How Digital Certificates Create Trust in Remote Online Notarization

What is a digital certificate? 

A digital certificate creates trust because the third party issuing it verifies the identity of the owner. When verifying a signer’s identity in a traditional notarial ceremony, the notary examines a driver’s license or passport. 

The digital certificate creates electronic credentials used to affirm the online identities of individuals, computers, or other entities on a network. In this way, it’s much like obtaining a driver’s license, passport, or other ID cards from a trusted government authority. The third-party issuing the digital certificate is known as the Certificate Authority (CA).

What information is contained in the digital certificate? 

• The certificate owner’s name
• The owner’s public key and expiration date
• Name of Certificate Authority who issued the digital certificate
• The Certificate Authority’s digital signature 

Notaries researching how to get started with remote online notarization have likely seen the name IdenTrust, a certificate authority. The Basic Assurance Digital Certificate issued by IdenTrust is compatible with many remote online notarization platforms, including ProperSign. 

Three types of digital certificates

The digital certificate a notary receives is only one of three main types. Here are the three types of digital certificates: 

1. Secure Socket Layer (SSL) – This certificate is installed on a server and authenticates the website to the user. If you see a lock symbol next to a website’s URL or HTTPS, it means the site owner has an SSL certificate, enabling an encrypted connection and making it a more secure platform for eCommerce. If you don’t see this symbol on a site, don’t enter any personal or credit card information. 
2. Code-Signing Certificates – This type of certificate is used by software developers to authenticate their authorship of software application code and prove that it hasn’t been altered or tampered with after digitally signing it. 
3. User/Client Certificates – Sometimes called Digital IDs or identity certificates, the User/Client Certificate is used to authenticate one person’s identity to another person, one person to a device, or one device to another device. As more companies move to cloud computing and employees access data remotely, this type of certificate is becoming more popular. This is the type of certificate notaries will obtain from a CA like IdenTrust or from their RON provider like ProperSign.

These types of certificates use a system called Public Key Infrastructure (PKI) that pairs private and public keys in various ways. As a result, you may also hear the digital certificate referred to as a Public Key Certificate. 

How does a digital certificate work?

Digital certificates work together with digital signatures to prevent forgery and tampering. To better understand how digital certificates work, it’s essential first to understand the difference between electronic and digital signatures. 

Electronic signatures vs. digital signatures

It may seem like these two terms are interchangeable, but there are critical technical differences to understand that go beyond semantics. 

What is an electronic signature?

Electronic signatures or eSignatures might be created by typing out your name, writing it out with a stylus on a tablet, checking a box, or uploading a signature image. Like a wet-ink signature, the eSignature infers the signer’s intent to sign the document and agree to its terms. 

Electronic signatures are legally binding and carry the same weight as traditional signatures on paper documents under federal law like the United States Electronic Signatures in Global and National Commerce Act (ESIGN) or under state adopted laws like the Uniform Electronic Transaction Act (UETA). 

The legal acceptance of electronic signatures has been tested and upheld in court cases. An appellate judge in Florida upheld a ruling against borrowers who challenged the enforceability of a note signed electronically and the authority of the bank to foreclose. 

While the legal authority of eSignatures has been settled, there is a weakness in their inherent security. 

What is a digital signature?

Digital signatures are eSignatures with additional built-in security measures. While the electronic signature is a static image attached to a document, the digital signature performs key three functions using an encrypted digital certificate. These include: 

1. Authentication: verifies the identity of the individual signing, sealing, or sending a document. 
2. Non-repudiation: The process of verifying the identity of the signature means the signer can’t deny or disavow the signature later.
3. Tamper-proofing: the digital certificate associated with the digital signature seals the document to maintain its integrity. Any alteration will be evident if the seal is broken.  

Digital certificates create audit trails and encrypt documents with “hashes” or digital “fingerprints” to provide a more secure process for gathering electronic signatures. 

How a Digital Certificate is created

Without the digital certificate tied to the digital signature, the receiver of the document doesn’t know for sure who created and sent the document. Remember that digital certificates run on a public key infrastructure (PKI), which follows established protocols to create and distribute sets of private and public keys to encrypt and decrypt confidential communications and documents between two parties. 

When you purchase a digital certificate, the certification authority issues a certificate binding a public key to your verified identity. This prevents cybercriminals from falsifying your public key or digital signature and altering documents.

When you apply for a digital certificate, you’ll generate a private-public key pair and send the public key to the CA along with documents verifying your identity. After the CA has confirmed your identity, they create and sign the digital certificate and attach it to your public key. Essentially, a digital certificate is only as trustworthy as the CA used to vouch for your identity. Depending on the industry or intended use, only specific CAs may be approved, or a particular type of digital certificate may be required. 

After the CA creates the digital certificate, it’s returned to the user where you can store it on your computer as a file, attach it to your browser, or store it on a USB flash drive. 

Why does a notary public need a digital certificate? 

In a traditional notarial ceremony, the notary applies their signature and physical stamp to a document after verifying the signer’s identity and reviewing the documents. Notaries are instructed to keep their stamps in a safe place, preferably a lockbox, to prevent fraudulent use. Since the stamp is intended to never leave the possession of the notary, we can safely assume that the seal we see on the document was applied by the notary identified on it. 

In this way, the traditional seal helps to authenticate the notary’s identity and heighten the integrity of the notarized documents. The seal also prevents a notary from denying they performed the ceremony should the legitimacy of the notarization be called into question later.

Without a digital certificate, the notary’s electronic signature and electronic seal (eSeal) carry little weight in terms of security. The eSeal is typically a PNG, TIFF, or another image file. Anyone could forge these images and place them onto an electronic document, so the digital certificate acts as the lockbox during a remote or electronic notarial ceremony. The eSeal also never expires, but the digital certificate does. 

Obtaining a digital certificate as a notary 

To obtain a digital certificate as a remote online notary, you’ll first want to check with your commissioning authority to see if a particular type of certificate is needed. In some states, you may be required to register your digital certificate with your commissioning authority. 

Next, you’ll want to see if the remote online notarization software you’re using provides digital certificates or allows you to upload your registered digital certificate. 

After you’ve confirmed what is required by your state and your software provider, follow the instructions to obtain your certificate. If you are purchasing one for yourself, you’ll likely be directed to obtain a Digital Signing and Sealing certificate through IdenTrust. 

Building trust in a digital world where users can easily hide behind a screen with a false identity is difficult, but digital certificates are one way to reassure your clients when executing transactions. With ProperSign, notaries have some flexibility in how they obtain and use their digital certificates so that you can grow your notary business with remote online notarization. If you have any questions about digital certificates or getting started with ProperSign, be sure to contact our sales team.

This content is provided for informational purposes only. PropLogix, LLC (PLX) is not a law firm; this content is not intended as legal advice and may not be relied upon as such. PLX makes no representations as to the accuracy, reliability, or completeness of this content. PLX may reference or incorporate information from third-party sources, upon which a citation or a website URL shall be provided for such source. PLX does not endorse any third party or its products or services. Any comments referencing or responding to this content may be removed in the sole discretion of PLX.