Title: Electronic Signatures: Digital Ink For eGovernment
1Electronic SignaturesDigital Ink For eGovernment
June 28, 2000
2Why are we still designing Paper into the Process?
Print, Fill-In, Sign and mail
3Why are they so happy?
New York Governor George Pataki electronically
signs the E-Commerce Initiative with the support
of Jim Natoli, Director of State Operations.
Speaker of the House J. Dennis Hastert and Sen.
Strom Thurmond electronically sign in their own
handwriting Bill H.R. 775.
4E-Transactions Waiting for E-Signatures
Serving Citizens
Serving Consumers
Tax Filings Title Documents Permits Welfare to
Work Court Proceedings Arrest Warrants Govt
Filings
Buy Insurance Secure Loans Apply for
Mortgage Open Brokerage Acct Electronic
Contracts Leasing Agreements Buying Product and
Services
5The JudiciaryCase Study Arrest Warrants
- Gwinnett County, GA
- Electronic Forms
- Allows officer to review facts with judge
- Video conferencing
- Satisfies need to appear before the judge
- Electronic Signature
- Lets all parties witness execution of warrant
Officers spend less time generating paperwork
and more time policing the streets
6(No Transcript)
7(No Transcript)
8Unlocking the Benefits of Electronic Signatures
- A Secure electronic signature Process that
captures Intent and delivers Digital Evidence
of an eTransaction is the key to - Streamlining Business Processes
- Reducing Risk
- Reducing Operating Costs
- Deterring Fraud
9Security is Just One Part of an Electronic
Signature
- A legal eSignature
- serves as a Symbol of Intent
- not ambiguous as to purpose
- is affixed as part of a Ceremony
- contains contextual evidence of transaction
- provides Security
- unique to the signer
- under the signers sole control
- verifiable
- capable of showing document integrityafter the
signing event
10Electronic Signatures are built on secure
infrastructures
- Electronic Signature is the auditable result of
an electronic process used to accept or approve
an agreement or a transaction. - Security is the means to protect information and
is a feature of a proper eSignature.
Example PKI digital signatures alone offer
automatic security in the form of a sealed
envelope. Whereas PenOp electronic signatures
adds the evidence such as intent that is required
to replace a physical handwritten signature on
the documents in the envelope.
11PenOp Pioneered Electronic Signature Process
Review Content
Access Transcript
Activate Signature Block
Bind Irrefutably to Content
Digital Evidencefor Non-Repudiation
Confirm what signing and why
Place Intended Symbol
Sign (pen, certificate, stamp)
Authenticate (biometric, PKI, pin)
12E-Transaction ProcessStep 1 Access Web Site
13Step 2 Review and Fill in the Form
14Step 3 Ready to SignTM
15Step 4 Confirm Reason for Signing and Sign
Digital ID
Handwritten Digital Signature
16Step 5 Authenticate
Verification Template
Biometric Input
Hardware Device
Digital ID Authentication
Password Check
Validate Stamp
Digital ID
Stamp Database
17Step 6 - Set Document Integrity
- The signature is glued to the form
- Signature cannot be re-used, copied, or pasted
- Document cannot be altered, tamper-proof
- Unique document checksum (digital signature) is
stored in signature object
18Step 7 Render Signature and Submit Form
19Every eSignature contains Digital
EvidenceTMTranscript of an eSignature
- Who Signatorys Identity (Name, Verifiable
Metrics) - What Tamper-proof Document (integrity
checksum of content) - When Date Time (Certified Timestamp - GMT)
- Where Machine Serial Number
- Why Intent of Signing (information displayed
or recorded at capture time) - How Process Utilized
- (technology used to sign and authenticate)
20The Missing Piece for end-to-end digital
processes
Document Management
Workflow
Electronic Signatures
Electronic Forms
Imaging
21E-Business is about Serving Customers at every
TouchPoint
Windows Desktops Servers
Web Enabled (Java, XML, ActiveX)
Signatures in the right place at the right time
Palm Computing (Handheld PDA)
Windows CE (mobilecomputing)
22Signatures must be easily added to any
application
PenOp Signature Plug-in for Adobe Acrobat adds
toolbar icons and menu bar entries
PenOp Signature ActiveX placed onto PureEdge
InternetForm
23Sign All Record Types
- Documents Forms
- multiple format types Word, PDF, TIF, Excel,
HTML, XML, Lotus Notes, etc. - allow conversion to common format for signing
such as Word Perfect ---gt PDF - signatures stored inside file or externally
- Data
- multiple data sources Oracle, SQL Server,
Access, ODBC, etc. - multiple records
- Files and Folders
- signatures stored externally as as a file or data
element
24Storing the eSignature
- Unstructured information (eDocs)
- Signature stored as object within signed eContent
Structured information (Form Data) Signature
stored as separate object in a database, signed
eContent (or pointer to it) also stored in
database
25eSignature Flexibility
- multiple signatures per record
- adding a signature doesnt break integrity of
previous signatures - content changes only affect corresponding
signatures - simple docs
- including integrity of embedded objects
- compound docs
- sections with independent and overlapping
integrity - virtual documents with specific component
versions
26More eSignature Flexibility
- ad-hoc signing
- allow user to indicate place and reason to sign
- pre-configured signing
- allow forms administrator to configure/restrict
use of signature within production systems - Example Design document templates with embedded
signature blocks locked to signatory or logged in
user - batch signing
- allow one signature to apply to all documents
currently under review with option to render on
each document - real-time layout
- use toolkit to automate form creation, signature
placement and signature block assignment
27eSigning Tools
- feature of document editor and filler
- uses toolbar icon, menu choice, or pre-set
signature block (e.g. Acrobat, Word, Excel,
Imaging, etc.) - feature of form editor and filler
- forms designer drags a signature block onto a
form and places a button on form to initiate
signature capture(e.g. Oracle eForms, MS Access,
Internet Explorer, JetForm, PureEdge, etc.) - feature of mark-up editor
- uses signature tool similar to document editor
- mark-up hundred of file formats using annotation
tools and annotation layer files (e.g. Cimmetry
AutoVue)
28More eSigning Tools
- external utility
- such as administration utility to bind to file or
dataset including DOS files(e.g. PenOp Btoken
Information utility) - turnkey solution
- integrated vertical application (e.g. Siebel
ePharma) - custom application (e.g. Visual Basic,
PowerBuilder, C, etc.) - workflow application
- such as setting up routing rules that require
signature(e.g. Documentum, Easy DMS, Staffware,
etc.)
29Turnkey SolutionSiebel ePharma
30Biometric Signature Setup
- User enters signature three times
- stored as part of user profile
31WorkFlow Example
- User selects distribution for business case
- Authorizations when required
- Method can be sequential(in order)or
parallel(out of order)
32WorkFlow Integration
33Choice of Signature Methods
- User can enter live signature or apply signature
stamp - Status is easily tracked
34Repository Awareness
- Example Documentum EDMS 98 and 4i
- Force Signatory Name to be logged-in user
- Saves Signatures as annotations (dm_note)within
Doc Repository, using standard DMS security
model - Burn signatures into document release
procedure - Store signature cards in enterprise repository
35Audit Trail
- PenOp software records all Digital EvidenceTM of
signature capture event in Token - who, what, when, where, why, how, etc.
- Signature events can be trapped by application
and fed to audit mechanism of choice - such as attempts to access a signature stamp,
authenticate a user, check content integrity,
clear or redo a signature... - trigger alert engines that support e-mail,
highlighted entries and workflow task initiation - feed security log of workflow of document mgmt
system with its built-in reporting capabilities
36Applying Public Key Security Infrastructure to
eSignatures
- PKI products offer security mechanisms that
include - document integrity
- user identity
- content confidentiality
- Standard PKI products must be extended with
eSignature software to - capture intent and event context in audit trail
- provide visible mark on documents
- control approval process
37Secured and Legal Transactions with PKI
Intent Evidence (what, when, where, why)
Ceremony
A signature Type (who)
Digital Certificate
Certificate Authority
Authenticate
Validation Authority
Validate
SSL
Secure
38(No Transcript)
39Combine TechnologiesAccording To Business
Requirements
Policy/ Knowledge Control
Document Interface
Transcript of Digital Evidence
Person Interface
Signature Capture
Iris Scan
Digital Certificate
Password PIN
Voice Recording
Credit Card
Finger Print
Smart Card
40Download an evaluation copy of PenOp today!
Thank You
Web www.penop.com E-Mail info_at_penop.com Phone
(212) 997-8800
41Discussion SlidesAdditional Information
Web www.penop.com E-Mail info_at_penop.com Phone
(212) 997-8800
42CASE STUDIES...
43Where do we need signatures?
- Finance Insurance
- Letters of Credit
- Mortgage Title
- Retail Banking
- Loan Syndication
- On-line Brokerage
- Pharmaceutical
- Clinical Trials
- Standard Operating Procedures (SOP)
- Electronic Lab Notebooks
- Healthcare
- Patient Registration
- Doctor Prescriptions
- Medical Transcripts
- Sales Force Automation
- Life Insurance
- Variable Annuities
- Drug Sample Delivery
- Legal/Justice Systems
- Court Proceedings
- Arrest Warrants
- Regulatory Compliance
- IRS Tax Filings
- EPA, FDA, SEC
- Government Filings
- Electronic Contracts
- Construction Bidding
- Non-Disclosures
44GovernmentSample Customer Applications
- US Navy
- electronic bids signed and sent electronically
- eBids signed and returned by contractors who use
PenOp - over 30,000 contractors can submit eBids
- City of San Antonio
- Correspondence Management for Mayor
- City of San Francisco
- Building Permits
45Sales Force AutomationCase Study
- American General Life Assurance
- 10,000 sales agents in the field
- Equipped with pen computer - Fujitsu Stylistic
- Customers sign life insurance policy online
- signed policy is sent electronically to head
office, where one printed copy is mailed to the
customer - AGLA does not keep a paper copy, just the signed
electronic original
Mobile Computing Award Winner
46What to look for
47What to look for in a Signature Solution
- legal effectiveness and regulatory compliance
- example biometric data transcript
- simplicity with real world flexibility
- examples signing subsections of forms, deferred
verification, mobile solutions - e-process capabilities
- example collect multiple signatures on a
document over time and in parallel - policy control
- example accommodate rules for how each formis
signed in an organization
48Your OrganizationsRequirements
- Provide users with out-of-the-box functionality
for desiging forms and signing - Example Click and Sign/Stamp documents using
the tool-bar icon in Word - Ability to configure/restrict use of signature
within production systems - Example Design document templates with embedded
signature blocks locked to signatory
49Your OrganizationsRequirements
- Allow customization to enhance or integrate with
3rd party systems - Support for industry standard development
environments - Proven integration with eContent engines and PKI
products - Proven integration with PKI, Biometric and
PIN-based security products
50Your OrganizationsRequirements
- Observe best practice for producing legally
effective documents - Clear Reason for Signing
- Display and print of signature on document
coupled with automatic integrity check - Automatic fill-in of Word/Acrobat form fields
with audit trail of signing event (e.g. name,
date) - Immediate or deferred verification
- biometric signature card
- digital certificate validation (CRL, OCSP)
51Your OrganizationsRequirements
- Seamless with Enterprise Mgmt System
- Forces Signatory Name to be logged-in user
- Saves Signatures as annotations (dm_note)within
Doc Repository, using standard DMS security
model - Server allows you to burn signatures into
document release procedure - Store signature cards in enterprise repository
52Understanding the Technology
53Electronic Signature Solution
- A complete solution must handle
- Interaction with User (Ceremony)
- Collection of Signing Event Data
- User Authentication (Identity)
- Document Hashing (Integrity)
- Archiving of Transcript
- Presentation of Signature and Transcript
- all within the security infrastructure of choice
54Signature Choices
- Live Handwritten Signature
- Individual picks up a pen and signs their name on
an electronic pad embedded in or attached to
computer - PenOp software picks up enough information to
verify identity of person and sign the document - Signature Stamp
- Individual creates a secure signature stamp
- Individual provides a password or digital
certificate or fingerprint scan which authorizes
stamping of a document. - The signature stamp appears on the document with
link to evidence trail for the signing event
55Access to Signature Stamps and Cards
- User application security, ACLs and/or database
row and field locking
56WorkFlow Forms
57Requirements for an Electronic Signature
58Digital EvidenceIdentity - Who are you?
- No authentication
- what is at risk?
- Passwords PIN codes (Infometrics)
- what do you know?
- Smart Cards Public/Private Keys (PKI)
- what do you have?
- Human Touch (Biometrics)
- who are you?
59Signature Dynamics(biometric)
- record measurements of handwritten signature
- Example stroke order, pen up/down,
acceleration, deceleration, etc. - cannot be replicated by tracing a signature
- measurements allow handwriting expert or software
to render judgment - Example Forensic Document Examiner has a
significant data set (equivalent or better than
data set from ink bleeding into paper) to render
an opinion on authenticity of signature
60BiometricsLink to Signer
- A behavioral secret that a signer
- already possesses so no certificate necessary
- doesnt know how to divulge to others so cant
be stolen - can reproduce easily, instinctively while a
forger cannot - can be verified against a known reference
set from a document, database, or smartcard
The Human Interface to the PC
61Digital Evidence Integrity - Is this the
document?
- Each signature is glued to a document
- Signature cannot be re-used, copied, or pasted
- Document cannot be altered, tamper-proof
- Unique document checksum (digital signature) is
stored in signature object
62Cryptography Link to Document
- Each signature is glued to a single document
to reduce risk of fraud - Signature cannot be re-used, copied, or pasted
- Document cannot be altered, tamper-proof
- Document checksum is stored in signature object
63Securing theElectronic Signature
determines identity of the signer using
signature dynamics or other method
User Authentication
Hash Document and store message digest
protects against document alteration or
fraudulent copy and paste
Encrypt Signature
keeps your signature data private
Lock Signature with Digital Key
makes your signature tamper-proof
64Storing the Electronic Signature
- Unstructured information (File)
- Signature stored within document file
Structured information (XML Data) Database
used to relate signature to document
65Extending Trusted PKI Solutions Solutions are
complementary not competitive
- PKI extended with handwritten signature software
- natural, human interface
- visible and printable representation of signature
- biometric link to the individual stronger than
password - cultural acceptance worldwide
- PKI and PenOp Digital EvidenceTM
- Intent and Evidence become part of audit trail
- Approval process and policy can be controlled
- legal, regulatory and consumer acceptance
worldwide
66Who is PenOp
67Who is PenOp?
- eSignature Market Leader
- Shipping release 3.2 of proven product
- 60,000 seats deployed globally
- 700 customers in 30 countries
- Significant, defensible patents
- widespread strategic relationships
- private company
68Selected PenOp Customers
Pharmaceutical Industry Allergan Bayer Boehringer
Glaxo Kendle Pfizer Zeneca Financial
Services American General Life Arvest Citibank Fid
elity First American Principle Financial Prudentia
l Valic
Government City of San Francisco City of San
Antonio EPA FDA Gwinnett County, GA IRS US
Navy Sarasota County, FL Other ATT Bechtel Safewa
y Saudi Aramco In Development several ePortals
69Key ePartners
- eContent
- Documentum, Optika, Easy, FileNet, OpenText,
Harbinger (PC DOCS) - eForms
- JetForm, PureEdge (UWI.com), ELF, Adobe, Cardiff
- eProcess
- JetForm, Staffware
- eProductivity
- Lotus, Microsoft, Adobe, Cimmetry
- eBusiness
- Siebel, IBM, Xcert, Entrust, Valicert
70PenOp Signature Series The Basics
- Signature
- Foundation for users to view, capture, and stamp
handwritten digital signatures - Signature Plug-ins
- Installable solution for desktop applications
- Word, Acrobat, TIFF
- Partner Plugins
- PocketSign
- Palm organizer as a signing device
71PenOp Signature Series Verification Services
- Signature Verification
- provides the facilities to create and file
signature cards to support the verification of
handwritten signatures - Signature Central
- Integrates signature enrollment and verification
services with ODBC-compliant databases, and other
data repositories
72PenOp Signature Series Getting Started
- Signature Toolkit
- developers programming interface and
documentation (Windows 9x/NT/2000 and CE) - provides ActiveX, C, VBX OCX interfaces
- Integration source code and development guidance
for JetForm, Lotus Notes, and MS Internet
Information Server. - Signature Pilot Pack
- Discounted starter package for 10 or 25 users