Verify Electronic Signatures

Owned by Henry Farris (Unlicensed)
Last updated: Jul 30, 2020
2 min read

VERA provides a built-in utility for verifying the integrity and authenticity of a project's electronic signatures.

The utility verifies both active and inactive signatures. An active signature is a signature that is current and that is actively displayed on the record, while an inactive signature is a signature that is no longer current and thus no longer displayed on the record (though it is still part of the record's history).

For example, if a record is in an Approved status, and it has three (3) electronic signatures displayed, then those signatures are active signatures. When that record is revised back to a Draft status, then the signatures will be visually removed from the record, as they are no longer relevant. However, the signatures will still exist in the system as inactive signatures, as they are part of the record's electronic approval history. If the record becomes approved a second time with three (3) new signatures, then those new signatures will be displayed as active signatures, and the original three will still exist in the record's history as inactive signatures.

The utility performs the following verification checks for each signature:

  • Completeness: The signature's components are inspected to ensure the signature contains all expected data elements (user ID, full name, meaning, date/time stamp, etc.)
  • Integrity: The signature's data hash is verified to ensure the signature has not become modified or corrupted in any way since its creation.
  • Record Association: The signature is compared against the containing record to ensure it is associated with its original record and that it was not unexpectedly moved or copied to another record.
  • Signature Display: If the signature is an active signature, then the displayed (human-readable) signature is verified against the hashed signature data to ensure the displayed version has not been altered or corrupted.
  • Record Integrity: If the signature is an active signature, then the record's data fields are verified to ensure the record was not unexpectedly modified after the signature was applied.