|
Defining the digital
signature
By Libby
Wells • Bankrate.com
 The
definition of electronic signatures contained in two bills that
were passed last year by the U.S. Senate and House of Representatives
is fairly loose because Congress did not want to mandate that a
specific technology be used.
"We're going to get a compromise bill that permits
people and institutions to choose from all different types of technology,"
says Kawika Daguio, executive vice president of the Financial Information
Protection Association.
"Too many people are hanging back from technology.
This is going to reduce fraud, open up new kinds of services and
allow people to do more cool stuff."
The
biometric revolution
Electronic signatures could include biometric technologies such
as voice and iris recognition, or something as simple as a fingerprint.
But when it comes to signing electronically transmitted documents,
the buzz is all about digital signatures.
Digital signatures are not new. The military
has been using the technology for about 20 years, says Thomas Greco,
vice president of legal policy for Digital
Signature Trust Co., of Utah.
"It's the common application which is the challenge,"
he says.
But, Greco says, within two to three years we'll
see widespread use of the technology.
A digital signature is not the same as a digitized
signature, which is you signing your name on an electronic pad like
the one you are handed when you receive a package from Federal Express.
In this case, the image of the handwritten signature is transferred
to an electronic document. Once captured, the signature can be cut
and pasted to any electronic document, making forgery easy.
Do
the math
Digital signatures have nothing to do with your name or your
handwriting. They are numbers derived from complex mathematical
equations.
The products being pushed by tech biggies such
as Microsoft and IBM are called public key infrastructure. The PKI
system uses two large numbers, called a key pair. One number is
public, the other is secret and must be guarded. The numbers are
stored on the user's computer. To ensure the safety of the private
key, a user could store it on a smart card.
The keys are mathematically related. What one
key does, only the other can undo. For example, if you sign a loan
using your private key, the bank would verify the signature using
your public key. You sign the loan with a keystroke or click of
your mouse. At this time, no extra equipment is required for most
applications, which are browser based.
"To break the keys would require super-computers
working in tandem," says Greco.
With the PKI system, the signature is verified
by comparing it to a digital certificate, an electronic document
kept on file with a third party that contains identifying information
such as your name, address and organization.
Greco says the technology is much safer than
signing your John Hancock, but not perfect.
"Nothing is 100 percent foolproof," he says.
"There is always a weak link in security."
-- Posted: March 6, 2000
|
