¶ºÒõ¹Ý

Document Signing 09-05-2023

Transforming engineering and architectural submissions with
digital trust.Ìý

Robyn Weisman
Digital Trust Blog

The process for preparing engineering blueprints, calculations and other materials for submission to government agencies historically required special printers, traditional ink stamps, signatures and reams of paper. In addition to the blueprints, timelines, estimates and everything else that comprised a submission, a professional engineer (PE) was required to apply a handwritten signature on top of their seal on each document in the package.

According to the (FBPE), the PE’s signature and the correct state seal on the submission identifies:

who prepared the plans or reports, whom to contact with comments related to a submission, or whom to contact with questions or concerns. They also indicate that the document is a final engineering document. And they place the responsibility for the document’s content on the PE who signed and sealed the document.

In early attempts to digitize this process, the approach remained almost identical. Physical documents were converted into PDFs. PEs would then apply an image of a state or corporate seal and layer an image of their signature on top.

However, using images of signatures and seals in a PDF provides very low document security. These images (or simple text) do not include proof of signatory identity nor a tamper-evident seal to confirm that the document was not altered since the signatures were applied. To verify the integrity of these types of engineering documents, the signatures and seals need to carry a higher level of digital trust that provides a higher level of assurance of signer identity and proof of integrity.

Why old methods of document security no longer work in a digital world

The advent of document digitization has made clear that the old methods of securing paper documents weren’t particularly reliable. Even if paper documents were difficult to copy, there was no bulletproof way of protecting document integrity. In fact, a common plot point in mysteries and political thrillers involves someone stealing or tampering with official, government-related documents.

For example, simply signing a PDF with a certificate that you created on your local machine or within Adobe Acrobat does not provide any level of assurance (LoA) that you are who you say you are or applied your signature on a specific document. According to Lorie Groth, director of product marketing at ¶ºÒõ¹Ý, “Creating your own digital certificate and using it to e-sign a document is equivalent to printing your own passport as evidence that you are you. It’s basically not worth the digital paper it is printed on."

So, it’s not surprising that many state government agencies have raised their requirements for signed documents and no longer accept scanned copies of physically signed and sealed documents or images placed on PDFs. Because these examples of self-attested identification do not rely on a trusted third-party that is required to adhere to strict security and identity verification regulations, the LoA of the signature is considered low.

The importance of trusted third-party identity attestation

The explains that a signature, such as an e-signature or digital signature, must be unique to the PE applying it and must be obtained from a third-party certificate authority (CA) that is capable of verifying the signature. This CA then vets the PE and provides a password-protected digital signature file that ensures that the e-signature may be trusted by government agencies.

Why is applying a digital signature using a certificate issued from a trusted third-party so important? Groth explains:

A digital signature is a type of electronic signature (or e-signature) where a signatory’s unique digital certificate is cryptographically bound to the signature field using Public Key Infrastructure (PKI). Digital signatures are extremely secure and, when used with an electronic seal to protect signed document integrity, provide a very high level of document trust.

By having your PE sign engineering documents using a digital signature that’s backed by a certificate issued from a trusted third party like ¶ºÒõ¹Ý, you ensure the validity of the signed PDFs and adhere to the strongest levels of assurance and security for document integrity.

Modernizing digital document submissions for the 21st century

Deploying a document trust solution to streamline e-signing and e-sealing processes can lead to huge gains in efficiency for engineering, architectural or other large volume document processes and minimize risk associated with tampering or human error. A typical engineering bid package can consist of hundreds of documents. Expecting a PE to devote a huge block of their time signing and applying seals is not only time-consuming, but also a drain on productivity.

Today, many organizations are still in the early stages of transforming paper and PDF processes to secure, high assurance systems that protect document integrity and accuracy. ¶ºÒõ¹Ý solutions enable engineering, architecture and other organizations to embed digital trust across their document ecosystem and increase confidence in the integrity of digital submissions. It’s another example of how digital trust meets the real world.

Learn more about ¶ºÒõ¹Ý® Document Trust Manager at /document-trust-manager

UP NEXT
PKI

3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min