incomplete - characterizes alternative approaches to e-signatures.
Context for Analysis (Steve to provide
Requirements
- Ease-of-use consistent with typical commercial online transactions such as consumer banking or personal investor securities trading
- Portable e-signature capability, not tied to a particular Internet access device or particular type of access device (rules out a signature digitizing pad, fingerprint reader, etc.)
- Low-cost or no-cost to the end user, cost to agency appropriate for business value delivered
- Accountability appropriate to mitigate business risk - which is a function of confidence in the original identity assertion (was the registrant who they claimed to be?), the chain of custody of the identity credentials (did the registrant maintain sole custody of the secret key), the integrity of the signed document (is the document in evidence exactly the same document that was signed?), and the legal framework of the e-signature (is the signature legally binding?).
Design Alternatives
In the design of e-signature systems there are several independent components, each of which present choices among technical alternatives, and these choices can be mapped to our requirements:
Design |
Registration |
Credential |
Credential |
Signing |
Tamper |
|
Ease-of-use |
Portability |
Cost |
Accountability |
|---|---|---|---|---|---|---|---|---|---|---|
Theoretical PKI alternative |
In-person proofing at USPO |
PKI private key |
In-person |
Digital Signature: document hash is encrypted with private key. Requires some type of reader to input the key, and, client software to execute the hashing and encrypting |
Store text of document and digital signature; this combination is tamper-evident by design |
|
Fail: complex and mysterious |
Fail: reader required |
Fail: cost of person-proofing and certificate issuance |
Pass: strong confidence in identity and credential, however, custody of credential not guaranteed |
USDA Level 2 Access |
Create online profile, then appear in-person at USDA Service Center with government-issued photo ID to activate level 2 credentials |
User ID and password |
Customer specified credentials are electronically activated by USDA Service Center employee |
tbd |
tbd |
|
|
|
|
Pass: strong confidence in identity, however, custody of credential not guaranteed |
FedEx-like digitized signature: holographic signature using stylus on a digitizing pad |
Signature would not necessarily be electronically associated with the registrant |
Image of a holographic signature |
None required |
Signatory signs a holographic signature on a digitizing pad while the digitizing pad is under the control of agency's e-signature software |
Package signed document and image of holographic signature; requires external "seal" to make tamper-evident |
|
Pass: familiar and understandable |
Fail: stylus and digitizing pad required, custom software required at client device |
Fail: cost of stylus and digitizing pad |
Pass: characteristics similar to traditional signature |
RSA SecureID¿ |
Configurable per business requirements; could be fully online using shared secrets |
Choice of 5 hardware authenticators or software for cell phone or PDA |
Hardware authenticators require physical delivery; software authenticators "seed" could be delivered electronically |
Signatory signs with a "something you know" pin or password, and, a one-time use token code generated by their authenticator |
Package signed document and authentication metadata; requires external "seal" to make tamper-evident |
|
Pass: dedicated devices mask deep complexity |
Fail: dedicated device must be present at signing |
Fail: cost of dedicated device and licensing |
Pass: strong confidence in identity and credential, good confidence in custody of credential |
HMS Permits: |
Online registration at http://www.hmspermits.gov/ |
Permit number |
Online issuance of permit |
na |
na |
|
|
|
|
|