[Next] [Up] [Previous]
Next: Digital Signatures
Up: Technology Tools for
Previous: The Role of
We are all familiar with the notion of data authentication in the form
of the handwritten signature applied to the paper record. It is
useful to ponder for a moment what properties a handwritten signature
has that has resulted in it being accepted for data authentication for
paper-based documents:
- once a handwritten signature is affixed to a document,
it is supposedly difficult to transfer that signature to another
document.
- once a handwritten signature is affixed to the document, the
document is supposedly difficult to change.
- a handwritten signature can supposedly only be created by that
individual.
- many people are able to compare two handwritten signatures and
decide if they were created by the same person.
A method to protect electronic information should share these
properties to the maximum degree possible. One approach that has been
proposed is to ``digitize'' a picture of a handwritten signature
and append this picture to electronic documents. Unfortunately, this
is essentially useless because this kind of ``signature'' does not
depend on the document, so that it does nothing to authenticate
electronic information. Systems of this type have been offered for
sale in the past, but they offer essentially no security whatsoever,
and serve only to make people feel comfortable with something that
``looks good''.
Kevin S. McCurley
Sat Mar 11 16:00:15 MST 1995