DIGITAL SIGNATURE

The legally binding electronic autographs known as digital signatures were among the key technologies that made the Internet a forum for commerce in the early 2000s. They not only verify an individual's identity, but also guarantee the validity of the information attached to the signature, be it a credit card number, an order form, or a written document. Once they are widely used and supported, digital signatures will significantly reduce the costs of conducting business over the Internet.

Digital signatures usually are transported in digital certificates—encrypted electronic packages sent as e-mail attachments and increasingly used with Web forms. Digital certificates are assured by trusted third parties called certificate authorities, which issue certificates and act as a guarantor of their validity. Digital certificates generally contain more comprehensive data than digital signatures, including company information, the certificate's expiration date, and so on.

Using techniques from the field of cryptography, digital signatures are generated by applying a mathematical formula, or algorithm, to scramble the information into a string of digits. This ensures that only those with the correct keys—those who will make use of the signature, either for signing or for verification—can unscramble them. Only the holder of the private key—the one whose signature it is—can actually sign a document with that digital signature, while anyone with the public key can verify that it came from that individual. Moreover, digital signatures are bound to the document to which they are applied, and cannot be illicitly copied and transferred to another document. Therefore, signatures not only help to ensure legal validity, but security as well. While digital signatures are not immune from criminal mischief, they certainly are more difficult to forge than handwritten signatures. Their use over a public-key encryption system greatly fortifies digital signatures from attack by malicious hackers.

Digital signatures didn't originate with e-commerce. The basic principle behind digital signatures—electronic validation of a user's identity over computer networks—has been used for years, most notably with automatic teller machines (ATMs) and other systems that utilize a personal identification number along with another piece of information, such as a magnetic identification card. In the early days of e-commerce, the phrase "digital signature" was loosely defined. It could, for instance, even refer to a handwritten signature that had been scanned into an electronic format. However, such methods, which were extremely prone to forgery, rarely were considered legally binding and failed to win widespread support as a safe and viable means of validating transactions.

On June 30, 2000, President Bill Clinton signed into law—using a digital signature—the Electronic Signatures in Global and National Commerce Act, or E-Sign. This act, which went into effect on October 1 of that year, officially conferred the same legal status on digital signatures as handwritten signatures. The United States government, meanwhile, mandated that all federal agencies accept digital signatures by October 2003.

Despite such efforts, it likely will be some time before digital signatures are as ubiquitous as some hope. Research firm Gartner Group estimated that less than 40 percent of the public would use digital signatures by the middle of the 2000s. Forrester Research predicted even slower penetration, with only 10 to 15 percent of the marketplace capable of using digital signatures doing so by 2003.

Holding the widespread use of digital signatures in check in the early 2000s were the disparate software programs used to validate digital certificates. Since various software programs exist, and often are tailored to different organizations, the technological infrastructure that allows for seamless, wide ranging transactions was far from complete. Moreover, certificate authorities each maintain their own rules of certificate issuance, validation, and revocation. Therefore, legal responsibility and authentication frequently was muddled outside of a small, contained network. According to a report by Meridien Research, e-signature technology was expected to take the most immediate hold in business-to-business transactions, primarily because it was in such arrangements that players could establish consistent implementation of compatible signature solutions.

FURTHER READING:

Ceniceros, Roberto. "Digital Signatures Mean Better Security Online." Business Insurance. December 4, 2000.

"E-Signatures to Take Hold Slowly, Report Says." Bank Systems & Technology. February 2001.

Edfors, Patty. "Your John Hancock Goes Digital." Communications News. December 2000.

Gelbord, Boaz. "Signing Your 011001010: The Problems of Digital Signatures." Communications of the ACM. December 2000.

Hallenborg, John C., and Orla O'Sullivan. "Not By Software Alone." U.S. Banker. February 2001.

Hammar, Sven. "PKI Enables Digital Signatures." Network World. October 30, 2000.

Stephens, David O. "Digital Signatures and Global e-Commerce: Part I—U.S. Initiatives." Information Management Journal. January 2001.

SEE ALSO: Cryptography, Public and Private Key; Digital Certificate; Digital Certificate Authority; Digital Signature Legislation; Encryption

digital signature An authentication code appended to an electronic document that indicates the author of the document.