...
Design | Registration | Credential | Credential | Signing | Tamper |
| Ease-of-use | Portability | Cost | Accountability |
|---|---|---|---|---|---|---|---|---|---|---|
Theoretical PKI alternative | In-person proofing at USPO | PKI private key | In-person | Digital Signature: document hash is encrypted with private key. Requires some type of reader to input the key, and, client software to execute the hashing and encrypting | Store text of document and digital signature; this combination is tamper-evident by design |
| Fail: complex and mysterious | Fail: reader required | Fail: cost of person-proofing and certificate issuance | Pass: strong confidence in identity and credential, however, custody of credential not guaranteed |
USDA Level 2 Access | Create online profile, then appear in-person at USDA Service Center with government-issued photo ID to activate level 2 credentials | User ID and password | Customer specified credentials are electronically activated by USDA Service Center employee | tbd | tbd |
|
| Pass: strong confidence in identity, however, custody of credential not guaranteed | ||
FedEx-like digitized signature: holographic signature using stylus on a digitizing pad | Signature would not necessarily be electronically associated with the registrant | Image of a holographic signature | None required | Signatory signs a holographic signature on a digitizing pad while the digitizing pad is under the control of agency's e-signature software | Package signed document and image of holographic signature; requires external "seal" to make tamper-evident |
| Pass: familiar and understandable | Fail: stylus and digitizing pad required, custom software required at client device | Fail: cost of stylus and digitizing pad | Pass: characteristics similar to traditional signature |
RSA SecureID¿ | Configurable per business requirements; could be fully online using shared secrets | Choice of 5 hardware authenticators or software for cell phone or PDA | Hardware authenticators require physical delivery; software authenticators "seed" could be delivered electronically | Signatory signs with a "something you know" pin or password, and, a one-time use token code generated by their authenticator | Package signed document and authentication metadata; requires external "seal" to make tamper-evident |
| Pass: dedicated devices mask deep complexity | Fail: dedicated device must be present at signing | Fail: cost of dedicated device and licensing | Pass: strong confidence in identity and credential, good confidence in custody of credential |
HMS Permits: | Online registration at http://www.hmspermits.gov/ | Permit number | Online issuance of permit | na | na |
|
|
|
|
|
...