Electronic Signature Technology
Document sharing over the web is no longer a new thing recently. Important and sensitive information such as a legal contract are often contained in the documents. To prevent any form of interception and unauthorized modifications of the documents by hackers or anyone, the message must be securely encrypted. To fully realise a high level of security, such documents must be adequately signed digitally. This, therefore, vouches for the originality of the document, its integrity, and nonrepudiation. For instance, an online vendor can effectively monitor and track an order initiated by an online customer. The recent spike in the demand for electronic signature technology has necessitated many prominent platforms such as DocuSign to deliver commercial security software that enables users employ digital signatures to secure business or transaction documents. Before the discussion continues, the concept of Electronic signature technology must be delineated.
What does Electronic Signature Technology entails?
It can be said to have emerged from cryptography. The cryptography consist of two keys namely a private key and a public key. A private key is used to sign a document by the sender before being sent and the other key is employed by the recipient who receives the signed document to authenticate the document. It should be noted that both keys belong to the sender. An electronic signature also called the digital signature performs the function of a traditional handwritten signature more precisely and to a greater extent and effectiveness. It is a well-known fact that a skilled forger can effortlessly alter the contents of a document with a handwritten signature or move a signature from one document to another without being detected. The use of electronic signature technology has in place, all necessary security measures to detect any foul-play in the signed document. For instance, document content modification or signature replacement can be detected by the failure of the verification process. The technology behind electronic signatures cannot be fully discussed without treating the following terms as applicable.
1. The Public Key Trust Models
The two of them are the Private key and Public key. The first is the private key that the sender uses to sign or append documents and it is kept secured, probably stored as a computer, as it solely belongs to the sender. However, the second one which is the public key is the one released by the sender to the recipient to facilitate authentication process. This key is used to verify the sender’s signature. It is either published for recipients to see or it is sent directly to them. Additionally, to determine whether the signature is genuine or not, both sender and recipient must have established a public key trust relationship before exchanging documents to void falling for the despicable act of some hackers.
2. Certificate Authorities (C.A)
These are the organizations in charge of certifying They are also referred to as the third-party. They are a trustworthy organization that certifies public keys by issuing electronic certificates (called digital certificate) to users. Such certificate contains user details like the user's identity, public key, and key expiration date. The digital certificates issued are signed by the Certificate Authority’s private key. In similar manner to the sender, Certificate Authorities provide a certificate containing its own public key which is accessible to anyone wishing to verify issued certificates by the CA.
3. Time Stamping
This caters for the future occurrence such as expiration of certificates, revoked certificates. Document that has been signed before a certificate expires or is revoked will be out rightly rejected since the document will no longer be trusted. However, it such a document can be accepted provided a Time stamp is attached. The expired certificate can be used to verify the old signature. Time stamping can be used for legal and financial documents in addition to its function as a future validity guarantor.
Delivering Electronic signature technology with PKI
The best public key trust model that is suitable for a company must be considered before delivering an solution to be used by a company. Product that falls under the direct trust model should be used if digital signature is to be implemented for a small, designated group of people with no plan of implementing the PKI over a short time. But if transactions are made in a public environment, for example over the internet, the third party trust model is required. PKI infrastructure implementation needs a carful plan as it is not an easy task. Some questions to be asked before doing so are:
i. Which PKI vendor to choose?
ii. Which directories should be used?
iii. Which CA trust relationship to use? Hierarchy certification or cross-certification?
iv. What about government regulation?
v. How about interoperability?
Finding answers to the above listed questions will go a long way in ensuring an adequate implementation of electronic signature technology.
We'll help you find the plan that's right for you.