Electronic Signature Technology
Document sharing over the web is no longer a new thing recently. Critical and sensitive information such as a legal contract is often contained in the documents. To prevent any form of interception and unauthorized modifications of the documents by hackers or anyone, the message must be securely encrypted. To fully realize a high level of security, such materials must be adequately signed digitally. This, therefore, vouchers for the originality of the document, its integrity, and nonrepudiation. For instance, an online vendor can effectively monitor and track an order initiated by an online customer. The recent spike in demand for electronic signature technology has necessitated many prominent platforms such as DocuSign to deliver commercial security software that enables users to employ digital signatures to secure business or transaction documents. Before the discussion continues, the concept of Electronic signature technology must be delineated.
What does Electronic Signature Technology entail?
It can be said to have emerged from cryptography. The cryptography consists of two keys namely a private key and a public key. A private key is used to sign a document by the sender before being sent, and the other key is employed by the recipient who receives the signed certificate to authenticate the document. It should be noted that both keys belong to the sender. An electronic signature also called the digital signature performs the function of a traditional handwritten signature more precisely and to a greater extent and effectiveness. It is a well-known fact that a skilled forger can effortlessly alter the contents of a document with a handwritten signature or move a signature from one document to another without being detected. The use of Electronic Signature Technology has in place, all necessary security measures to identify any foul-play in the signed document. For instance, document content modification or signature replacement can be detected by the failure of the verification process. The technology behind electronic signatures cannot be adequately discussed without treating the following terms as applicable.
1. The Public Key Trust Models
The two of them are the Private key and Public key. The first is the private key that the sender uses to sign or append documents, and it is kept secured, probably stored as a computer, as it solely belongs to the sender. However, the second one which is the public key is the one released by the sender to the recipient to facilitate the authentication process. This key is used to verify the sender’s signature. It is either published for recipients to see or it is sent directly to them. Additionally, to determine whether the signature is genuine or not, both sender and recipient must have established a crucial public trust relationship before exchanging documents to void falling for the despicable act of some hackers.
2. Certificate Authorities (C.A)
These are the organizations in charge of certifying. They are also referred to as the third-party. They are a trustworthy organization that certifies public keys by issuing electronic certificates (called digital certificates) to users. Such a certificate contains user details like the user's identity, public key, and key expiration date. The Certificate Authority’s private key signs the digital certificates issued. Similarly to the sender, Certificate Authorities provide a document containing its public key which is accessible to anyone wishing to verify issued certificates by the CA.
3. Time Stamping
This caters for a future occurrence such as the expiration of certificates, revoked certificates. A document that has been signed before a certificate expires or is canceled will be out rightly rejected since the document will no longer be trusted. However, such a material can be accepted provided a Timestamp is attached. The expired certificate can be used to verify the old signature. Time stamping can be used for legal and financial documents in addition to its function as a future validity guarantor.
Delivering Electronic signature technology with PKI
The best crucial public trust model that is suitable for a company must be considered before delivering a solution to be used by a company. A product that falls under the direct trust model should be used if the digital signature is to be implemented for a small, designated group of people with no plan of implementing the PKI over a short time. But if transactions are made in a public environment, for example over the internet, the third party trust model is required. PKI infrastructure implementation needs a careful plan as it is not an easy task. Some questions to be asked before doing so are:
i. Which PKI vendor to choose?
ii. Which directories should be used?
iii. Which CA trust relationship to use? Hierarchy certification or cross-certification?
iv. What about government regulation?
v. How about interoperability?
Finding answers to the above-listed questions will go a long way in ensuring adequate implementation of Electronic Signature Technology.
We'll help you find the plan that's right for you.