Commercial Code, argues that once an organization purchases the equipment, it quickly pays for itself through a reduction in clerical time. A machine can send, receive, read and sort electronic files with minimal human intervention.

Also, using electronic documents can dramatically reduce retrieval time when searching for document types and case numbers. Digital signatures coupled with workflow software can also reduce the time that paper sits on desk in-baskets.

Still, the future is not without pitfalls. Some major issues remaining include who would build and pay for the infrastructure and what the cost for users will be. In Utah, explained Danielson, "the private sector will build it and the government will only lightly regulate it."

He believes that the market will determine the cost for creating, authenticating and storing public keys, rather than government regulation. Higher fees will be charged depending on the exposure of the certification authority. For example, a higher fee would be charged for a $100 million signature key than for a $50 key.

"You will have the large national banks that are certification authorities," Danielson continued. "They will do the high-risk things for a high fee. And you will have your Nick and Tony's Body Shop with digital signature capability on the corner that will give you a $250 key that will allow you to make a purchase from the Sears Catalog over the Internet." Still, the ultimate cost to government for access to digital signatures remains a question mark. But Danielson is convinced that the savings will outweigh the costs.

Whatever the cost, digital signatures are coming. Once the infrastructure is built and tested, an electronic John Hancock may become as much a part of your life as your old pen-based signature.

Alan Sherwood is a freelance writer who lives in Salt Lake City.

*

--------------------------------------------------------------------------------

HOW DIGITAL

SIGNATURES WORK

To explain how digital signatures work, a bank safety deposit box makes a good analogy. Two keys are needed to open and close the document, or deposit box. When a deposit box is locked, the bank retains one key, called a public key, while the client has the other, called a private key. The private key is always to be kept in confidence by its owner.

Both keys are used to create a digital signature, which is actually an encrypted message. To decrypt the document, the receiver must get the sender's public key. The software recognizes if the message was opened in transit because the secret key is needed to properly reclose it.

The infrastructure being created in Utah utilizes third parties who register and hold public-key data. The third party creates and certifies the public key, and will provide it to those receiving a signed message from a registered client. The third parties, whose role is similar to notary publics, ensure the identity of the public key holder and are intended to ensure system integrity.

For a full explanation of public and private keys, see "Access," Government Technology, December 1995.

*