Electronic Signature Products Lack Real Standard

Just about one year ago, the electronic Signatures in Global and National Commerce Act was signed into law by Congress and former President Clinton.

Just about one year ago, the electronic Signatures in Global and National Commerce Act was signed into law by Congress and former President Clinton. The act essentially made digital signatures legal for business, giving them the same weight under law as handwritten signatures.

Since then, several companies have put forth products for creating and managing digital signatures in traditional documents. Among these products are E-Lock Technologies Assurance products and Silanis Technology Inc.s ApproveIt.

In our look at this emerging technology category, eWeek Labs found some nice features in these products, especially when it comes to integration with Microsoft Corp.s Office. However, it was also clear that the biggest drawback with these tools is the lack of a standard for digital signatures.

The act provides guidelines, but within them there is a lot of room for leeway. This point was made clear to us when we found it nearly impossible to verify signatures across applications, even though most use standard RSA algorithms.

Although the tight integration these applications provide with document creation tools is very helpful, businesses looking for a digital signature program that can be easily read and shared by a variety of users would probably be best off using standard (and often free) encryption programs such as Pretty Good Privacy and the many programs based on RSA.

Not that the digital signature applications arent without their merits. For example, in tests, Silanis ApproveIt Desktop 5.0 easily integrated with our Office applications and Adobe Systems Inc.s Acrobat Reader (integration with digital imaging tools would have also been welcome). Using these tools, we could add a digital signature that appeared after a key phrase or word.

In ApproveIt, the signature is based on RSA algorithms but also includes an image of the users actual signature, which can be scanned into the program or captured from a tablet (see screen).

This system worked very nicely—as long as we were exchanging documents with those who also had the $149 ApproveIt Desktop. If we opened a document on a system without it, we could see an image file that had the signature image and also said "Verify Authenticity with ApproveIt." The actual RSA hash is also included but is nearly impossible to view or extract.

This makes it difficult to do business with these programs since a company cant expect all of its business partners to purchase them. E-Lock addresses this by providing a free downloadable reader program for verifying signatures. Silanis plans to release a Collaboration Server, which is installed at a business and from which business partners can download plug-in programs to verify documents within Office and Acrobat.

These systems work, but its easy to envision situations where users may end up with several plug-ins and reader programs installed on their systems, all for doing the same thing. On the other hand, if a business uses standard encryption programs, it will get much greater portability, although at the expense of the document-level integration that the signature programs provide.