Online Signatures - The Reality
When the internet was in its infancy , some far-sighted entreprenuers recognized the need for a mechanism for signing online in a similar manner to which documents are signed in person. Since at the time, there was no feasible technique for emulating a handwritten signature online, the first attempts to create such a mechanism involved the old standby of online identity verification methods - the secret password.
The password based schemes are typically variations on a scheme called "public key infrastructure" or PKI. This scheme is referred to as a digital "signature" by its proponents, although it doesn't use a graphical signature. It is cased in confusing terminology such as public key, private key, encryption, and cryptography; but the basic concept is simple. They use variations of a scheme whereby an individual verifies his identity with a "certificate authority" (creation of a public key). The certificate authority issues
the individual a password (private key) that corresponds to his identity. Then, when the individual digitally "signs" a document using his password or private key, his password is verified with the cerificate authority as being the correct private key corresponding to his
identity. So long as the individual's password really is secret, known to no one else, and the certificate authority performs its verification function, this is an effective method of identity verification.
Despite having several vendors offering PKI products and certificate authority services,, and a degree of legislative endorsement, the PKI systems have not gained widespread acceptance due to several shortcomings:
- The method has the same vulnerability as all other password based identity verification systems - if the password is not secret, then someone else who knows the password can pass himself off as you. This is especially a problem with public key/private key digital signature schemes because the passwords that they use (private keys) are typically composed of a long string of digits and characters that is almost impossible to remember. They must therefore be written or recorded somewhere, and this makes them vulnerable to theft.
- It is confusing to users. It is wrapped in technical jargon too complex for the layman to understand.
- It relies on a third party Certificate Authority. If (when) the certificate authority goes out of business, the digital signature can no longer be verified.
- Expensive subscription fees must be paid for the service of the certificate authority. If these fees are not paid, the digital signatures utilizing the service become unverifiable.
With the advent of WebPen by toucanmultimedia.com, there now exists a viable method of producing a handwritten signature on an online document using the computer mouse like a pen. Such a signature is called an "Electronic Signature" as opposed to a "Digital Signature" that uses PKI.
Online signatures such as WebPen produces offer several advantages over PKI based schemes including:
- Tradition and familiarity - signing documents is a practice that everyone understands and is familiar with.
- Legal Precedent - The handwritten signature, whether, written with a pen, drawn with a paintbrush, written with an electronic stylus, or drawn with a computer mouse, has been the universally accepted method of agreement authentication for centuries.
- Electronic signature images can last forever with proper storage.
- It is free. there are no fees that must be paid to a certificate authority, and here is no worry about a certificate authority going out of business.
- When used for credit card purchase authentication, signatures produced by WebPen can be compared with bank signature files.
Both online signatures produced using using WebPen or possibly a similar product, and the previously mentioned PKI password based schemes, fall under the broad definition given by the U.S. Global and National Commerce Act of 2000 of an Electronic Signature: "Electronic signature means an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record."
Neither of the methods, creating a handwritten signature online, or password based
verification, are entirely foolproof. The handwritten signature method does however have the advantage of centuries of tradition and worldwide acceptance, whereas the use of passwords to legally sign documents suffers from incomplete and differing acceptance at best, in worldwide political jurisdictions.
For more information on the subject of signatures, see History of the Signature .
Tags: variations, proponents, vulnerability, infancy, shortcomings, old standby