What are Electronic and Digital Signatures and when can they be used?
A Simple Electronic Signature (such as a check box on an authenticated web page or an email approving a request) may be used in lower risk situations where the university will not be heavily impacted should a signature be forged or should the university be unable to prove the validity of said signature.
A Digital Signature is a very specific form of an Electronic Signature which uses cryptography to establish the authenticity and validity of the signature with much greater certainty. For transactions where there is a greater risk to the University, or where a “wet” signature is typically required, Digital Signatures must be used instead of a Simple Electronic Signature.
For a Digital Signature to be valid, it must be created by a technology accepted for use by the State of California and conform to technologies capable of creating Digital Signatures as set forth in California Government Code Section 16.5:
- It is unique to the person using it;
- It is capable of verification;
- It is under the sole control of the person using it;
- It is linked to data in such a manner that if the data are changed, the Digital Signature is invalidated;
- It conforms to Title 2, Division 7, Chapter 10, of the California Code of Regulations.
The requirements for implementing Electronic and Digital Signatures are defined in the CSU Acceptable Use of Electronic and Digital Signatures (ISO Domain 10: Cryptography Standard.