...
A traditional holographic (hand-written) signature affixes a distinctive mark to the original document (the signature) that may be used as evidence of the identity of the signor, that the signing party approved, their approval, authorizedauthorization, or adopted adoption of the document, and that the document has not been altered subsequent to the signature. An electronic signature calls for a similar outcome; some . Some distinctive mark must be affixed to the original document as evidence of the electronic signature, binding the document to the signorsigning party's identity, indicating their approval or adoption, and providing evidence of the document's integrity. (These three elements, identity, adoption, and non-alteration, are known in computer security jargon as non-repudiation.)
...
In practice a social security number should not be used directly for this purpose, but , some other identifier could serve the same function. The requirements for the identifier are that it is distinctive and unique to the individual, and can be associated as necessary with other data pertaining to that individual.
The There are a variety of mechanisms for binding the identifier to the document provide more scope for variation. The simplistic example above writes the identifier (SSN), the document, and contextual data into a database as related items. This approach may be sufficient to mitigate business risk. A more rigorous approach would be to use pre-process the document using a mathematical function that would imprint the identifier and contextual data on the document, and then store the resulting imprinted document along with the identifier and contextual data. An even more rigorous approach would be to submit the document, identifier and contextual data to the US Postal Service Electronic Postmark system. (The Electronic Postmark provides trusted proof of content as of a specific point in time.)
...
Depending on business risk it may be adequate to store the originating computer's Internet Protocol address and time stamps in database tables. Higher levels of business risk might require Secure Socket Layer (SSL) sessions, trusted time stamps, and comprehensive audit trails on the database tables involved. It should be noted that while the policy directive stipulates that audit trails "identify the sending location", in practice it is not possible to identify the sending location of an Internet transaction with a high degree of confidence.
To some extent extra emphasis on database integrity might counterbalance an emphasis on audit trails. For example, if an Electronic Postmark were used as the guarantor of document integrity, audit trails on local database tables might be considered irrelevant.