What is a Digital Signature?
Digital Signatures and the Pharmaceutical Industry
What are digital signatures?
A Digital Signature is akin to an electronic fingerprint. It is used to securely affix a unique signature to a document that is associated with the signer. Digital signatures use a standard format known as a Public Key Infrastructure (PKI). This ensures security, but also universal acceptance across the world and software platforms.
How does a digital signature and an electronic signature differ?
The term electronic signature covers a range of different signature types. When it comes to the pharmaceutical industry it is specifically the digital signature technology that we are interested in. Although both electronic and digital signatures allow you to sign a document, only digital signatures are approved for signing documents that carry a legal purpose.
How do digital signatures work?
Just like a handwritten signature, a digital signature is unique to the owner, or signer. The PKI protocol utilizes a mathematical algorithm to generate two numbers, known as “keys”. These keys are known as a public and a private key. When the owner affixes his digital signature to a document his private key is used. This key should be kept secret, hence why it is known as a private key. The algorithm then creates encrypted data that matches the original document, known as a hash. This is the digital signature, which is also marked with the date and time that the document was signed. If any changes are made to the document after this signature, the digital signature is invalid. This ensures that documents can not be digitally edited after the signer has affixed their signature.
Here is an example :-
Mr Jones signs a contract to sell a vehicle using their private key. The document is sent to the buyer, who will receive also Mr Jones’s public key. If the public key can not decrypt the document, then it means that the document has been altered since Mr Jones signed it. That would render Mr Jones’s signature as invalid.
The vital link in the chain is ensuring that the public and private keys are created, transmitted and stored in a secure way. You should ensure that the digital signature system you use meets the PKI requirements for secure digital signing of documents.
What is Public Key Infrastructure (PKI)?
PKI is the requirements set out for the creation of digital signatures. It could be thought of as a standard that has been set for all to follow. The PKI is responsible for the public and private keys that are used in the digital signature. PKI requires that a Certificate of Authenticity (CA) is present and that the software used can manage the enrollment of users, renew and revoke the keys and certificates.
What is a Certificate Authority (CA)?
As digital signatures rely heavily on the public and private keys, it is vital that they are protected to avoid any malicious or fraudulent use. As a signatory, you want to ensure that when you send the document it is secure, and the keys are valid. The use of a CA can help with this assurance. It is provided by a third-party organization that has a reputation for reliability. Both the document creator and the recipient who signs it must use the same CA provider.
Why use a digital signature?
A wide variety of industries have adopted digital signature standards. This is to ensure traceability and accountability of documents and their signatories. In the digital world we live, where business transactions are often taking place across international borders, a digital signature can allow for instant exchange of documents that require signatures and authentication.
CFR Part 11 is legislation put forward by the FDA regarding the digital signature, storage and retrieval of documents that are used in the pharmaceutical industry. If you have implemented a monitoring system for your medical refrigerators and vaccine storage, the data collected should be in compliance with the CFR Part 11 requirements.