The term digital signatures or e-signatures can be used
interchangeably to refer to digital certificates administered by trusted third
parties ("certificate authorities") and similar technologies, as well
as digital ink signatures created on the Tablet PC.
Leading-edge organizations moving forward with Electronic
Signatures:
High performing enterprises maintain their edge by quickly
seizing upon the opportunity to create worthwhile operating efficiencies while
maintaining or ideally enhancing the experience for their customers. Because of
the widely known efficiencies gained from e-Commerce and paper eradication,
Electronic Signatures is clearly one of these opportunities. In moving forward
with electronic signatures these enterprises have thoughtfully considered the
following.
1) The application and user requirements
Examples:
Internet
Signing a form, document, or
2) The operating environment and system
integration
Examples:
Based on Internet Browser
Adobe Acrobat PDF form
Microsoft Word Document
Custom application
Win 2000, Unix, Palm OS, or others
The future needs to expand or merge the electronic signature
application.
Laws and regulations of applicable states and agencies,
since in addition to state laws there may be regulatory bodies within a
particular industry that need to be considered. With this analysis, it becomes
easier to focus on the right technology partner.
In the United States, electronic signatures are covered
under the Uniform Electronic Transactions Act and Electronic Signatures in
Global and National Commerce law. Passed by the US Congress in 1999 and 2000,
respectively, these two laws serve as the framework for electronic commerce
implementation in the United States, as most state-level E-commerce laws are
identical to Uniform Electronic Transactions Act or a slightly altered version.
These laws specify exactly what constitutes a valid electronic signature, as
well as the conditions under which it is legally binding. An electronic signature
is a “sound, symbol, or process, logically associated with a document” such
that it is:
unique to each user
under the sole control of the signer
linked to a document in such a way as to prevent tampering,
and
capable of being authenticated
Several different methods and technologies exist for
attaching electronic signatures to documents according to these stipulations.
Two common types of signature technologies that are widely available, yet
differ greatly in substance, are PIN/Password signature stamps and digitized
handwritten signatures. A PIN/Password stamp inserts a single fixed signature
image into each signed document when a user types a password or PIN. Digitized
handwritten signatures are captured with special pen-and-tablet systems that convert
a user’s signature accurately into pen events or a summary image. These methods
have different ramifications for security and authentication.
What happens when we bypass PIN/Password
While companies that provide PIN signature stamps may claim
that their technology is legally-compliant because it qualifies as an "electronic
sound, symbol, or process," it falls far short of the holistic
requirements enumerated above. As a practical point, each and every one of
these "signatures" is identical in form and composition, as if they
were made with a single rubber stamp. The appearance of the signature on a
document is not a record of a person’s signature, but rather a result of a
particular password being typed. A forensic examiner that views the signature image
cannot determine its point of origin since any person could have typed the PIN
or password. As such, PIN signature stamps fall short of the authentication
requirements of criterion (4) listed above. Should a password become
compromised, each and every document a person had ever signed with the PIN
method would be questionable, since each signature appears identical and it
cannot be proven which are authentic and which are fraudulent. For these
reasons, businesses are advised to invest in an electronic signature technology
that creates a unique electronic record for each signing instance and not to
rely on a "rubber stamp" technology. PKI digital signatures and
certificates are simply a more complex version of "rubber stamp"
technology, except that a larger (often 128-bit) encryption number is used,
meaning it is too large to be remembered and typed. Portability is also limited
because the key is permanently linked to a host computer or a "secure"
smart card which can be lost, stolen, or hacked.