be uniquely entitled to use it. The device is compromised if the code or mechanism is available for use by any other person.
14. Signatory Authorization
Under the Submission Process, CROMERR requires that the system be able to flag counterfeit submittals. Under the Signature Validation Process, CROMERR also requires that the system be able to flag counterfeit credential use, which would indicate that the credential has been compromised.
Reference:
- Review the Regulation Language: § 3.2000(b)(5)(i)
- Definition of Valid Electronic Signature As defined in § 3.3 of CROMERR, an electronic signature on an electronic document that has been created with an electronic signature device that the identified signatory is uniquely entitled to use for signing that document, where this device has not been compromised, and where the signatory is an individual who is authorized to sign the document by virtue of his or her legal status and/or his or her relationship to the entity on whose behalf the signature is executed.
- Definition of
15. Procedures to Flag Counterfeit Credential Use
CROMERR requires that the system include procedures to follow up on evidence and reports of credential compromise In relationship to an electronic signature device, refers to when the device's code or mechanism is available for use by any other person., including procedures to revoke a credential when compromise is indicated. Correspondingly, the system must be able to reject submissions that include e-signatures executed with revoked credentials.
Reference:
- Review the Regulation Language: § 3.2000(b)(5)(i)
- Definition of Valid Electronic Signature As defined in § 3.3 of CROMERR, an electronic signature on an electronic document that has been created with an electronic signature device that the identified signatory is uniquely entitled to use for signing that document, where this device has not been compromised, and where the signatory is an individual who is authorized to sign the document by virtue of his or her legal status and/or his or her relationship to the entity on whose behalf the signature is executed.
- Definition of
16. Procedures to Revoke or Reject Compromised Credentials
CROMERR requires that the system include procedures to follow up on evidence and reports of credential compromise, including procedures to revoke a credential when compromise is indicated. Correspondingly, the system must be able to reject submissions that include e-signatures executed with revoked credentials.
Reference:
- Review the Regulation Language: § 3.2000(b)(5)(ii)
- Definition of Valid Electronic Signature As defined in § 3.3 of CROMERR, an electronic signature on an electronic document that has been created with an electronic signature device that the identified signatory is uniquely entitled to use for signing that document, where this device has not been compromised, and where the signatory is an individual who is authorized to sign the document by virtue of his or her legal status and/or his or her relationship to the entity on whose behalf the signature is executed.
- Definition of
17. Confirmation of Signature Binding to Document Content
Related to item 5—requiring signature binding—CROMERR requires that the system be able to determine whether the content of an electronically-signed submittal matches the content at the time the signature was executed.
Reference:
- Review the Regulation Language: § 3.2000(b)(5)(ii)
- Definition of Valid Electronic Signature As defined in § 3.3 of CROMERR, an electronic signature on an electronic document that has been created with an electronic signature device that the identified signatory is uniquely entitled to use for signing that document, where this device has not been compromised, and where the signatory is an individual who is authorized to sign the document by virtue of his or her legal status and/or his or her relationship to the entity on whose behalf the signature is executed.
- Definition of