Versions Compared

Version Old Version 28 New Version Current
Changes made by

Larry Talley - NOAA Federal

Larry Talley - NOAA Federal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Reverted from v. 27


...

Excerpt

Some distinctive mark must be affixed to the original document as evidence of the electronic signature, binding the document to the signing party's identity, indicating their approval or adoption, and providing evidence of the document's integrity.

Introduction

A traditional holographic (hand-written) signature affixes a distinctive mark to the original document (the signature) that may be used as evidence of the identity of the signing party, their approval, authorization, or adoption of the document, and that the document has not been altered subsequent to the signature. An electronic signature calls for a similar outcome. 

...

Panel
titleElectronic Signature Implementation Requirements

(from policy directive 32-110

...

)
1. The implementation of an e-signature system must contain some form of technical non-repudiation services to protect the reliability, authenticity, integrity, and usability, as well as the confidentiality, and legitimate use of the electronically-signed information.
2. The technical non-repudiation services (required in number 1 above) should tie the electronic transaction to the individual or entity in a legally-binding way.
3. The electronic signature process should include, as part of its technical non-repudiation services, audit trails that ensure the chain of custody for the transaction. These audit trails should identify the sending location, sending individual or entity, date and time stamp of receipt, and other measures that will ensure the integrity of the document. These audit trails must validate the integrity of the transaction and prove: (1) that the connection between the submitter and NMFS has not been tampered with; and (2) how the document was controlled upon receipt by NMFS.
...

Introduction

A traditional holographic (hand-written) signature affixes a distinctive mark to the original document (the signature) that may be used as evidence of the identity of the signing party, their approval, authorization, or adoption of the document, and that the document has not been altered subsequent to the signature. An electronic signature calls for a similar outcome. 

Excerpt

Some distinctive mark must be affixed to the original document as evidence of the electronic signature, binding the document to the signing party's identity, indicating their approval or adoption, and providing evidence of the document's integrity.

(These three elements, identity, adoption, and non-alteration, are known in computer security jargon as non-repudiation.)

Binding Document to Identity

Some distinctive mark must be affixed to the original document as evidence of the electronic signature. This outcome has been articulated in the NMFS policy directive 32-110 as "...tie the electronic transaction to the individual or entity in a legally-binding way."  In e-signature systems, the distinctive mark is going to be one or more data elements that have been associated with the individual or entity.  A simplistic (but inadvisable) example would be to require the signing party to enter their social security number as part of the signing ceremony; the social security number could be considered a distinctive mark and stored in a database table with the document, the date and time of the e-signature, and other contextual data. 

...

In practice a social security number should not be used directly for this purpose, but some other identifier could serve the same function.  The requirements for the identifier are that it is distinctive and unique to the individual, and can be associated as necessary with other data pertaining to that individual.

...

Alternative

Document Binding, Integrity, and Audit Trails Mechanisms

Confidence

Characteristics

Typical online system practices

write the individual's identifier, the signed document, and contextual information into the database as a relation, with typical constraints, access controls, and security procedures

audit trails (change logs) may be maintained in the application program or the database layer

low

fast implementation,
inexpensive to implement and maintain,
security characteristics well understood

Secure online system practices

rigorous constraints, access controls, and security procedures, including audit trails in the database layer (in addition to any controls in the application layer), trusted time sources, logging of security events in the database layer and/or the system software layer, etc.

audit trails (change logs) should be maintained in both the application program and database layers

moderate

moderately expensive to implement and maintain,
security characteristics well understood

Package with a Digital Signature

pre-process the document using a mathematical function that would imprint the identifier and contextual data on the document, and then store the resulting imprinted document along with the identifier and contextual data, which should include a trusted timestamp.

audit trails should be maintained in both the application program and database layers, although in this case the audit trails are solely to preserve confidence in the transaction context data.  Confidence in the integrity of the signed document is preserved by the tamper-evident nature of a Digital Signature.  Operationally it would be impossible to change a signed document without invalidating the signature; instead of allowing changes to signed documents, the system may need to support attaching signed amendments or annotations to a document, or some other mechanism that clearly preserves the original signed document but makes some allowance for additions to the record.

high

expensive to implement and maintain, security characteristics are complex and unfamiliar

USPS Electronic Postmark

submit the document, identifier and contextual data to the US Postal Service Electronic Postmark system (EPM) and store the resulting confirmation code with the signed document

audit trails should be maintained in both the application program and database layers, although in this case the audit trails are solely to preserve confidence in the transaction context data.  Confidence in the integrity of the signed document is preserved by the tamper-evident nature of the USPS EPM and by trust in the institution of the USPS.  Operationally it would be impossible to change a signed document without invalidating the EPM; instead of allowing changes to signed documents, the system may need to support attaching signed amendments or annotations to a document, or some other mechanism that clearly preserves the original signed document but makes some allowance for additions to the record.

highest

inexpensive to implement but expensive to maintain, security characteristics are based on trust in the institution of the USPS