...
Design | Registration | Credential | Credential | Signing | Tamper |
| Ease-of-use | Portability | Cost | Accountability | ||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
Theoretical PKI alternative | In-person proofing at USPO | PKI private key | In-person | Digital Signature: document hash is encrypted with private key. Requires some type of reader to input the key, and, client software to execute the hashing and encrypting | Store text of document and digital signature; this combination is tamper-evident by design |
| Fail: complex and mysterious | Fail: reader required | Fail: Complex, mysterious, many ways to fail | Reader required | Significant cost of person-proofing and certificate issuance | Pass: strong Strong confidence in identity and credential, however, custody of credential not guaranteed |
USDA Level 2 Access | Create online profile, then appear in-person at USDA Service Center with government-issued photo ID to activate level 2 credentials | User ID and password | Customer specified credentials are electronically activated by USDA Service Center employee | tbd | tbd |
|
| Pass: strong Strong confidence in identity, however, custody of credential not guaranteed | ||||
FedEx-like digitized signature: holographic signature using stylus on a digitizing pad | Signature would not necessarily be electronically associated with the registrant | Image of a holographic signature | None required | Signatory signs a holographic signature on a digitizing pad while the digitizing pad is under the control of agency's e-signature software | Package signed document and image of holographic signature; requires external "seal" to make tamper-evident |
| Pass: familiar Familiar and understandable | Fail: stylus and Requires digitizing pad required, stylus, and custom software required at client device | Fail: Significant cost of stylus and digitizing pad | Pass: characteristics Characteristics similar to traditional signature | ||
RSA SecureID¿ | Configurable per business requirements; could be fully online using shared secrets | Choice of 5 hardware authenticators or software for cell phone or PDA | Hardware authenticators require physical delivery; software authenticators "seed" could be delivered electronically | Signatory signs with a "something you know" pin or password, and, a one-time use token code generated by their authenticator | Package signed document and authentication metadata; requires external "seal" to make tamper-evident |
| Pass: dedicated Dedicated devices mask deep complexity | Fail: dedicated Dedicated device must be present at signing | Fail: Significant cost of dedicated device and licensing | Pass: strong Strong confidence in identity and credential, good confidence in custody of credential | ||
NPS e-signature | Online registration, identity validation via shared secrets including SSN | Username and password | Online issuance | Signatory signs with a "something you know" username and password | Package signed document and authentication metadata; requires external "seal" to make tamper-evident |
| Pass: similar Similar to common e-commerce transactions | Pass: only Only "something you know" required | Pass: clearly Clearly less expensive than the former paper process | Pass: moderate Moderate confidence in identity, credential, and custody, but may be adequate to mitigate moderate risk | ||
HMS Permits: | Online registration at http://www.hmspermits.gov/ | Permit number | Online issuance of permit | Not called a signature, but does include "I am authorized" checkbox | Typical transactional database controls |
| Pass: similar Similar to common e-commerce transactions | Pass: only Only "something you know" required | Pass: clearly Clearly less expensive than the paper process | Pass: little Low confidence in identity and custody, but may be adequate to mitigate very low risk |