Evidence package

A file that is claimed to have been signed in Scrive is only trustworthy if it is an original. Any change to the document contents will mean that the document is no longer an original. This includes adding notes, highlighting or compressing the PDF.

• Scrive will store an original of each document until the author (person or system that created the document) deletes it.

• All unaltered instances of a document signed in Scrive is an original.

• To verify the integrity of a document, upload it to https://scrive.com/verify and make sure that you get the confirmation message that the file has a valid signature.

An easy way of viewing the embedded HTML evidence package is to open the original document in e.g. Adobe Acrobat Reader. Click on the attachments icon to show the list of attachments which together make up the evidence package. All the attachments are in a HTML format. Double-click on a file to open it in your default browser.

The attachments consists of:

1. Evidence Quality Framework – about the framework Scrive uses for evidence quality.

2. Service Description – a detailed description of how Scrive works.

3. Evidence Log – all events associated with this document, in detail.

4. Evidence of Time – samples from the Scrive server clocks and statistical analysis of the clock error (to make it possible to determine how exactly the Scrive clocks are).

5. Evidence of Intent – screenshots from the devices (computer/phone/tablet) the signing individuals used to sign. (This works most of the time but not always, as web browsers can be unpredictable.)

6. Digital Signature Documentation – a detailed description of how Scrive’s blockchain based digital signing works; the basis for securing the integrity of documents signed in Scrive.

7. Quality of Scrive E-signed Document – an explanation on how Scrive fulfils evidence quality requirements.

The “last updated” date is when Scrive last changed something in the template for the attachment. The attachment itself was generated when the last signing party signed.

Questions about who signed a document, when it was signed, and how it was signed can all be answered using both the Evidence log and the Evidence of Intent.

Evidence log (Appendix 3)

This file contains all events that Scrive has been able to record about the document, up until the last person signed it. Thereafter, the file is locked. Or rather: if the file is changed after this point in time, it is not what the signatories signed and it is therefore no longer an original. It is not possible to verify the integrity of the document if it has been changed. See more above in the section on “Document integrity”.

In the Evidence log, you'll find key information, including the signatory’s name, email address and/or phone number, along with the timestamp and IP address of the device used to view the document.

The timestamp is in the leftmost column. Scrive always uses time in the UTC time zone. The CES column is the last time we analysed the clock error (which in turn results in the +/- X ms in the leftmost column). The IP address is in the third column.

It should be noted that an IP address is not a very good way of identifying an individual. A very common case is that many individuals, sometimes whole cities, share a single IP address. However, the user behind the IP address might be located somewhere completely different as they may be using a VPN.