Electronic Signature Products Lack Real Standard

By Jim Rapoza  |  Posted 2001-05-21 Print this article Print

Just about one year ago, the electronic Signatures in Global and National Commerce Act was signed into law by Congress and former President Clinton.

Just about one year ago, the electronic Signatures in Global and National Commerce Act was signed into law by Congress and former President Clinton. The act essentially made digital signatures legal for business, giving them the same weight under law as handwritten signatures.

Since then, several companies have put forth products for creating and managing digital signatures in traditional documents. Among these products are E-Lock Technologies Assurance products and Silanis Technology Inc.s ApproveIt.

In our look at this emerging technology category, eWeek Labs found some nice features in these products, especially when it comes to integration with Microsoft Corp.s Office. However, it was also clear that the biggest drawback with these tools is the lack of a standard for digital signatures.

The act provides guidelines, but within them there is a lot of room for leeway. This point was made clear to us when we found it nearly impossible to verify signatures across applications, even though most use standard RSA algorithms.

Although the tight integration these applications provide with document creation tools is very helpful, businesses looking for a digital signature program that can be easily read and shared by a variety of users would probably be best off using standard (and often free) encryption programs such as Pretty Good Privacy and the many programs based on RSA.

Not that the digital signature applications arent without their merits. For example, in tests, Silanis ApproveIt Desktop 5.0 easily integrated with our Office applications and Adobe Systems Inc.s Acrobat Reader (integration with digital imaging tools would have also been welcome). Using these tools, we could add a digital signature that appeared after a key phrase or word.

In ApproveIt, the signature is based on RSA algorithms but also includes an image of the users actual signature, which can be scanned into the program or captured from a tablet (see screen).

This system worked very nicely—as long as we were exchanging documents with those who also had the $149 ApproveIt Desktop. If we opened a document on a system without it, we could see an image file that had the signature image and also said "Verify Authenticity with ApproveIt." The actual RSA hash is also included but is nearly impossible to view or extract.

This makes it difficult to do business with these programs since a company cant expect all of its business partners to purchase them. E-Lock addresses this by providing a free downloadable reader program for verifying signatures. Silanis plans to release a Collaboration Server, which is installed at a business and from which business partners can download plug-in programs to verify documents within Office and Acrobat.

These systems work, but its easy to envision situations where users may end up with several plug-ins and reader programs installed on their systems, all for doing the same thing. On the other hand, if a business uses standard encryption programs, it will get much greater portability, although at the expense of the document-level integration that the signature programs provide.

Jim Rapoza, Chief Technology Analyst, eWEEK.For nearly fifteen years, Jim Rapoza has evaluated products and technologies in almost every technology category for eWEEK. Mr Rapoza's current technology focus is on all categories of emerging information technology though he continues to focus on core technology areas that include: content management systems, portal applications, Web publishing tools and security. Mr. Rapoza has coordinated several evaluations at enterprise organizations, including USA Today and The Prudential, to measure the capability of products and services under real-world conditions and against real-world criteria. Jim Rapoza's award-winning weekly column, Tech Directions, delves into all areas of technologies and the challenges of managing and deploying technology today.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel