Archive for February, 2008

"Trust Us!" – Electronic Signatures and Assurance

,,,,,

This entry continues our “What is an Electronic Signature, Anyway?” educational series.

Merriam-Webster defines assurance as “something that inspires confidence” and “freedom from self-doubt or uncertainty.”  When you receive an electronic document, how do you know it’s the document the author intended you to receive?  Likewise, if that document is an electronically-signed contract, how do you know who actually signed it?  How do you know the other party didn’t change the document after you sent it?  Assurance, as you can see, is critical to trusting the work that we store, put or send online.  Electronic signatures can provide a way to enhance your confidence in these documents in a paperless environment.

We can break down the most significant aspects of electronic signature assurance into the following components:

  • Authentication

Authentication deals with how a user verified him or herself to the signing system.  The more complex the type of authentication and the more ‘factors’ of authentication you combine, the higher the level of assurance becomes.  Did they simply click a button or did they first have to enter a username and password?  Authentication to a system is stronger if a user must present both a physical device (token or smart card) and a PIN or password to the system – a combination known as ‘two-factor authentication.’  Handwritten eSignatures inherit some level of assurance from their historical wet ink cousin.  Even biometric technology could be added to the picture, requiring persons to present ‘something they are,’ like a fingerprint or iris, to verify themselves. 

  • Identity Vetting

Identity vetting, or identity verification, answers the question, “How did the system arrive at trust in this signer?”  In other words, how did an organization or system grant a signer her signing credential or access to the signing system?  The intensity of this process can help to define assurance.  Is the signer being asked to appear in person and present multiple forms of government ID, or are they simply required to enter their name and click “OK”?  The more intense the scrutiny, the better the level of assurance.

  • Integrity

Integrity is one of the key capabilities of an electronic signature.  An electronic signature often includes the capability to “fingerprint” or hash a document so that a recipient can verify that a signed document was not changed post-signature.  Integrity can be achieved in a number of ways.  Some methodologies use cryptographic calculations, like a signed hash and digital signature embedded in a document verifiable by the reader of a document, to achieve integrity.  Others systems may offer integrity through secure archiving of original electronic documents and a strong audit trail of events that lead to the signature event itself. 

  • Validity

Validity, or put another way, the legitimacy of the user’s signing credential or access at the time of signature, is another critical aspect of assurance.  The user may be who he says he is, and may have used the proper methods for authentication, but what if they signing credential had been revoked before the time of signing because the user was fired from their organization?  Signing systems offering higher levels of assurance should be able to establish validity at the actual time of signing.

  • Time of signing

The time of signing is the final key element of assurance in electronic signatures.  A PC clock may be modified to fraudulently indicate time of signing, and thus a trusted third party clock can provide more assurance.

Not all electronic signatures are equal, however, when it comes to assurance.  The following diagram shows a stereotypical breakdown of assurance compared with average cost.

You can see that click-through electronic signatures inhabit the low end of the spectrum and multi-factor authenticated digital signatures occupy the high ground.  But not everything is as it seems.  If certain pieces of the assurance puzzle are missing, the arrangement above could be completely scrambled.

For example, you may have a digital signature system that requires the user to possess a device that requires both their fingerprint and a PIN code in order to sign a document.  On its face, this looks pretty secure.  But what if the system used to provide the user with the signing credential (a digital ID) never checked into that user’s identity?  Bob Smith could be signing in the name of Adobe’s CEO and no one would be any wiser.

Coming from the other direction, you might imagine a contract workflow that only requires a button click to process a signature.  This seems low assurance at first glance.  But if we add fingerprint authentication, strong identity vetting (in-person proofing), and a secure infrastructure in which the documents are processed and stored, one could argue the assurance of this system surpasses other technologies.

In the end, you will need to educate yourself and ask questions about the assurance capabilities of the electronic signature systems you intend to deploy.  The choice of an electronic signature method comes down to a decision about what you’re trying to protect and provide assurance to.  Simple travel expense reports do not require significant assurance measures, but multimillion dollar contracts definitely would.  Interoffice memos proclaiming a new copier in the mailroom don’t require much assurance, but critical government documents like the US Federal Budget do.

The next in our “What is an Electronic Signature Anyway?” series will focus on the legal admissibility of electronic signatures and the laws that govern their use.

“So what is an electronic signature anyway?”

As I reviewed the blog entries here from my fellow Adobe Security Solutions teammates, I realized that with all of the gory technical information, we may have lost some of you, our dear readers.  With this entry, we’ll start a new series of articles that move the conversation up to a high-level, out of the dense fog of acronym warfare, and explain from a business user’s point of view what all this stuff means and how it can be useful for you in your organizations’ daily business processes.

So…electronic signatures.  We’ve variously mentioned digital signatures, eSignatures, electronic signatures, and signature odors.  Ok, well, not the last one, but to start, I’ll suggest that we use electronic signature as a generic term.  Electronic signatures can be defined as any electronic process signifying an approval to terms, and/or a document, presented in electronic format.  Electronic signatures frequently also have the added benefit of ensuring the integrity of the signed document to signify that (1) the document has not been changed since it was signed and (2) the signer cannot ‘repudiate’ or claim that they did not sign the document.

Electronic signatures encompass a broad gamut of technologies and methodologies, ranging from an “I agree” button in a click-thru agreement…

 

 

…to an electronic tablet which accepts a handwritten signature (oftentimes referred to as an eSignature)…

 

 

…to a digital signature cryptographically tied to a digital ID or certificate.

 

 

They can be used for internal approval processes for things as simple as time-off requests, for more formal documentation and acceptance of account opening terms in a branch office of a bank, for signing off on critical infrastructure planning documents, and to protecting the reputation of a country’s electronic documents by certifying authorship and the integrity and status of the document itself.

Organizations choose electronic signatures for many reasons.  Among them:

  • Workflow Efficiency – It’s faster for someone to click a button or enter a password than to route a document to them through interoffice mail or courier.
  • Save Money – By going electronic, you eliminate the cost of paper, printing, and courier services.
  • Document Integrity – Organizations publish vast amounts of material to the internet, but are now becoming increasingly concerned about what happens to those documents in the wild.  It’s critical to reputations and revenue that documents are not modified to create a false or fraudulent impression of the organization.

You’ll notice that many of these reasons mirror those that accompanied the rise of the electronic document and form in the first place.  This is not accidental — electronic signatures are a natural extension of the movement to electronic documents.  Many companies have gone fully electronic only to come to the signature step and require customers to print out documents which are signed in wet ink and then sent via the mail to be re-entered into a system. This is neither efficient, nor timely, nor a good use of resources.  Electronic signatures, at their core, represent a vital way to leverage a company’s assets and increase savings based on key technology investments.

Adobe supports all of the electronic signatures described above via our LiveCycle® ES suite as well as our Adobe® Acrobat® and Adobe Reader® client software packages.  Adobe’s Security Partner Community plays an essential role as well, supplying key components for electronic signature solutions.  Adobe is also a member of the Electronic Signatures and Records Association, a new organization which seeks to expand knowledge on both electronic signature and records and also play an active role in public policy on these topics.

In our next ‘tutorial’ entry, we’ll explore the question of assurance in electronic signatures.

UPDATED: Per a recent comment, here are links to our other tutorial blogs…

Trust Us – Electronic Signatures and Assurance

“This is legal, right?” – Electronic Signatures and the Law /  Additional Resources on Signatures and the Law

“Sign Here” – Getting Started with Electronic Signatures in Adobe Products

 

 

 

Digital Courtroom: Tribunale di Cremona

A new case study is available showcasing Tribunale di Cremona, one of the Courts within the District of Tribunale di Brescia, using Adobe Connect with Adobe LiveCycle solutions to support an end-to-end process for holding legal proceedings with dispersed parties and efficiently delivering all required case documents.

In addition to supporting dynamic web conferences with streaming audio and video, Adobe solutions deliver other benefits to the Digital Connect project. For instance, the court can store court papers for each trial in Adobe PDF; plus staff can handle documents remotely and securely via digital signature authentication.

These capabilities are handled by Adobe LiveCycle solutions to address the need to assign policy controls to protect documents.

“These features are critical,” says Beluzzi. “A trial transcript can be shared among participants, downloaded, digitally signed just as if participants were physically next to each other. In addition, the transcript goes through a workflow and is automatically added to the remaining court papers.”

The project is the result of a productive collaboration with Adobe. First electronic court papers, then web conferencing-based court trials give the Italian justice system a new image: fast, efficient, and on time.

“By collaborating with Adobe and using products such as Adobe Policy Server, Adobe LiveCycle Workflow, and Adobe Connect, the court is designing a powerful system that can be replicated in other areas without customization,” says Beluzzi. “This is important because it allows Tribunale di Cremona to achieve great results with limited efforts, without developing ad hoc software.”

The Court has documented the excellent cost benefits of the system. The total cost of training and traveling for detainees and lawyers is about €467,000 a year. Using Digital Connect to perform trials and to train employees could save the Court over €1 million in three years.


US Government Printing Office Deploys Digital Signatures for FY2009 Budget

Today the United States Government Printing Office (GPO)  deployed digital signatures in Adobe PDF for the release of The Budget of the U.S. Government, Fiscal Year 2009.

The Executive Office of the President, Office of Management and Budget (OMB) released a statement stating this is the first time the White House will not order hard copy versions of the budget, and has instead posted the budget online as fully searchable PDF documents. 

With an estimated total of nearly 2,200 pages in the four-book budget set, and a projected order of more than 3,000 copies for the media, Capitol Hill and the White House, the E-Budget will have a “green” focus above and beyond the fiscal sense. This step will save nearly 20 tons of paper, or roughly 480 trees. In terms of fiscal savings, we estimate the E-Budget will save nearly a million dollars over the next five years.

GPO has implemented a new digital seal of authenticity for their PDF documents, including today’s release of the FY2009 budget:

For almost 150 years, the U.S. Government Printing Office (GPO) has been the official disseminator of Government documents and has assured users of their authenticity.

In the 21st century, the increasing use of electronic documents poses special challenges in verifying authenticity, because digital technology makes such documents easy to alter or copy, leading to multiple non-identical versions that can be used in unauthorized or illegitimate ways.

To help meet the challenge of the digital age, GPO has begun implementing digital signatures to certain electronic documents on GPO Access that not only establish GPO as the trusted information disseminator, but also provide the assurance that an electronic document has not been altered since GPO disseminated it.

The visible digital signatures on online PDF documents serve the same purpose as handwritten signatures or traditional wax seals on printed documents. A digital signature, viewed through the GPO Seal of Authenticity, verifies document integrity and authenticity on GPO online Federal documents, at no cost to the customer.

More information on GPO’s authentication program is available at http://www.gpoaccess.gov/authentication/

Opening the Nation’s Fiscal Outlook from GPO Access with Acrobat 8.1.1 on Windows XP SP2:

Opening the Nation’s Fiscal Outlook with Acrobat 8.1.1 on Mac OS X 10.5.1 (Leopard)

The digital signatures on the GPO documents automatically validate with Adobe Acrobat and Adobe Reader version 7 and higher on Mac and Windows, via the Certified Document Service (CDS) program. No additional software or configuration is required to validate CDS signatures. 

There are several ways recipients can verify the signature status.  First is the document message bar across the top of the document, showing the certifying blue ribbon as well as information contained in the signer’s certificate:

The left navigation panel also has an icon of a pen over paper, which brings up the digital signature pane, showing additional information on the document signature:

Clicking on the GPO document seal in the PDF will also bring up the Signature Validation Status:

Clicking on that Signature Properties button above provides even more detail of the signature, including the authenticity, integrity, and timestamping indicators – with the ability to drill down deeper to review revocation status, certificate chaining, and other security information associated with the signature.

For digital signatures to automatically validate in Acrobat and Reader, the Public Key Infrastructure (PKI) certificates must have been issued by a Certificate Authority (CA) participating in the CDS Program. These CAs comply with the Adobe CDS Certificate Policy.  This is a program Adobe released in 2003 with Acrobat and Reader 6.  The CA/Browser Forum released a program with similar intentions for web browser SSL sites in 2007. 

Certifying signatures can be applied to PDF documents on the desktop using Adobe Acrobat, or on the server using Adobe LiveCycle Digital Signatures.  Recipient’s approval signatures can also be applied using Adobe Acrobat or Adobe Reader (via Adobe LiveCycle Reader Extensions) and then subsequently validated on the server with Adobe LiveCycle Digital Signatures as part of an automated workflow process.

Adobe Systems has been providing security technologies in PDF for over a dozen years.  Adobe uses FIPS 140 approved cryptography, has been approved by the US Department of Defense, and certified by the SAFE BioPharma Association. Adobe’s security solutions are also supported by a strong partner ecosystem to extend the native capabilities of authentication through hardware and software integration.