Glossary

Your A-Z glossary for key terms and definitions in Zoho Sign

Icon  

    A

    Aadhaar eSign

    Aadhaar eSign enables Indian residents to sign documents digitally with identity verification using Indian government-approved Aadhar IDs.

    Advanced Electronic Signature

    An advanced electronic signature is an e-signature that specifically complies with eIDAS, an EU regulation that ensures stricter authorization methods for electronic transactions among EU member states. Compliance requires that an e-signature be linked tightly to its signatory and includes protections against tampering and fraud.

    Audit trail

    An audit trail is a record of admin and user actions within the app. It archives details like when, where, and by whom a document was signed, which helps trace and verify the authenticity of a signature.

    AES-256 Encryption

    AES-256 or Advanced Encryption Standard is a symmetric key cipher used for both encoding and decoding data. It has become the industry standard for data security.

    Application Programming Interface (API)

    An API, or Application Programming Interface, is a set of tools operating in the background of software applications to help build and integrate services from one app to another.

    Authentication

    Authentication is the process of verifying a user's identity by validating certain identifying documents or proving that something is true, genuine, or valid by ensuring that a document is not forged.

    B

    Biometric Signature

    A biometric signature involves recording the unique pattern of an individual person's physical features, such as their retina, fingerprint, or voice.These patterns are stored and embedded in documents to verify the identity of a signatory.

    Blockchain Timestamping

    Blockchain-based timestamping is an additional level of verification for documents. Transaction information is stored in the form of blocks, carrying a timestamp that records whenever a document is signed digitally.

    Bulk Signing

    Bulk signing is a feature that allows users to sign multiple documents at the same time. Businesses that deal with large volumes of paperwork, such as invoices or HR documents can use a bulk signing feature within a digital e-sign application.

    C

    CCPA

    The California Consumer Privacy Act (CCPA) provides California residents the right to know how businesses collect, use, and share their data. It protects their right to request that businesses delete any collected personal data, as well as the right to opt out of personal data collection. Under the CCPA, California residents are not to be discriminated against when exercising their privacy rights. Learn more about the CCPA

    Certificate Authority (CA)

    A Certificate Authority, or CA, is a trusted entity that is widely recognized for ensuring key security and digital certificates. A CA is authorized to issue digital certificates in its region of operation by the government or regulatory authority overseeing the digital identity.

    Cloud service providers

    A cloud service provider (CSP) is a third-party company that provides scalable computing resources that businesses can access on demand over a network, including cloud-based storage, platforms, and application services.

    Completion Certificate

    A completion certificate is created during each signing process and includes certain details like image copies of signatures, IP addresses for individual signers, times and dates of signing, and more.

    Cryptography

    Cryptography is the study of secure communication strategies that permit only senders and the intended recipients to view message contents. There are three different types of cryptography: Secret Key, Public Key, and hash functions.

    CSV files

    Comma-separated value (CSV) files are text files in which each item or field is separated with a comma. CSV files are useful when dealing with large volumes of data, such as a list of recipients that is to be bulk sent for signing.

    D

    Data in Transit

    Data in transit refers to information (i.e. emails, text messages) flowing across public networks, such as the internet, and private networks, such as any organization network.

    Decryption

    Decryption is the process of converting encoded or unreadable data to its original form. To decrypt data, the key used to encrypt it has to be used.

    Digital Signature Certificate

    Digital signature certificates are the digital equivalent of physical or paper certificates issued for identification purposes. They are issued by a Government of India-authorized Certifying Authority (CA) upon verifying one's identity.

    Digital Signature

    A digital signature is a type of e-signature that contains one or more characters in digital format, representing an individual's identity in correlation with digital information of some kind. It uses the Public Key cryptography technique to provide the highest level of security.

    DPA

    The Data Processing Addendum (DPA) is an agreement you make with a data controller to process your personal data based on GDPR/CCPA regulations. This agreement is an addendum to our terms of service and privacy policies that govern the processing of your data. Learn more about compliance at Zoho

    DSS

    Established by the National Institute of Standards and Technology (NIST), the digital signature standard (DSS) specifies the standards for creating algorithms that can generate valid digital signatures in the US. Learn more about compliance at Zoho

    DKIM

    DomainKeys Identified Mail (DKIM) is a method that authenticates emails for enhanced security. Zoho Sign requires users to verify their domain with DKIM if they wish to send signature-request emails from their own domain.

    E

    ECTA

    The Electronic Communications and Transactions Act (ECTA) 25 of 2002 legally regulates and oversees all electronic communications and transaction activities in South Africa. Sections 13 and 37 define the regulations regarding digital signatures and advanced digital signatures (AES) respectively. ECTA holds digital and electronic signatures at the same legality as physical signatures. More on digital signature legality in South Africa.

    eIDAS (Electronic Identification, Authentication, and Trust Services)

    eIDAS is the EU regulation 910/2014 that replaced the eSignature directive of 1999/93/EC beginning on June 30th, 2016. It outlines specific rules for electronic identification and trust services for electronic transactions in the European market.

    Electronic Records

    Electronic records store information in digital form on a computer as proof of each transaction. This recorded data can be any combination of any text, images, graphics, etc.

    Electronic Signature

    An e-signature, or electronic signature, is an alternative to the traditional pen and paper way of signing documents. They are digital images or symbols attached to documents and linked to a signatory.

    eMudhra

    eMudhra is a licensed, official certificate authority (CA) that issues digital signature certificates in India. FAQs about eMudhra.

    Encryption

    Encryption is a method by which original information is converted into a sequence of codes so that only authorized parties can access the data.

    Encryption Key

    An encryption key is usually a string of characters generated to encode or decode data. The longer the key is constructed, the harder it is to break the encryption code.

    ESIGN Act

    The US Electronic Signatures in Global and National Commerce (ESIGN) Act is a federal law passed in the United States that lays out guidelines for using electronic records and signatures in interstate and foreign commerce.

    eStamping

    eStamping is a method of paying non-judicial stamp duty in India on electronic stamp papers. Stamp duty is a tax levied for registering documents legally. More on eStamping.

    ETA

    The Electronic Transactions Act of 1999, Division 2, Section 10 describes the conditions under which electronic signatures are permitted to be used in Australia. More on digital signature legality in Australia.

    EU GMP Annex 11

    EudraLex's Good Manufacturing Practice (Volume 4), Annex 11 provides the guidelines for the implementation, use, and maintenance of computerized systems in the medical industry. Learn about Zoho Sign for life sciences.

    F

    Fields

    Document fields can be placed wherever information needs to be added by the signers, the document's owner, or other document stakeholders. Zoho Sign also auto-detects field spaces using Zoho's AI assistant, Zia, and auto-generate fields in fillable PDFs.

    FIPS Compliant

    FIPS stands for Federal Information Processing Standards, which consists of set of standards that an organization must meet to be considered "FIPS compliant."

    G

    GDPR

    The General Data Protection Regulation 2016/679 is a regulation in EU law that is designed to provide citizens of Europe control over their transfer of personal data across EU countries.

    H

    Hash Function

    A hash function is an algorithm where an input (group of characters or numerical values) is mapped to an output of fixed length.

    Hardware Security Module (HSM)

    An HSM is a hardware device that manages digital keys and secures cryptographic processes like the encryption and decryption of data, digital certificates, and more.

    HIPAA

    The Health Insurance Portability and Accountability Act (HIPAA) is a federal act in the US that protects each individual's health information. It respects the privacy and sensitivity of this health information, as well as the individual's civil and environmental rights. More on HIPAA compliance

    I

    In-person Signing

    In-person Signing is a feature of some e-signature applications that enables users to get documents signed in real-time, face-to-face situations. This feature saves us from the hassle of carrying physical documents.

    Integration

    Integration means connecting two apps so data can flow between them. For instance, Zoho Sign can be integrated with Zoho Checkout to enable payment collection during the signing process. Zoho Sign integrates with all Zoho apps and popular everyday third-party apps.

    IT Act, 2000

    The Information Technology Act of 2000 is an act of the Indian Parliament that provides legal recognition for electronic means of communication as an alternative to paper-based modes of communication.

    K

    KBA

    Knowledge-based authentication is an authentication method where signers respond to questions to which only they would know the answers. A more secure type of KBA is dynamic KBA, where questions are generated in real time. This mitigates chances of impersonation and fraud. More on dynamic KBA

    L

    Legal disclosure

    This statement is used to divulge the terms, conditions, and any other aspects tied to the document and signature that may influence the signer's understanding of the contract. With Zoho Sign, you can create your own legal disclosure that aligns with your signing process.

    M

    Mobile SDK

    A mobile SDK is a set of tools and programs offered to help any developer add digital signing functionalities directly to their existing app without starting from scratch.

    Multi-Factor Authentication

    Multi-Factor Authentication (MFA) is an authentication method where user have to provide two or more pieces of evidence or verification factors to get access to information or an application.

    N

    No-code automation

    No-code automation platforms allow both technical and non-technical users to automate processes through a visual user interface instead of traditional computer programming or coding.

    Non-repudiation

    Non-repudiation means that stakeholders cannot claim the illegitimacy of a contract after they have signed it. Zoho Sign users can establish an audit trail to track the signing process granularly with timestamps and IP addresses, providing proof of origin and identity of the signing.

    O

    One-Time Password (OTP)

    An OTP, or one-time password, is a password generated for any transaction from a digital device. It generally consists of a randomized numeric or alpha numeric string of characters.

    P

    PFX files

    Personal Information Exchange (PFX) files contain the issuer's details, a certificate authority's information, and a public key for encryption as well as a private key for decryption. Sensitive data used to communicate between two devices are usually sent via PFX files as they are legally compliant and highly secure.

    PIPEDA

    The Personal Information Protection and Electronic Documents Act (PIPEDA) of Canada outlines protocols regarding electronic documents, with specific focus on electronic and digital signatures in parts 2 and 3. PIPEDA defines and encourages the use of secure electronic signatures. More on digital signature legality in Canada

    Public Key Infrastructure (PKI)

    Public key infrastructure, or PKI, is a framework used to manage digital signatures through encryption. Each digital transaction has two keys: A public key, which is available to all those who need to validate the signer's e-signature; and a private key, which is available only to the signer so they can e-sign the documents.

    Q

    Qualified Electronic Signature (QES)

    A qualified electronic signature is the highest level of compliance according to eIDAS. It involves face-to-face identity verification of signatories and a digital certificate from a Trust Service Provider (TSP).

    R

    Registration Authority

    The Registration Authority (RA) is an organization that validates a certificate request and verifies the identity of the user before the Certificate Authority issues a digital certificate.

    Regulatory Compliance

    Regulatory compliance involves a set of policies and procedures that an organization has to follow in accordance with the law in order to keep operating.

    Reports

    Reports in Zoho Sign use visual charts and graphs to give you a holistic view of your account activity. They show documents that have been signed, recalled, declined, or expired, and also list activity history. Reports can also be filtered and graphed by category.

    REST APIs

    REpresentational State Transfer (REST) is an style of API architecture with a set of constraints in place for the secure exchange of data between systems. All communication via REST APIs uses only HTTP requests.

    Role-based Access Control

    Role-based Access Control is a method by which access will be permitted depending on the user's role within an enterprise. It helps mitigate identity-related access risks in an organization.

    S

    Send later

    Send later is an option that lets users send documents to recipients at a scheduled time. For example, a document prepared at 12:45 p.m. IST can be scheduled to be sent to recipients at 8:30 p.m. IST. The time set must be anywhere between 30 minutes and 30 days from the document creation.

    SignForms

    SignForms allow you to create on-demand, self service documents to collect signatures through a secure URL without any coding. You can create SignForms using an e-sign service and embed them in your organization's email for everyone to access.

    Signature Wizard

    A signature wizard is an application used for creating custom signatures. It allows you to draw or type your signature, or even upload a document containing an image of your signature.

    Sign with Singpass

    Singapore Personal Access (SingPass) is the digital identity of the citizens of Singapore. Residents of Singapore can sign documents digitally under Singapore's Electronic Transactions Act. Learn more about SingPass

    SSL

    SSL, or Secure Sockets Layer, is a type of security encryption used for securing web pages. It displays a garbled mix of characters when someone tries to obstruct the data.

    SSO

    Single sign-on (SSO) is an authentication technique that enables users to use their credentials for one application to gain sign-in access across multiple applications.

    Standard Electronic Signature

    A standard electronic signature is a digital mark added by the signatory using a cryptographic digital signature certificate (DSC) when signing a document, thereby making it secure and tamperproof.

    T

    Tamperproof Records

    Tamperproof records are digital files signed by a user and registered through blockchain. Because each record contains the recipient's public key, they can prove ownership of the record without relying on the Certificate Authority.

    Templates

    Templates feature in many e-sign apps in order to define a common format for particular types of documents and save them for future reuse.

    Text tags

    Text tags are fields that are added to a document before it is uploaded for signing. Once a document is uploaded with text tags, Zoho Sign will automatically place those fields in the respective spots without users having to drag and drop the fields. For example, if a document uploaded has the text tag {{Signature}}, Zoho Sign will auto-fill the signature field in that space.

    Title 21 CFR Part 11

    Part 11 of Title 21 of the Code of Federal Regulations (CFR), followed mainly in the medical and pharmaceutical sector of the US, lists the policies and regulations on electronic documents (including electronic signatures) as per the FDA. Learn more about FDA-compliant signatures

    TLS

    TLS, or Transport Layer Security, encrypts information sent over the internet to prevent hackers from seeing what you transmit. This is particularly used for ATM pins, passwords, and account numbers, but it can also be used to protect other types of sensitive information.

    Trust Service Provider (TSP)

    A Trust Service Provider, or TSP, is an entity that provides trust services such as timestamping, issuance of digital certificates, and validation of e-signatures. They issue certificates only after verifying the identity of the user.

    Trusted Document Timestamping

    Document timestamping adds a permanent timestamp to digitally signed documents as a way to prevent fraud and prove its existence at the time and date of signing, even if digital signature certificate expires.

    U

    Uanataca

    Uanataca is a Certification Authority (CA) providing qualified trust services, such as qualified electronic signatures (QES), in compliance with the eIDAS regulation. Learn more about Uanataca

    UETA

    The Uniform Electronic Transactions Act is a US law designed to remove barriers to electronic commerce. It establishes legal recognition to electronic contracts and harmonizes state laws concerning the validity of electronic signature.

    USB Tokens

    A USB token houses a digital signature certificate in a password-protected USB device, so personal identity can be verified by anyone with the USB. These USB tokens are issued by a Certificate Authority.

    User Interface

    A user interface is the sensory channel by which a user interacts with hardware devices. The ultimate goal of UI design is to make the interaction between the machine and person simple and efficient.

    V

    Vernacular signing

    Vernacular signing is a feature in Zoho Sign that allows communication emails, document interfaces, signatures, dates, and other product features to be displayed in different languages. Zoho Sign currently supports over 20 languages.

    W

    Wet Signatures

    A wet signature is a signature made using a pen or seal for signing a document. Wet signatures are not necessarily a person's name. It can be a stamp or fingerprint marks that are used to sign a document.

    Webhooks

    Webhooks are automated notifications sent from third-party apps. They allow users to send real-time information from one application to another to create an automated workflow.