1 / 72

Electronic Signatures: Digital Ink For eGovernment

Electronic Signatures: Digital Ink For eGovernment. June 28, 2000. Why are we still designing Paper into the Process?. Print, Fill-In, Sign and mail. Why are they so happy?.

nen
Download Presentation

Electronic Signatures: Digital Ink For eGovernment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Electronic Signatures:Digital Ink For eGovernment June 28, 2000

  2. Why are we still designing Paper into the Process? Print, Fill-In, Sign and mail

  3. Why are they so happy? New York Governor George Pataki electronically signs the E-Commerce Initiative with the support of Jim Natoli, Director of State Operations. Speaker of the House J. Dennis Hastert and Sen. Strom Thurmond electronically sign in their own handwriting Bill H.R. 775.

  4. E-Transactions Waiting for E-Signatures Serving Citizens Serving Consumers • Tax Filings • Title Documents • Permits • Welfare to Work • Court Proceedings • Arrest Warrants • Gov’t Filings • Buy Insurance • Secure Loans • Apply for Mortgage • Open Brokerage Acct • Electronic Contracts • Leasing Agreements • Buying Product and Services

  5. The JudiciaryCase Study: Arrest Warrants • Gwinnett County, GA • Electronic Forms • Allows officer to review facts with judge • Video conferencing • Satisfies need to appear before the judge • Electronic Signature • Lets all parties witness execution of warrant “Officers spend less time generating paperwork and more time policing the streets”

  6. Unlocking the Benefits of Electronic Signatures A Secure electronic signature Process that captures Intent and delivers Digital Evidenceof an eTransaction is the key to: • Streamlining Business Processes • Reducing Risk • Reducing Operating Costs • Deterring Fraud

  7. Security is Just One Part of an Electronic Signature • A legal eSignature • serves as a Symbol of Intent • not ambiguous as to purpose • is affixed as part of a Ceremony • contains contextual evidence of transaction • provides Security • unique to the signer • under the signer’s sole control • verifiable • capable of showing document integrityafter the signing event

  8. Electronic Signatures are built on secure infrastructures • Electronic Signatureis the auditable result of an electronic process used to accept or approve an agreement or a transaction. • Securityis the means to protect information and is a feature of a proper eSignature. Example: PKI digital signatures alone offer automatic security in the form of a sealed envelope. Whereas PenOp electronic signatures adds the evidence such as intent that is required to replace a physical handwritten signature on the documents in the envelope.

  9. PenOp Pioneered Electronic Signature Process Review Content Access Transcript Activate Signature Block Bind Irrefutably to Content Digital Evidencefor Non-Repudiation Confirm what signing and why Place Intended Symbol Sign (pen, certificate, stamp) Authenticate (biometric, PKI, pin)

  10. E-Transaction ProcessStep 1: Access Web Site

  11. Step 2: Review and Fill in the Form

  12. Step 3: Ready to SignTM

  13. Step 4: Confirm Reason for Signing and Sign Digital ID Handwritten Digital Signature

  14. ID Name Stamp ... ... Step 5: Authenticate Biometric Authentication Verification Template Biometric Input Hardware Device Digital ID Authentication Password Check Validate Stamp Digital ID Stamp Database

  15. RSAMD5 567458088539 Document content Hash Algorithm Unique Checksum(Digital Signature) Step 6 - Set Document Integrity • The signature is “glued” to the form • Signature cannot be re-used, copied, or pasted • Document cannot be altered, tamper-proof • Unique document checksum (digitalsignature) is stored in signature object

  16. Step 7: Render Signature and Submit Form

  17. Every eSignature contains Digital EvidenceTMTranscript of an eSignature Who: Signatory’s Identity (Name, Verifiable Metrics) What: Tamper-proof Document (integrity checksum of content) When: Date & Time (Certified Timestamp - GMT) Where: Machine Serial Number Why: Intent of Signing (information displayed or recorded at capture time) How: Process Utilized (technology used to sign and authenticate)

  18. The Missing Piece for end-to-end digital processes Document Management Workflow Electronic Signatures Electronic Forms Imaging

  19. E-Business is about Serving Customers at every TouchPoint Windows Desktops & Servers Web Enabled (Java, XML, ActiveX) Signatures in the right place at the right time Palm Computing (Handheld PDA) Windows CE (mobilecomputing)

  20. Signatures must be easily added to any application PenOp Signature Plug-in for Adobe Acrobat adds toolbar icons and menu bar entries PenOp Signature ActiveX placed onto PureEdge InternetForm

  21. Name Stamp ID ... ... Sign All Record Types • Documents & Forms • multiple format types: Word, PDF, TIF, Excel, HTML, XML, Lotus Notes, etc. • allow conversion to common format for signing: such as Word Perfect ---> PDF • signatures stored inside file or externally • Data • multiple data sources: Oracle, SQL Server, Access, ODBC, etc. • multiple records • Files and Folders • signatures stored externally as as a file or data element

  22. Signature in Document Document content Database Table Signature Object Storing the eSignature Unstructured information (eDocs) Signature stored as object within signed eContent Structured information (Form Data)Signature stored as separate object in a database, signed eContent (or pointer to it) also stored in database

  23. eSignature Flexibility • multiple signatures per record • adding a signature doesn’t break integrity of previous signatures • content changes only affect corresponding signatures • simple docs • including integrity of embedded objects • compound docs • sections with independent and overlapping integrity • virtual documents with specific component versions

  24. More eSignature Flexibility • ad-hoc signing • allow user to indicate place and reason to sign • pre-configured signing • allow forms administrator to configure/restrict use of signature within production systems • Example: Design document templates with embedded signature blocks locked to signatory or logged in user • batch signing • allow one signature to apply to all documents currently under review with option to render on each document • real-time layout • use toolkit to automate form creation, signature placement and signature block assignment

  25. eSigning Tools • feature of document editor and filler • uses toolbar icon, menu choice, or pre-set signature block (e.g. Acrobat, Word, Excel, Imaging, etc.) • feature of form editor and filler • forms designer drags a signature block onto a form and places a button on form to initiate signature capture(e.g. Oracle eForms, MS Access, Internet Explorer, JetForm, PureEdge, etc.) • feature of mark-up editor • uses signature tool similar to document editor • mark-up hundred of file formats using annotation tools and annotation layer files (e.g. Cimmetry AutoVue)

  26. More eSigning Tools • external utility • such as administration utility to bind to file or dataset including DOS files(e.g. PenOp Btoken Information utility) • turnkey solution • integrated vertical application (e.g. Siebel ePharma) • custom application (e.g. Visual Basic, PowerBuilder, C++, etc.) • workflow application • such as setting up routing rules that require signature(e.g. Documentum, Easy DMS, Staffware, etc.)

  27. Turnkey Solution:Siebel ePharma

  28. Biometric Signature Setup • User enters signature three times • stored as part of user profile

  29. WorkFlow Example • User selects distribution for business case • Authorizations when required • Method can be sequential(in order)or parallel(out of order)

  30. WorkFlow Integration

  31. Choice of Signature Methods • User can enter live signature or apply signature stamp • Status is easily tracked

  32. Repository Awareness • Example Documentum EDMS 98 and 4i • Force Signatory Name to be logged-in user • Saves Signatures as annotations (dm_note)within Doc Repository, using standard DMS security model • ‘Burn’ signatures into document release procedure • Store signature cards in enterprise repository

  33. Audit Trail • PenOp software records all Digital EvidenceTMof signature capture event in Token • who, what, when, where, why, how, etc. • Signature events can be trapped by application and fed to audit mechanism of choice • such as attempts to access a signature stamp, authenticate a user, check content integrity, clear or redo a signature... • trigger alert engines that support e-mail, highlighted entries and workflow task initiation • feed security log of workflow of document mgmt system with it’s built-in reporting capabilities

  34. Applying Public Key Security Infrastructure to eSignatures • PKI products offer security mechanisms that include • document integrity • user identity • content confidentiality • Standard PKI products must be extended with eSignature software to • capture intent and event context in audit trail • provide visible mark on documents • control approval process

  35. Secured and Legal Transactions with PKI Intent & Evidence (what, when, where, why) Ceremony A signature Type (who) Digital Certificate Certificate Authority Authenticate Validation Authority Validate SSL Secure

  36. I want a legal signature, but which technology is right for my application? What will be acceptable in the future? Will signature technology change again?

  37. PDF E-Mail XML Office VBA Identification / Authentication / Verification Combine TechnologiesAccording To Business Requirements Policy/ Knowledge Control Document Interface Transcript of Digital Evidence Person Interface Iris Scan Signature Capture Password PIN Digital Certificate Finger Print Voice Recording Credit Card Smart Card

  38. Download an evaluation copy of PenOp today! Thank You Web: www.penop.com E-Mail: info@penop.com Phone: (212) 997-8800

  39. Discussion SlidesAdditional Information Web: www.penop.com E-Mail: info@penop.com Phone: (212) 997-8800

  40. CASE STUDIES...

  41. Finance & Insurance Letters of Credit Mortgage & Title Retail Banking Loan Syndication On-line Brokerage Pharmaceutical Clinical Trials Standard Operating Procedures (SOP) Electronic Lab Notebooks Healthcare Patient Registration Doctor Prescriptions Medical Transcripts Sales Force Automation Life Insurance Variable Annuities Drug Sample Delivery Legal/Justice Systems Court Proceedings Arrest Warrants Regulatory Compliance IRS Tax Filings EPA, FDA, SEC Government Filings Electronic Contracts Construction Bidding Non-Disclosures Where do we need signatures?

  42. GovernmentSample Customer Applications • US Navy • electronic bids signed and sent electronically • eBids signed and returned by contractors who use PenOp • over 30,000 contractors can submit eBids • City of San Antonio • Correspondence Management for Mayor • City of San Francisco • Building Permits

  43. Sales Force AutomationCase Study • American General Life Assurance • 10,000 sales agents in the field • Equipped with pen computer - Fujitsu Stylistic • Customers sign life insurance policy online • signed policy is sent electronically to head office, where one printed copy is mailed to the customer • AGLA does not keep a paper copy, just the signed electronic original ** Mobile Computing Award Winner **

  44. What to look for

  45. What to look for in a Signature Solution • legal effectiveness and regulatory compliance • example: biometric data & transcript • simplicity with real world flexibility • examples: signing subsections of forms, deferred verification, mobile solutions • e-process capabilities • example: collect multiple signatures on a document over time and in parallel • policy control • example: accommodate rules for how each formis signed in an organization

  46. Your Organization’sRequirements • Provide users with out-of-the-box functionality for desiging forms and signing • Example: ‘Click and Sign/Stamp’ documents using the tool-bar icon in Word • Ability to configure/restrict use of signature within production systems • Example: Design document templates with embedded signature blocks locked to signatory

  47. Your Organization’sRequirements • Allow customization to enhance or integrate with 3rd party systems • Support for industry standard development environments • Proven integration with eContent engines and PKI products • Proven integration with PKI, Biometric and PIN-based security products

  48. Your Organization’sRequirements • Observe ‘best practice’ for producing legally effective documents • Clear ‘Reason for Signing’ • Display and print of signature on document coupled with automatic integrity check • Automatic fill-in of Word/Acrobat form fields with audit trail of signing event (e.g. name, date) • Immediate or deferred verification • biometric signature card • digital certificate validation (CRL, OCSP)

More Related