Electronic and Digital Signatures

Need a web application with digital signatures? We’re the right people to talk to.

Contact Us

Secure Software Systems for Healthcare

We have strong expertise in building high quality software for the healthcare sector with cryptographically secure digital signatures.

Digital and Electronic signatures are a complex area, full of poor or misleading marketing and a lot of user misunderstanding. The result is that people buy systems because they think they are cryptographically secure, when often they are not. Real security depends on the package of measures used, which is explained in detail below.

One area of confusion is the difference between an electronic signature and a digital signature. An electronic signature is an on-screen representation of the written signature attached to a contract or other record, used by a person with an intent to sign. However, it doesn’t include an individual, personal cryptographic key, because these are expensive. Instead signature security is based on the signer logging on securely to the suppliers’ system, and the supplier checking their identity. Electronic signatures are still often digitally signed, but instead of using a personal digital certificate, they sign using a company issued certificate.

In contrast, a digital signature explicitly uses a personal cryptographic key to validate the authenticity of the individual and the document. This cryptographic signature is also placed on the document to prevent tampering. This should guarantee that an electronic document is authentic – but this actually depends on the security of the rest of the system too.

Our Software Services_Our Expertise.jpg

Different Mechanisms for Signature Verification

Electronic signatures are some combination of the mechanisms shown below. The weak ones omit step No.2, but as long as you have a good provider, the whole system should work as intended. Digital signatures use mechanisms No.5 or No.6. For electronic prescriptions, either will do.


Putting an electronic picture of a signature on the document. This has some value because a person can still recognise that signature.

Robust login mechanism.svg

Requiring the signer to sign into some online system and using a robust login mechanism to make sure it’s the right person – for example bank logins that use 2FA authentication. The identity confirmed by the login is used to store a key that is used to sign in.

Verify identity.svg

Getting the signer to manually verify their identity – asking for a passport or other official document, and then linking that verification to #2. This again is a reasonable step – and many big companies do this.

Cryptographic signature.svg

Putting a centrally issued cryptographic signature onto the document, sometimes called a witness signature. Again, combined with the other items above, this is useful. For example, if I have a document from you with a cryptographic signature from DocuSign, that’s their promise that they’ve checked you out.

Signature in the digital system.svg

Giving you an individual cryptographic signature and storing it in the digital system. The recipient can now see it has a crypto signature that was issued just to you. This is actually a less robust method of verification, as the trust falls on the online system: if the online system is insecure, someone else could potentially sign with your signature.

Storing signature on PC.svg

Giving you an individual signature and storing it on your PC. This provides maximum security, in theory, because now the only person who can sign is you.

Still Have Questions? We’ve Got Answers

One of the big myths of key cryptography is that if a system uses public and private keys, it’s automatically secure. This isn’t strictly true; a system which stores the private keys in another system relies on the security of that other system. Looking at this another way, for a system to be secure and high quality all parts must be secure and high quality.

In our experience:

Electronic Signature systems usually do not use personal digital certificates. They may use a single certificate created by the company who makes the system – which (if it is an ATL certification) will verify in Adobe. This can be robust, but is possibly not the best solution. The certificate says: “this document was signed by Acme Corp – if you trust them, the document was signed by Fred”.

Digital Signature systems generally do use personal digital certificates, but they often still require trust in the provider of the system, because they normally hold the actual private key inside their system. In this case, the certificate says: “this document was signed by someone called Fred”, and Acme who made the system is saying “and Fred is Fred Green Jr.”

We’ve found that the suppliers of online signature systems generally do not explain much of this. We've see suppliers selling witness systems as secure, when strictly speaking they are not. Users tend to trust a well-presented website much more than an explanation of the technology - and if the marketing is confusing, then it opens the possibility of buying the wrong product.

Private Prescriptions

For Private Prescriptions, the “Human Medical Regulations 2012” controls how prescriptions work, and the key points can be found in section 5 of the act, which states:


“Advanced electronic signature” means an electronic signature that is –

a) uniquely linked to the person (“P”) giving the prescription;
b) capable of identifying “P”;
c) created using means that “P” can maintain under “P’s” sole control;
d) linked to the data to which it relates in such a manner that any subsequent change of data is detectable.

Although these regulations are written without specific reference to public key cryptography, most experts now assume that these regulations require a personal, per-prescriber digital signature to be used to sign 
the prescription PDF.

Note: public/private key technology can be used to sign any document or file, but PDFs are the most familiar, and now have built-in support for signatures.

We Can Help With Private Prescription Software

If you have a requirement for a software system that allows doctors and other prescribers to create online prescriptions safely and securely, please contact us. We have years’ of experience supporting online pharmacies. And all our software is designed to integrate with other healthcare data sources, such as PAS, GP address data and drugs databases.

Get In Touch

What Our Clients Say


Public / Private Key
Certificate Authority
Root Certificate
Signature Company
Digital Signatures
Digital ID / Certificate
Digital IDs / Private Keys
Electronic Signature

We're Easy To Talk To - Tell Us What You Need

Contact Us