Versions Compared

Version Old Version 21 New Version Current
Changes made by

Larry Talley - NOAA Federal (Unlicensed)

Larry Talley - NOAA Federal (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Reverted from v. 27
Panel
1http://reefshark.nmfs.noaa.gov/f/pds/publicsite/documents/policies/32-110.pdf
titleElectronic Signature Implementation Requirements

(from policy directive 32-110)
1. The implementation of an e-signature system must contain some form of technical non-repudiation services to protect the reliability, authenticity, integrity, and usability, as well as the confidentiality, and legitimate use of the electronically-signed information.
2. The technical non-repudiation services (required in number 1 above) should tie the electronic transaction to the individual or entity in a legally-binding way.
3. The electronic signature process should include, as part of its technical non-repudiation services, audit trails that ensure the chain of custody for the transaction. These audit trails should identify the sending location, sending individual or entity, date and time stamp of receipt, and other measures that will ensure the integrity of the document. These audit trails must validate the integrity of the transaction and prove: (1) that the connection between the submitter and NMFS has not been tampered with; and (2) how the document was controlled upon receipt by NMFS.
...

...

Alternative

Document Binding, Integrity, and Audit Trails Mechanisms

Confidence

Characteristics

Typical online system practices

write the individual's identifier, the signed document, and contextual information into the database as a relation, with typical constraints, access controls, and security procedures

audit trails (change logs) may be maintained in the application program or the database layer

low

fast implementation,
inexpensive to implement and maintain,
security characteristics well understood

Secure online system practices

rigorous constraints, access controls, and security procedures, including audit trails in the database layer (in addition to any controls in the application layer), trusted time sources, logging of security events in the database layer and/or the system software layer, etc.

audit trails (change logs) should be maintained in both the application program and database layers

moderate

moderately expensive to implement and maintain,
security characteristics well understood

Package with a Digital Signature

pre-process the document using a mathematical function that would imprint the identifier and contextual data on the document, and then store the resulting imprinted document along with the identifier and contextual data, which should include a trusted timestamp.
it should be impossible to change a signed document, since the Digital Signature's tamper-evident packaging would indicate that a changed document was invalid
audit trails should be maintained in both the application program and database layers, although in this case the audit trails are solely to preserve confidence in the transaction context data.  Confidence in the integrity of the signed document is preserved by the tamper-evident nature of a Digital Signature.  Operationally it would be impossible to change a signed document without invalidating the signature; instead of allowing changes to signed documents, the system may need to support attaching signed amendments or annotations to a document, or some other mechanism that clearly preserves the original signed document but makes some allowance for adding additions to the record in the future.

high

expensive to implement and maintain, security characteristics are complex and unfamiliar

USPS Electronic Postmark

submit the document, identifier and contextual data to the US Postal Service Electronic Postmark system (EPSEPM) and store the resulting confirmation code with the signed document

audit trails should be maintained in both the application program and database layers, although in this instance case the most relevant audit trails would be those that guanrantee that the relationship between the document, identifier and contextual data and the USPS EPS confirmation code was robust.  The existence of effective audit trails within the USPS EPS program would be assumedaudit trails are solely to preserve confidence in the transaction context data.  Confidence in the integrity of the signed document is preserved by the tamper-evident nature of the USPS EPM and by trust in the institution of the USPS.  Operationally it would be impossible to change a signed document without invalidating the EPM; instead of allowing changes to signed documents, the system may need to support attaching signed amendments or annotations to a document, or some other mechanism that clearly preserves the original signed document but makes some allowance for additions to the record.

highest

inexpensive to implement but expensive to maintain, security characteristics are based on trust in the institution of the USPS

...