Since PDF is so important I added a PDF page, see Portable Document Format (PDF) signature, in the Esignature technology section. It has more information than the post on this topic.
In the process of writing this page I was struck by the way Adobe evolved from the company that wrote printer software… but I digress.
Hope to get up some stuff on eNotarization and authentication real soon now. Anything else you would like to see?
Leave a Comment » | 
digital signature, electronic document, esignature, PDF | 
Permalink
Posted by Mike Ambrose
Another area that is routinely conflated into the electronic signature/document processing stew is the topic of authentication. Authentication has many meanings, but in the context that it is usually used in the electronic document space it refers to “How do I know it is you signing this document?” This has obvious ramifications for non-repudiation.
Authentication then brings in the issue of trust. Do I trust your credentials/identification? Just as in real-world, potentially you could be an impersonator with a fake id. Peter Gutmann at the University of Auckland has an interesting (if slightly dated) discussion of issues around using electronic signatures, with a focus on signature laws and using PKI as an adequate proxy for trustworthy credentials. This presentation can be found here, Guttman on PKI and signatures. One area to note is the section on Trust beginning on page 23.
Mr. Gutmann discusses types of trust. His taxonomy includes (but is not limited to):
All of these forms of trust come into play in the world of electronic transactions. A business supports blind trust when it allows you to request a car insurance quotation online and emails you a link where you can access the web based applications. When a quotation is issued based upon your applying at the private link it has granted you swift trust. And when it issues you the insurance based upon you making your first payment with your American Express it employs indirect trust, American Express guarantees the payment!
In each step the business is increasing its confidence, or trust, that you are you. This is has been done through a web of interlocking identification factors: you own the email address, the car is registered in your name and you have provided a valid credit card which has the same billing address as your car registration. Each step has been hedged so that the insurance company (which assumes all liability if it is defrauded) has made a decision on the acceptable levels of business risk.
Peter Gutmann seems to believe, and I concur, that prescriptive digital signature laws do little to mitigate the risk of electronic transactions in an acceptable way. Furthermore, they may create more problems than they solve.
I would add to this that the general electronic signature laws (ESIGN/UETA in the US) provide all of the legislative framework that is necessary. With these laws, and a sensible approach to risk management through authentication and intermediaries, electronic transactions should have no more risk than the face to face transactions that we engage in every day.
3 Comments | digital signature, electronic document, esignature | Permalink
Posted by Mike Ambrose
A key requirement for an electronically signed document is a trusted time stamp. This is very important for non-repudiation of contracts (was I bound by this at the time?) and for other important documents such as the disclosure of patentable inventions.
Proof of the existence of a signed document at a given time can be demonstrated by having a time stamp of the document signature issued by a trusted timestamp authority (TSA). A TSA is an entity that can demonstrate that it maintains its clock against a recognized time source such as NIST in the US. There are also standards for trusted time stamps such as RFC 3161 and ANSI X9.95, and a number of vendors that provide this service.
The basic process for obtaining a trusted time stamp is this:
The requesting party generates a hash or digital signature (only hashes may be signed in RFC 3161 compliant signatures) of the signed document and sends this value to the TSA. The TSA attaches a time stamp token to the hash, then digitally signs it with the TSA’s certificate. The requesting party validates the time stamp token and then associates this token with the signed document. This establishes that the signed document existed at the time of the time stamp. It does this without the TSA being aware of the conents of the digital document being signed, thus preserving the confidentiality of the signed document.
There are several ways of generating a time stamp token. RFC 3161 requires support of a time stamp token that contains the time as Zulu time, specified to the second, or better. It also requires that the TSA include a unique serial number with every timestamp issued so that the TSA name and token serial number define a unique time stamp.
Some other methods of generating timestamps rely on “document chaining” which includes a piece of the previous timestamp with each certificate thus establishing the validity of the time. Other methods combine this with using a single timestamp for a given interval of time so that many documents receive the same timestamp, and it is calculated as function of all of these documents. Should this timestamp be challenged several other document authors could be used as witnesses! An interesting survey of timestamping methods by Michael de Mare can be found here.
Some other methods proposed use transient keys, meaning the key used for signing the document hash is a function of the time. Generation of “trusted time stamps” is an area of significant activity, and many vendors will emphasize the advantages of their (often proprietary) methods.
Usage of a trusted time stamp is necessary for increasing the reliability of an electronic signature in a document. For many documents an institution may rely on its own time server for a TSA – this is legitimate as long as the institution is able to document its timekeeping policies and demonstrate their reliability in the event that the time stamps are challenged.
With many vendors pushing their own methods for time stamping and the significant complexity that can be attached to the topic it is easy to get confused. However the question that a relying party should ask is “How good do they have to be?” There are many ways of legally establishing the time of the occurence of an event. Just insure that you can justify yours!
5 Comments | digital signature, esignature, timestamp | Permalink
Posted by Mike Ambrose
Looking at my own experiences and speaking with some of you makes it seem that there are two types of people working on deploying electronic signatures in companies. One type is the techie – this is the person that can tell you ten different ways to detect alterations to an electronic record and why anybody that doesn’t get that an electronic document is just a record is just stupid. This person is ready to start coding – and he may never produce a system that is usable and delivers legally binding signatures.
The other type is the cautious manager – this individual believes the existing paper or hybrid edoc/paper processes work fine and knows at least five reasons that the project is too risky, it is too expensive and should be killed or endlessly postponed until it sinks from view.
Yet everyone agrees that as more business and personal interaction moves into cyberspace the need exists and will be serviced. Growth of online purchases continues to outpace brick and mortar in the US. More and more the government is accepting electronic documents to streamline operations and comply with various regulations.
At some point everyone will need to concede that there are ways to make electronic documents far more secure than signed paper documents, and that they are different than paper documents! It is all about the process that is followed. Care must be taken to insure that individuals are aware of the transactions that they are engaged in and that their personal data is properly protected. Ultimately there will be a rich history of civil cases, law firm Buckley Kolar presents an extracted summary at the ESRA conference here citing some of the legal groundwork that is forming. But how long will you wait for this to occur? Waiting too long insures that your business will be left behind.
You just need to get your techies to use their wizardry to match the legal requirements – they are pretty clear. An overview is even available on the implementing esignatures page on this blog. The process for creating a legally binding signature and responsibly managing electronic documents is not that complicated, you just need to follow it.
Maybe the question is not can you afford to proceed ahead with esignatures, but can you afford not to? Businesses are gaining real savings in $, time and customer satisfaction with electronic document flow and electronic transactions – are you one of these businesses or are they your competitors?
3 Comments | digital signature, esignature | Tagged: electronic signature, esignature | Permalink
Posted by Mike Ambrose
Adobe added a robust digital signature architecture to the PDF electronic document standard. They also support sophisticated form filling and document roll-back capabilities. As mentioned in earlier posts, PDF has made significant progress as a de facto standard for electronic documents and the inclusion of sophisticated digital signing further enhances PDF’s capabilities. Many organizations are already generating PDF documents as their standard for manuals, forms, contracts and other traditional paper uses, this would seem to make the use of the PDF signatures even more compelling.
Adobe specificed an extensible signature dictionary as the analog of XMLDSIG’s <Signature> element. Additionally Adobe has developed SigQ and Adobe Certified Document Services and works with ISO and AIIM on implementing “open” trustworthy electronic document standards. The PDF specification (all 1100+ pages) and associated IP to create PDFs are freely available. Certainly Adobe signatures must be the way of the future, right?
Unfortunately, the actual implementation of digital signing using PDF’s integrated capabilities has proven to be more challenging. Because of the reliance on a PKI, deploying the default Acrobat PKI-based signatures also requires the implementer to have and configure a sophisticated and complex relationship of trust. This is similar to the weakness in the XMLDSIG paradigm. Additional complexity is created by the fact that PDF depends upon PDF specific trust relationships, for example it does not use the standard Windows certificate store. Many of these challenges and the general lack of intutitiveness are addressed in a post by acrobatusers.com blogger Duff Johnson here. The end result is that the PKI based signatures are often easiest to use inside of existing companies or business relationships.
Another barrier has been complexity and confusion over generating Reader signable documents. Prior to Acrobat 8 this required purchasing an expensive license to Reader Extensions for Adobe’s servers. Since the advent of Acrobat 8 this may be relaxed – please consult with your local licensing expert!
Even after addressing the issues above one still has the fundamental problem of electronic credentials. All PKI based signing systems require the existence and maintenance of trusted electronic credentials and there are still no universally adopted credentias that one can assume are possessed by all of the prospective signers in many business processes. Businesses often do not even want to assume responsibility for doing this for their own customers and partners.
These complications have certainly contributed to slower implementation of signable PDFs. Many evaluators that initially think that they will go in this direction ultimately choose a more proprietary system – although one that often uses PDF for the document. We will discuss some of these below:
Adobe’s default verification plug-in often does not support all of the information that a business wishes to associate with the signature or signed document. The user of the electronic signature may want the signature to be self-contained, that is contain all of the elements required to meet the requirements of ESIGN. An example is the capture of an electronically recorded handwritten signature with its associated biometrics as well as extended signature ceremony data. Doing this requires the use of another plug-in or aplet to capture and embed this information in the PDF document. Several vendors provide PDF plug-in solutions such as this.
Other signature systems using PDF documents implement the signature using a detached signature that references the pdf document and provides the necessary signing information and tamper evident seal. They may embed an image of a handwritten signature or seal into the PDF as an image field. This model is well suited to the workflow of many businesses but it may not use the PDF signature dictionary at all!
So are signable PDFs the way of the future? Maybe, but probably not exactly as Adobe believed that they would be!
3 Comments | digital signature, electronic document, esignature, PDF | Permalink
Posted by Mike Ambrose
Many of us in the esignature community are somewhat mystified by the slowness of industry to adopt electronic signatures. The ROI is demonstrated and generally accepted to be quite high for many documents, with improved productivity, reduced errors, more rapid processing, improved customer satisfaction and many other benefits. So it is remarkable that the government is leading the way ahead of many respected, world class companies in the private sector. The IRS has been willing to accept electronic tax filings from most individuals since 1998 and now receives over half of it filings electronically.
The Department of Education processes 14 million Financial Aid applications a year and is seeing significant growth in the electronic applications. They claim that none of the electronically signed applications has ever been contested. There is a nice presentation on the Department of Education’s roll-out from the ESRA Conference last month here.
An interesting opinion of Education’s authors:
Implementation will not be constrained by the technology or legal issues. It is constrained by the business side and its ability to handle the process re-engineering and the organizational willingness to change issues.
I guess it means that the Department of Education is more willing to change than most of our Fortune 100 institutions. Does this seem to match your experience?
2 Comments | esignature | Tagged: electronic signature | Permalink
Posted by Mike Ambrose
The XML page is up to talk about this important technology: XML Electronic Signatures
Also – thanks for the ideas on structuring this site. I will be trying to incorporate things such as the XML technology PDF on static pages and possibly move to a static page for an entry. The blog will be used for updates on new technologies and depoloyment.
I am looking for co-contributors, anyone interested?
3 Comments | digital signature, esignature, XML digital signature, XML electronic signature | Permalink
Posted by Mike Ambrose
I’ve finished the first of the E-Signature technology pages, the beginning of a terminology primer, and hope to add more this week. I will be publishing technology pages geared at the intelligent lay person, as a practitioner it is more important that we carefully and correctly implement these technologies with widely available tools than that we have a deep understanding of the extremely complex mathematics associated with PKI cryptosystems.
Let’s get some discussion going here, I know that many people have greater insights than I and look forward to having you share your insights!
Leave a Comment » | esignature | Permalink
Posted by Mike Ambrose
When you first decide to add signed electronic documents to your workflow the tendency is to want to sign the document in the native format of the creating application. So people often think that they want to sign Microsoft Office files, emails and CAD files. However there are several considerations when it comes to actually deploying the system.
What are retention requirements? If these signed documents need to be accessible in 10 years is the Word document format an appropriate format for archive?
Who will be signing the documents, and where? The availability of viewing tools is critical, as the document will need to be viewed electronically.
These considerations often cause the direction to turn to standard formats for archive. One format that has become very popular in electronic document archiving is the TIFF standard, largely due to its origins in the scanning and archiving of paper documents. TIFF is readily viewable using many applications and has proven to be a durable specification, as has its cousin in the imaging world, JPEG. These documents are easily signed and displayed. Indexing and storing requires using metadata tags as these documents are not inherently searchable.
Text documents have significant advantages for indexing and searching, but raw text lacks the formatting and images that are critical parts of most modern documents.
HTML and XHTML are gaining in popularity. The problem to date has been using restrictions to insure that the document is consistently rendered by the multitude of applications that display HTML.
The newest standard to gain favor is the Portable Document Format (PDF). This specification, developed and popularized by Adobe through its Acrobat family of products, is based on widely adopted Postscript page description language with extensions to support embedding fonts and other information useful to make a truly portable, device independent document format. Adobe released the PDF specifications and the rights to use them royalty free, although Adobe still owns copyrights. They also worked together with the ISO, AIIM and NPES to create the PDF/A format for long term document retention. The PDF references are available from Adobe here, and the PDF/A specification is available from the ISO. More information on PDF/A can be found at the PDF/A Competence Center.
In practice we have found that many organizations are migrating to the PDF standard, for multiple reasons. Native PDF has several advantages over image formats, in that PDFs are readily indexed and searched. However the biggest advantage is the ubiquitous and free Acrobat Reader. The prevalence of this application insures that nearly everyone that looks at a PDF document will see the exact same document. Other important features are the strong document-centric format and integrated support for digital signatures and X.509 digital certificates.
In the future we will have a section on methods for developing esignatures for PDF documents.
1 Comment | digital signature, electronic document, esignature, PDF | Permalink
Posted by Mike Ambrose
As I’ve researched esignatures as a practitioner, I find that there is still a lot of black magic associated with the field. I don’t want to trivialize implementing esignatures, but I think that adoption will be slowed and deployments will be delayed if people are afraid of the process.
So, I’m putting up this blog to discuss electronic signatures. I’m thinking that I will create pages with tutorial-ish summaries, add useful links in both the pages and the sidebar and we can all post new information/updates as they arrive.
Is this idea useful? Is a blog the right format?
7 Comments | esignature | Tagged: digital signature, e-signature, electronic signature | Permalink
Posted by Mike Ambrose
You are currently browsing the archives for the esignature category.
Subscribe to Esignature Post feed