|
|
Electronic
Cryptographic
Signatures |
 |
|||||
| Electronic cryptographic signatures are a hybrid of electronic signatures and digital signatures. Electronic signatures and digital signatures are different concepts, although they sometimes used interchangeably, which can be confusing. An electronic signature has a moral dimension that digital signatures lack. A person or entity electronically signs data, a document, or object in order to express a moral responsibility towards the signed content for the benefit of another. For example, a signature can be an assurance about the reliability of facts set forth in the content, or a promise to do something in the future upon which another can rely. Under a complicated system of state and federal laws within the United States, the moral commitment is given legally protected status. The signature can be affixed without regard to any particular technology if the parties expressly or impliedly agree. If A and B exchange emails which are intended to create binding commitments between them, without using digital signatures or even typing their names, they each probably have each "e-signed" the emails within the meaning of these laws on the basis of their email addresses as signatures. See, e.g., United States v. Siddiqui, 235 F.3d 1318 (11th Cir. 2000). Most states have adopted a version of the Uniform Electronic Transactions Act, which operates under the umbrella of the Federal eSign law, 15 U.S.C. § 7001 et seq., "Electronic Signatures in Global and National Commerce", provided the state laws do not conflict with the provisions of eSign; otherwise, inconsistent state laws are invalid under the federal supremacy clause of the U.S. Constitution. Although technologists often believe cryptography is essential to prevent tampering with electronic data, documents or objects after electronic signing them and thus is an indispensible requirement for laws, U.S. laws do not require tamper-evident seals in order to establish legal enforceability. Conventional courtroom methods of detecting fraud through cross-examination of witnesses are felt to be a sufficient protection against fraud. Digital signatures are a type of technology that can be used to create electronic signatures. Digital signatures employ cryptography to render data, documents and objects tamper-evident through the use of hashes and encryption keys; the encryption keys also leave cryptographic artifacts that point to the entity, machine or person that applied the key during the signature process, which can yield the identity of the signer with supplemental technological means such as digital certificates from certification authorities (see Glossary). A digital signature becomes an electronic cryptographic signature when it is employed for the purpose of binding the signer morally to the content being signed. Otherwise, it is a mechanism just for determining changes to data and to authenticate the key that was used for digital signing purposes. The addition of cryptography as part of the electronic signature process is useful to determine quickly, easily, and relatively inexpensively whether changes were made since the signature was created, but such methods are not necessarily themselves dispositive on the questions of authenticity and authentication for legal purposes, since some sort of expert testimony from a qualified expert may also be required. Technologists tend to want to create a better mousetrap to prevent a signer from repudiating or negating a commitment created using digital signatures, whereas law cases have not yet adopted the terminology of non-repudiation, but prefer to base decisions on the weight of admissible evidence, whatever it may be, including sworn testimony of individuals about events that occurred, which can lead to credibility determinations about witnesses for judges and juries to make. Some technologists, not understanding the process, have tried to fashion a non-repudiation ("NR") bit which can be activated in software by the signer to create a declaration that the signer really meant to bind himself, herself or itself to the content. This solution has been criticized on the grounds that it just complicates the problem by an additional step which still can leave confusion about the intent of the signer in activating the NR bit (i.e., whether the NR bit was activated through error, accident, or misunderstanding). Atomic Signatures™ use message digests and symmetric encryption at a server to create electronic cryptographic signatures.To find out more about Atomic Signatures™ download the White Paper. |
|||||
|
|||||