DOCUMENT Magazine - June 2008 - (Page 25) such as online banking and stock trading, where non-repudiation of the transaction is essential and there is the need for a level of integrity and security that can no longer be addressed by just a user name and password. The foundation of these applications is the establishment of your identity. Both the bank and the electronic broker want to know that it is you at the other end of the transaction. When they establish your identity in the course of opening the account by requiring proof of who you are, they connect that proof to the digital credential. This works in a number of narrow “one to one” transactions where the relying party (the bank or broker in this case) is also the issuer of the credential. But this approach is limited as a tool and would require everyone to have many one-to-one agreements. In essence, it is similar to having a phone line between two houses. This might be nice for house-to-house communications but not very valuable for much else. As a network, this oneto-one communication is limited, as networks become more valuable as you increase the number of useful nodes. Therefore, having a digital signature issued by a trusted party that many others can rely on from a networked infrastructure is like having a phone in the telecom world of many users. Poll of the Issue To what level does your organization utilize e-signatures? Low 25% None 45% Moderate 20% High 10% To work properly, a digital signature would be issued from a recognized (and trusted) certificate authority, such as a state or government agency in a PKI. It would then be given to a properly vetted entity (person, organization or even a computer) whose identity is established to the satisfaction of the trusted issuer. This is similar to how your driver’s license is issued in that the “process” of issuing the license is subsequently relied upon by other users. Once granted, this forms the basis of an identity that can be federated. A number of states, Pennsylvania, North Carolina and Colorado among them, have begun issuing e-notary digital signatures to the notary public to support the growing use of electronic filing of deeds of trust. Kansas, one of the early adopters of digital signatures, has used them in conjunction with car dealerships to sign motor vehicle title liens where they reside in a database. Recently, the state’s Board of Technical Professions modified their rules on signatures and seals to allow for digital variants, and already, a number of private engineering firms are looking to acquire a state-issued digital signature for use on engineering digital documents. In cooperation with the Hague Conference on Private International Law, Kansas was the first state to issue an e-Apostille, which is used by the Kansas Secretary of State for notarizing documents used in international transactions. Growing acceptance by the public and financial institutions for digital signings represents a sign of things to come. It seems that digital signatures are here to stay. Jim Minihan is an acknowledged expert on digital signature and electronic transactions, participating in writing landmark digital signature legislation. He is also a partner of IMERGE Consulting, Inc. For more information, email him at jm@imergeconsult.com. ■ www.DOCUMENTmedia.com june.08 document 25 Networking Into the Digital Age The bottom line here is that we are rapidly learning the value of such a tool. Just as the telephone transformed from a tool of point-topoint communications for the wealthy before it “networked” into what we have today, a tool for everyone that has adopted functions beyond simply talking, so it will be with digital signatures. Rather than needing multiple credentials for every transaction consumers might have to make, the public should have the ability to network their identity. In fact, this is exactly what the federal government has done under Homeland Security Presidential Directive 12 (HSPD-12). Already, the government has issued tens of thousands of digital credentials with every agency of the federal government mandated to accomplish issuance to all federal employees and contractors. This credential is meant to be used for all manner of proof of identity, from entering the building to accessing the data system and for digital signings. The federal government has created a networked identity where that one credential can be used across a spectrum of uses and agencies. In effect, they have adopted one phone that can call any other phone in the federal government. Now, what if the bank or broker that federal employee works with decides to accept that credential also? Suddenly that credential (like the phone) has more value. http://www.documentmedia.com http://www.DOCUMENTmedia.com
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.