September 30, 1999 By Todd Sander
These days, digital signature technology is the tin can that will make electronic documents viable. All we need now are the laws, policies and business practices that will let us get to the soup inside. Fortunately, Washington, Massachusetts, Texas and the Social Security and General Services administrations, to name but a few, are working hard to invent a "can opener."
The signature has been the foundation of business and government transactions for thousands of years. However, the tools of government and commerce are changing. Bits and bytes are replacing pen and parchment. Information is being created, transformed and transferred more often and more rapidly than ever before.
Modern communication tools have created almost limitless opportunities to improve information flow and processes, but they have not eliminated the legal, cultural and practical need for tangible and lasting representation of commitment. Digital signatures are today's answer to that age-old need.
Digital signatures will someday give us the ability to routinely transact official business between government and the public over computer networks. Unfortunately, the political, legal and technical infrastructure necessary to support widespread implementation of such an open public-key infrastructure (PKI) seems to be several years away.
Right now, this technology can transform the way we do business amongst ourselves; government to government. How much time and money is spent within an enterprise like local government routing paperwork for signatures? The city of Tucson requires that some forms be routed between several geographically dispersed departments for review and signature. How much more efficient will operations be when we are able to fill out, route and sign our forms electronically?
Building the legal framework necessary to broadly implement digital signature technology has not been easy. Several of the bills dealing with digital signatures introduced in Congress in recent years have been designed to address specific concerns of factional interests and have not passed.
One philosophical question for states that has enacted digital signature legislation have been whether to license certification authorities. A summary of such legislation can be found at the McBride, Baker and Coles Web site. Certification authorities (CAs) are the legal entities responsible for ensuring the appropriate and consistent establishment of identity in the issuance of digital certificates.
A CA generates a matched set of electronic keys that correspond to a certificate and are necessary to digitally sign a document. Each set contains a public key kept in a publicly accessible electronic repository and a private key kept and protected by the individual.
Allowing a CA to become licensed -- licensure is optional even in most states that license -- is one way to help create trust in a PKI, the comprehensive system of laws, policies, practices and procedures necessary to create and exchange digital signatures. To complicate things just a bit more, a PKI can be either "open" or "closed."
An open PKI is one in which digital signatures are offered and accepted by people who have no significant knowledge of each other and no legal relationship besides the one created by the digital signature transaction. A closed PKI relies on business or contractual relationships that predate and could govern the relationship created by the digital signature.
Digital certificates issued by a CA can be used in three ways. First, they can establish identity. The certificate verifies that "I am who I say I am." Second, certificates can establish authority. The certificate validates that "I am the
You may use or reference this story with attribution and a link to