| Excerpt |
|---|
incomplete - characterizes alternative approaches to e-signatures. |
Requirements
- Ease-of-use consistent with typical commercial online transactions such as consumer banking or personal investor securities trading
- Portable eSignature capability, not tied to a particular Internet access device or particular type of access device (rules out an eSignature pad, fingerprint reader, etc.)
- Low-cost or no-cost to the end user
- Accountability appropriate to mitigate business risk
Accountability is a function of confidence in the original identity assertion (was the registrant who they claimed to be?), the chain of custody of the identity credentials (did the registrant maintain sole custody of the secret key), the integrity of the signed document (is the document in evidence exactly the same document that was signed?), and the legal framework of the e-signature (is the signature legally binding?).
This decomposition may be useful in discussing alternative solutions, but these are tightly interrelated elements and not independently addressable. However, in the implementation of e-signature systems there are several independent components that can be loosely mapped to these concepts, and alternative choices in each of these components can be related to our requirements:
Registration | Credential | Credential | Signing | Tamper |
|---|---|---|---|---|
In-person proofing at USPO | PKI private key | In-person | Digital Signature: document hash is encrypted with private key. Requires some type of reader to input the key, and, client software to execute the hashing and encrypting | Store signed document and digital signature |
|
|
|
|
|
|
|
|
|
|
...