| Panel |
|---|
| 1 | http://reefshark.nmfs.noaa.gov/f/pds/publicsite/documents/policies/32-110.pdf |
|---|
| title | Electronic Signature Implementation Requirements |
|---|
|
(from policy directive 32-110)
1. The implementation of an e-signature system must contain some form of technical non-repudiation services to protect the reliability, authenticity, integrity, and usability, as well as the confidentiality, and legitimate use of the electronically-signed information.
2. The technical non-repudiation services (required in number 1 above) should tie the electronic transaction to the individual or entity in a legally-binding way.
3. The electronic signature process should include, as part of its technical non-repudiation services, audit trails that ensure the chain of custody for the transaction. These audit trails should identify the sending location, sending individual or entity, date and time stamp of receipt, and other measures that will ensure the integrity of the document. These audit trails must validate the integrity of the transaction and prove: (1) that the connection between the submitter and NMFS has not been tampered with; and (2) how the document was controlled upon receipt by NMFS.
... |
...
A traditional holographic (hand-written) signature affixes a distinctive mark to the original document (the signature) that may be used as evidence of the identity of the signing party, their approval, authorization, or adoption of the document, and that the document has not been altered subsequent to the signature. An electronic signature calls for a similar outcome.
| Excerpt |
|---|
Some distinctive mark must be affixed to the original document as evidence of the electronic signature, binding the document to the signing party's identity, indicating their approval or adoption, and providing evidence of the document's integrity. |
(These three elements, identity, adoption, and non-alteration, are known in computer security jargon as non-repudiation.)
Binding Document to Identity
...
Alternative | Document Binding, Integrity, and Audit Trails Mechanisms | Confidence
| Characteristics |
|---|
Typical online system practices
| write the individual's identifier, the signed document, and contextual information into the database as a relation, with typical constraints, access controls, and security procedures
audit trails (change logs) may be maintained in the application program or the database layer
| low | fast implementation,
inexpensive to implement and maintain,
security characteristics well understood
|
Secure online system practices
| rigorous constraints, access controls, and security procedures, including audit trails in the database layer (in addition to any controls in the application layer), trusted time sources, logging of security events in the database layer and/or the system software layer, etc.
audit trails (change logs) should be maintained in both the application program and database layers
| moderate | moderately expensive to implement and maintain,
security characteristics well understood |
Package with a Digital Signature
| pre-process the document using a mathematical function that would imprint the identifier and contextual data on the document, and then store the resulting imprinted document along with the identifier and contextual data, which should include a trusted timestamp.
audit trails should be maintained in both the application program and database layers, although in this case the audit trails are solely to preserve confidence in the transaction context data. Confidence in the integrity of the signed document is preserved by the tamper-evident nature of a Digital Signature. Operationally it would be impossible to change a signed document without invalidating the signature; instead of allowing changes to signed documents, the system may need to support attaching signed amendments or annotations to a document, or some other mechanism that clearly preserves the original signed document but makes some allowance for additions to the record.
| high | expensive to implement and maintain, security characteristics are complex and unfamiliar |
USPS Electronic Postmark
| submit the document, identifier and contextual data to the US Postal Service Electronic Postmark system (EPM) and store the resulting confirmation code with the signed document
audit trails should be maintained in both the application program and database layers, although in this case the audit trails are solely to preserve confidence in the transaction context data. Confidence in the integrity of the signed document is preserved by the tamper-evident nature of the USPS EPM and by trust in the institution of the USPS. Operationally it would be impossible to change a signed document without invalidating the EPM; instead of allowing changes to signed documents, the system may need to support attaching signed amendments or annotations to a document, or some other mechanism that clearly preserves the original signed document but makes some allowance for additions to the record.
| highest | inexpensive to implement but expensive to maintain, security characteristics are based on trust in the institution of the USPS |
...