Logo

Electronic Documentation, Digital Signatures and Security Considerations

Posted in Vessel Registration, Electronic Certificates

The tech community has seen a significant surge from businesses around the world wanting to issue digitally signed electronic documents in the wake of coronavirus. We’ve seen first-hand the impact of transitioning entire workforces into full remote-working setups and are providing this guide to assist with transitioning to issuing fully digital documentation.

For our customers, one of the key reference documents is the IMO’s FAL.5/Circ.39/Rev.2: Guidelines For The Use Of Electronic Certificates which outlines the following features required to be present:

To gain clarity on how we can handle these requirements, here is how OHQ Cloud handles each component part.

What is an electronic signature?

An electronic signature, or e-signature, refers to data in electronic form, which is logically associated with other data in electronic form and which is used by the signatory to sign. This type of signature provides the same legal standing as a handwritten signature as long as it adheres to the requirements of the specific regulation it was created under (e.g., eIDAS in the European Union, NIST-DSS in the USA or ZertES in Switzerland).

Electronic signatures are a legal concept distinct from digital signatures. The concept of an electronic signature itself is not new, with common law jurisdictions having recognised telegraph signatures as far back as the mid-19th century and faxed signatures since the 1980s.

Here’s an example of Lara Croft Tomb Raider’s electronic signature: Lara Croft Signature Example

To go into more detail, check out the full Wikipedia article on electronic signatures.

What is a digital signature?

A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature, where the prerequisites are satisfied, gives a recipient very strong reason to believe that the message was created by a known sender (authentication), and that the message was not altered in transit (integrity).

Digital signatures are a standard element of most cryptographic protocol suites, and are commonly used for software distribution, financial transactions, contract management, and in other cases where it is important to detect forgery or tampering.

Digital signatures are often used to implement electronic signatures, which includes any electronic data that carries the intent of a signature, but not all electronic signatures use digital signatures. In some countries, including South Africa, the United States, Algeria, Turkey, India, Brazil, Indonesia, Mexico, Saudi Arabia, Uruguay, Switzerland, Chile and the countries of the European Union, electronic signatures have legal significance.

Here’s an example of what a digital signature would look like to a recipient if they opened a digitally signed PDF document using Adobe Acrobat:

Digital Signature Example

To go into more detail, check out the full Wikipedia article on digital signatures.

What is the difference between an electronic signature and a digital signature?

Electronic signatures are a legal concept distinct from digital signatures. A digital signature is a cryptographic mechanism often used to implement electronic signatures, whereas an electronic signature can be as simple as an image of a scanned signature or a name entered in an electronic document.

Digital signatures are increasingly used in e-commerce and in regulatory filings to implement electronic signatures in a cryptographically protected way. Standardisation agencies like NIST or ETSI provide standards for their implementation.

We have several individuals within a department issuing documents, how do we deal with multiple signatures?

Each signatory can have a copy of their ‘hand-signed’ signature associated with their user profile. This is a manual task that does require our development team to get involved with as we need to ensure the electronic signature images version controlled. Loading electronic signatures for a specific user is always free of charge.

When each user has their electronic signature in the system, we then manage an Organisation Level digital certificate that is issued to your organisation or sub-department.

Taking the Lara Croft example from above, imagine she works for Atlantis Ship Registry - Seafarers Division. In this example, the digital signature would be issued to “Atlantis Ship Registry, Seafarers Division” with the relevant organisational email address such as maritime.seafarers@atlantisregistry.com.

If Lord Richard Croft also worked in this division, any digital signature applied would be tied to “Atlantis Ship Registry, Seafarers Division”. The only difference would be in the visual output on the PDF itself where instead of Lara Croft’s electronic signature (the image of her hand-signed signature), it would show Lord Richard Croft’s electronic signature image.

Digital Signature Example 2

I have no idea what authentication standards my Administration has adopted for electronic signatures. Where should I start?

Get your IT department involved to see if there are any higher level policies or direction that you should be following. If there are no higher level policies, it’s up to you to decide on how you want to implement electronic signatures as per the FAL convention requirements.

The requirement is suitably vague to enable you to be pragmatic in your approach and choose the option that works best for your organisation.

What are the cost implications for electronic certificates?

Should you want to just use basic electronically signed, encrypted PDFs, these are catered for during the onboarding process as part of your certificate loading phase at no additional charge. If you need to enable electronic certificates at a later date, there will be an additional cost at our standard day rate.

If you decide to move forward with digital certificates, there is a per-certificate charge as the PDFs you are issuing will need to be signed and validated by a 3rd party such as GlobalSign. Depending on the volume of digitally signed certificates you are going to be processing, prices scale so the more you issue, the cheaper it becomes per signed certificate.

Gibraltar Maritime Administration
British Virgin Islands
SLMARAD
Switzerland
Antigua

© 2020 Oceans HQ Ltd. All rights reserved. Registered in England and Wales under 08486423.

Registered Office: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ. VAT Registration: GB168617573