electronic signatures’ strategies
DESCRIPTION
TRANSCRIPT
E-signature StrategiesE-signature Strategies
Alan S. KowlowitzAlan S. KowlowitzStrategic Policies, Strategic Policies,
Acquisitions and e-Commerce Acquisitions and e-Commerce NYS Office for TechnologyNYS Office for Technology
Outline of ClassOutline of Class
Overview of Electronic Signatures and Overview of Electronic Signatures and Records Act (ESRA)Records Act (ESRA)
Explanation of ESRA’s definition of an e-Explanation of ESRA’s definition of an e-signaturesignature
Available approaches to electronic signingAvailable approaches to electronic signing Guidance on selecting an e-signature Guidance on selecting an e-signature
approachapproach Records management implications of e-Records management implications of e-
signed e-recordssigned e-records
Overview of Electronic Overview of Electronic Signatures and Records Act Signatures and Records Act
(ESRA)(ESRA)
ESRA ESRA Chapter 4, Laws of 1999: Chapter 4, Laws of 1999: State Technology Law, Article 1State Technology Law, Article 1
E-records and e-signatures given the same E-records and e-signatures given the same legal validity as paper records and ink legal validity as paper records and ink signaturessignatures
OFT Electronic Facilitator overseeing OFT Electronic Facilitator overseeing implementationimplementation
Use of e-signatures and records is voluntaryUse of e-signatures and records is voluntary– Govt. must accept hard copies unless otherwise Govt. must accept hard copies unless otherwise
provided by lawprovided by law
ESRA ESRA Chapter 4, Laws of 1999: Chapter 4, Laws of 1999: State Technology Law, Article 1State Technology Law, Article 1
E-signatures and records can’t be used for:E-signatures and records can’t be used for:– Negotiable instrumentsNegotiable instruments– Instruments recordable under Art. 9 of the RPL Instruments recordable under Art. 9 of the RPL
(e.g., deeds)(e.g., deeds)– Other instruments whose possession confers titleOther instruments whose possession confers title– Documents affecting life and death (Wills, Trusts, Documents affecting life and death (Wills, Trusts,
Do-not-resuscitate orders, Powers of attorney, Do-not-resuscitate orders, Powers of attorney, Health care proxies)Health care proxies)
ESRA Amended by Chapter 314 ESRA Amended by Chapter 314 Laws of New York, 2002Laws of New York, 2002
Amends and expands the definition of Amends and expands the definition of “electronic signature” to comport with the “electronic signature” to comport with the federal E-Sign Lawfederal E-Sign Law– Authorizes the use of various e-signature Authorizes the use of various e-signature
approaches in NYSapproaches in NYS OFT retains its role as “electronic facilitator” OFT retains its role as “electronic facilitator”
and regulator of e-signature/record and regulator of e-signature/record Adopted into law on August 6, 2002Adopted into law on August 6, 2002 Final regulations published in May 2003 Final regulations published in May 2003 Revised ESRA Guidelines in processRevised ESRA Guidelines in process
ESRA Definition of an E-ESRA Definition of an E-signaturesignature
ESRA Definition of an E-signatureESRA Definition of an E-signature
an electronic sound, symbol, or process, an electronic sound, symbol, or process, attached to or logically associated with an attached to or logically associated with an electronic record and executed or adopted by electronic record and executed or adopted by a person with the intent to sign the record.a person with the intent to sign the record.– Affords the greatest possible flexibility in selecting Affords the greatest possible flexibility in selecting
an appropriate e-signature solution an appropriate e-signature solution – Sets some parameters on what constitutes an e-Sets some parameters on what constitutes an e-
signature under ESRAsignature under ESRA
ESRA Definition of an E-signatureESRA Definition of an E-signature
““[A]n electronic sound, symbol, or [A]n electronic sound, symbol, or process...”process...”– A wide range of “digital objects” may serve as an A wide range of “digital objects” may serve as an
e-signaturee-signature» Can be as simple a set of keyboarded characters or as Can be as simple a set of keyboarded characters or as
sophisticated as an encrypted hash of a e-record’s sophisticated as an encrypted hash of a e-record’s contentscontents
– Allows a process to serve as an e-signatureAllows a process to serve as an e-signature» Recorded events of accessing a system are associated Recorded events of accessing a system are associated
with the content to be signed to create a record of the with the content to be signed to create a record of the signer’s actions and intentsigner’s actions and intent
ESRA Definition of an E-signatureESRA Definition of an E-signature
““[A]ttached to or logically associated [A]ttached to or logically associated with ...”with ...”– An e-signature is attached to or logically An e-signature is attached to or logically
associated with an e-record during transmission associated with an e-record during transmission and storageand storage
» Can be part of the record or maintained separately but Can be part of the record or maintained separately but associated to the record through a database, index, associated to the record through a database, index, embedded link or other means embedded link or other means
» Link between e-record and e-signature must be Link between e-record and e-signature must be Created at signing and maintained during any Created at signing and maintained during any
transmissiontransmission Retained as long as a signature is needed which Retained as long as a signature is needed which
may be the record’s full legal retention periodmay be the record’s full legal retention period
ESRA Definition of an E-signatureESRA Definition of an E-signature
““[E]xecuted or adopted by a person with [E]xecuted or adopted by a person with intent to sign the record.”intent to sign the record.”– E-signature must express the same intent as a E-signature must express the same intent as a
handwritten onehandwritten one– Must identify an individual who will convey intentMust identify an individual who will convey intent– Practices that may help avoid confusion:Practices that may help avoid confusion:
» Allow the signer to review the record to be signedAllow the signer to review the record to be signed» Inform the signer that a signature is being appliedInform the signer that a signature is being applied» Format an e-record to contain accepted signature elementsFormat an e-record to contain accepted signature elements» Express signer’s intent in the record or a certificationExpress signer’s intent in the record or a certification» Require the signer to indicate assent affirmativelyRequire the signer to indicate assent affirmatively» Record and retain date, time, and the signer intentRecord and retain date, time, and the signer intent
Example of a signature certification statement from the Department of Tax and Finance International Fuel Tax Agreement (IFTA) report (return) filing application.
Available Approaches to Available Approaches to Electronic SigningElectronic Signing
E-signature ApproachesE-signature Approaches
Most e-signature approaches involve a Most e-signature approaches involve a number of technologies, credentials, and number of technologies, credentials, and processesprocesses– More accurate to think of a range of approaches to More accurate to think of a range of approaches to
e-signing rather than an array of stand-alone e-signing rather than an array of stand-alone technologiestechnologies
Approaches provide varying levels of Approaches provide varying levels of security, authentication, and record integritysecurity, authentication, and record integrity– Can combine techniques from various approaches Can combine techniques from various approaches
to increase the strength of the above-mentioned to increase the strength of the above-mentioned attributes attributes
Click Through or Click WrapClick Through or Click Wrap
Person affirms intent or agreement by clicking Person affirms intent or agreement by clicking a buttona button
ID information collected, authentication ID information collected, authentication process (if any) and security procedures can process (if any) and security procedures can vary greatlyvary greatly
Commonly used for low risk, low value Commonly used for low risk, low value consumer transactionsconsumer transactions
Personal Identification Number (PIN) or Personal Identification Number (PIN) or Password (“shared secret”)Password (“shared secret”)
Person enters ID information, PIN and/or Person enters ID information, PIN and/or passwordpassword
System checks that the PIN and/or password System checks that the PIN and/or password is associated with the personis associated with the person
Authentication is the first part of a process Authentication is the first part of a process that involves an affirmation of intentthat involves an affirmation of intent
If over the Internet, the PIN and/or password If over the Internet, the PIN and/or password is often encrypted using Secure Sockets is often encrypted using Secure Sockets Layer (SSL)Layer (SSL)
Digitized Signature and Signature Digitized Signature and Signature DynamicsDynamics
Digitized SignatureDigitized Signature– A graphical image of a handwritten signature often created A graphical image of a handwritten signature often created
using a digital pen and pad using a digital pen and pad – The entered signature is compared with a stored copy; if the The entered signature is compared with a stored copy; if the
images are comparable, the signature is validimages are comparable, the signature is valid Signature DynamicsSignature Dynamics
– Variation on a digitized signatureVariation on a digitized signature– Each pen stroke is measured (e.g. duration, pen pressure, Each pen stroke is measured (e.g. duration, pen pressure,
size of loops, etc), creating a metric size of loops, etc), creating a metric – The metric is compared to a reference value created earlier, The metric is compared to a reference value created earlier,
thus authenticating the signerthus authenticating the signer
Shared Private KeyShared Private Key
Also known as “symmetric cryptography” Also known as “symmetric cryptography” E-record is signed and verified using a single E-record is signed and verified using a single
cryptographic keycryptographic key The key is shared between the sender and The key is shared between the sender and
recipient(s)recipient(s)– Not really "private" to the senderNot really "private" to the sender
A private key can be made more secure by A private key can be made more secure by incorporating other security techniquesincorporating other security techniques – Smart cards or other hardware tokensSmart cards or other hardware tokens in which the in which the
private key is storedprivate key is stored
Public/Private KeyPublic/Private KeyDigital SignaturesDigital Signatures
Also know as Asymmetric CryptographyAlso know as Asymmetric Cryptography Key Pair: Key Pair: Two mathematically related keysTwo mathematically related keys
• One key used to encrypt a message that can only One key used to encrypt a message that can only be decrypted using the other keybe decrypted using the other key
• Cannot discover one key from the other keyCannot discover one key from the other key Private Key: Kept secret and used to create a Digital Private Key: Kept secret and used to create a Digital
SignatureSignature– Public Key: Often made part of a “digital certificate”and Public Key: Often made part of a “digital certificate”and
used to verify a digital signature by a receiving partyused to verify a digital signature by a receiving party Often used within a Public Key Infrastructure (PKI)Often used within a Public Key Infrastructure (PKI)
– Certification Authority(CA) binds individuals to private keys Certification Authority(CA) binds individuals to private keys and issues and manages certificatesand issues and manages certificates
Bob Alice
Encrypt message digest with Private KeyValidate message digest with Public Key
Hashalgorithm
Hi Alice
Sincerely, Bob
= 12345
Encrypts digest with Bob’s Private Key
12345 ##!FV+ =
Hashalgorithm
Hi Alice
Sincerely, Bob
= 12345
Decrypts digest with Bob’s Public Key
12345##!FV + =
Hi Alice
Sincerely, Bob ##!FV
Certificate
Digital Signatures Public/Private Key Cryptography
BiometricsBiometrics
Person’s unique physical characteristic are measured Person’s unique physical characteristic are measured and converted into digital form or profileand converted into digital form or profile– Voice patterns, fingerprints, and the blood vessel patterns Voice patterns, fingerprints, and the blood vessel patterns
present on the retinapresent on the retina
Measurements are compared to a stored profile of Measurements are compared to a stored profile of the given biometricthe given biometric
If the measurements and stored profile match, the If the measurements and stored profile match, the software will accept the authenticationsoftware will accept the authentication
Can provide a high level of authenticationCan provide a high level of authentication
Smart CardSmart Card Not a separate e-signature approach in itselfNot a separate e-signature approach in itself
– It can facilitate various e-signature approachesIt can facilitate various e-signature approaches A plastic card containing an embedded chipA plastic card containing an embedded chip
– Can generate, store, and/or process data Can generate, store, and/or process data Data from the card's chip is read by software Data from the card's chip is read by software
– After a PIN, password or biometric identifier is enteredAfter a PIN, password or biometric identifier is entered More secure than a PIN aloneMore secure than a PIN alone
– Both physical possession of the smart card and Both physical possession of the smart card and knowledge of the PIN is necessaryknowledge of the PIN is necessary
Can be used to overcome concerns with shared Can be used to overcome concerns with shared secret approach to e-signaturesecret approach to e-signature
Additional FactorsAdditional Factors
Each general approach to e-signing (e.g. Each general approach to e-signing (e.g. PINs and passwords vs. digital signatures) PINs and passwords vs. digital signatures) varies in terms of:varies in terms of:– Identifying the signer Identifying the signer – Attributing a signatureAttributing a signature– Securing the integrity of both the record and the Securing the integrity of both the record and the
signaturesignature
Each can increase security and reduce riskEach can increase security and reduce risk– Often independent of the technology selectedOften independent of the technology selected
Signer identification or registrationSigner identification or registration
Method or process used to identify and Method or process used to identify and authorize a signer to use an e-signatureauthorize a signer to use an e-signature– Independent of the e-signature or e-record Independent of the e-signature or e-record
technologytechnology– Critical component of any e-signature Critical component of any e-signature
solutionsolution– The stronger the identification method the The stronger the identification method the
more assurance that the appropriate more assurance that the appropriate person signedperson signed
Signer identification or registrationSigner identification or registrationMethodsMethods
Self-identification as part of the signing process Comparison of user supplied information with a
trusted data source Acceptance of a previously conducted and trusted
process where individuals personally presented themselves and proof of identities
Separate identification process to authorize the use of an e-signature where individuals personally present themselves and proof of identities
Signer AuthenticationSigner Authentication
Policy, process and procedures used to Policy, process and procedures used to authenticate the signerauthenticate the signer
Establish a link or association between the Establish a link or association between the signer and the information and method used signer and the information and method used to sign to sign
The strength of the authentication system, The strength of the authentication system, can protect against fraud and repudiationcan protect against fraud and repudiation
Signer AuthenticationSigner AuthenticationMethodsMethods
Something that only the individual knows:Something that only the individual knows: A A secret (e.g., password or Personal Identification secret (e.g., password or Personal Identification Number (PIN))Number (PIN))
Something the individual possesses:Something the individual possesses: A token A token (e.g., ATM card, cryptographic key or smart card)(e.g., ATM card, cryptographic key or smart card)
Something the individual isSomething the individual is:: A biometric (e.g., A biometric (e.g., characteristics such as a voice pattern or fingerprint)characteristics such as a voice pattern or fingerprint)
Two factor authentication:Two factor authentication: often includes use of often includes use of hardware device such as a smart cardhardware device such as a smart card
Signature attests to the record’s Signature attests to the record’s integrityintegrity
E-signature approaches provide varying levels of E-signature approaches provide varying levels of protection against unauthorized access or tampering protection against unauthorized access or tampering with the signed e-record with the signed e-record – Systems that manage signed e-records can provide Systems that manage signed e-records can provide
protection if they have controls protection if they have controls – Controls may be needed to ensure that the integrity of the Controls may be needed to ensure that the integrity of the
signed e-record is not compromised during transmissionsigned e-record is not compromised during transmission– Added security is provided by approaches in which signature Added security is provided by approaches in which signature
validation ensures that the e-record has not been modifiedvalidation ensures that the e-record has not been modified» Digital signatures
Selecting an E-signature Selecting an E-signature ApproachApproach
A business decision A business decision
not just a technical onenot just a technical one
Is an e-signature needed or Is an e-signature needed or desirable?desirable?
Review requirements and risksReview requirements and risks– Creating and maintaining signed e-records may Creating and maintaining signed e-records may
require more resources than unsigned onesrequire more resources than unsigned ones Consider the following questions:Consider the following questions:
– Is there a legal requirement for a signature? Is there a legal requirement for a signature? » Statute of Frauds requires certain contracts to be signedStatute of Frauds requires certain contracts to be signed» Specific laws and regulations require signaturesSpecific laws and regulations require signatures
– Is there a business need for a signature? Is there a business need for a signature? » Document that the signer attested to information’s Document that the signer attested to information’s
accuracy, agreed to conditions, and/or reviewed contentsaccuracy, agreed to conditions, and/or reviewed contents» Higher risk transactions may need the protection against Higher risk transactions may need the protection against
fraud or repudiation provided by e-signaturesfraud or repudiation provided by e-signatures
Business Analysis and Risk Business Analysis and Risk AssessmentAssessment
ESRA regs § 540.4 (c) rESRA regs § 540.4 (c) requireequire govt. entities to govt. entities to conduct and document a business analysis and risk conduct and document a business analysis and risk assessment:assessment:– identifying and evaluating various factors relevant to the identifying and evaluating various factors relevant to the
selection of an electronic signature for use or acceptance in selection of an electronic signature for use or acceptance in an electronic transaction. Such factors include, but are not an electronic transaction. Such factors include, but are not limited to, relationships between parties to an electronic limited to, relationships between parties to an electronic transaction, value of the transaction, risk of intrusion, risk of transaction, value of the transaction, risk of intrusion, risk of repudiation of an electronic signature, risk of fraud, repudiation of an electronic signature, risk of fraud, functionality and convenience, business necessity and the functionality and convenience, business necessity and the cost of employing a particular electronic signature process. cost of employing a particular electronic signature process.
Business Analysis and Risk Business Analysis and Risk AssessmentAssessment
Purpose:Purpose:– To identify and evaluate factors relevant to To identify and evaluate factors relevant to
selecting an e-signature approachselecting an e-signature approach – Does not proscribe a method or set a standard Does not proscribe a method or set a standard – Protects interest in the use of sound technology Protects interest in the use of sound technology
and practices when transacting business and practices when transacting business electronicallyelectronically
Business analysis and risk assessment Business analysis and risk assessment are two parts of an integrated processare two parts of an integrated process
Business AnalysisBusiness Analysis
Possible componentsPossible components– Overview of the business processOverview of the business process– Analysis of legal and regulatory requirementsAnalysis of legal and regulatory requirements– Identification of standards or accepted practicesIdentification of standards or accepted practices– Analysis of those who will use e-signatureAnalysis of those who will use e-signature– Determination of interoperability requirementsDetermination of interoperability requirements– Determination of costs of alternativesDetermination of costs of alternatives
Business AnalysisBusiness Analysis Overview of business process and Overview of business process and
transactiontransaction Purpose and originsPurpose and origins Transactions place within the larger business Transactions place within the larger business
processprocess Services to be delivered and their value Services to be delivered and their value Parties to the transaction and other Parties to the transaction and other
stakeholdersstakeholders Transaction’s workflowTransaction’s workflow
Business AnalysisBusiness Analysis Analysis of legal and regulatory Analysis of legal and regulatory
requirementsrequirements How the transaction must be conductedHow the transaction must be conducted Signature requirementsSignature requirements
– Are they specifically required, what records need to be Are they specifically required, what records need to be signed, who must or can sign, do they need to be notarizedsigned, who must or can sign, do they need to be notarized
Records related requirementsRecords related requirements– What records must be produced What records must be produced – How long do they need to be retained,How long do they need to be retained,– Who must or can have access to the recordsWho must or can have access to the records– Specific formats proscribed for the creation, filing or Specific formats proscribed for the creation, filing or
retentionretention– Confidentiality requirementsConfidentiality requirements
Importance of the parties’ identities to the transactionImportance of the parties’ identities to the transaction
Business AnalysisBusiness Analysis
Identification of standards or accepted practices on Identification of standards or accepted practices on how e-transactions are conducted and e-signedhow e-transactions are conducted and e-signed– May be key factor in selecting a solutionMay be key factor in selecting a solution
Analysis of parties to e-signed transactionAnalysis of parties to e-signed transaction– NumbersNumbers– LocationLocation– Demographic characteristicsDemographic characteristics– Access to technologyAccess to technology– Accessibility requirementsAccessibility requirements– Prior business relationshipsPrior business relationships
Business AnalysisBusiness Analysis Interoperability requirementsInteroperability requirements
Compatibility with an existing technology Compatibility with an existing technology environment environment
Interoperability or consistency with Interoperability or consistency with approaches used by partnersapproaches used by partners– Governmental or privateGovernmental or private
Leveraging an existing and proven solutionLeveraging an existing and proven solution
Business AnalysisBusiness Analysis Cost of alternative approachesCost of alternative approaches
Hardware and software purchasesHardware and software purchases Implementing additional policies and Implementing additional policies and
proceduresprocedures Personnel to implement policies, Personnel to implement policies,
procedures, or services procedures, or services Training costsTraining costs Maintenance costs including help desk Maintenance costs including help desk
and user supportand user support
Risk AssessmentRisk Assessment
E-signatures may serve a security function E-signatures may serve a security function – They usually include signer authenticationThey usually include signer authentication– Some approaches provide message Some approaches provide message
authentication and repudiation protectionauthentication and repudiation protection
Selection of an e-signature solution includes Selection of an e-signature solution includes identifyingidentifying – Potential risks involved in a signed e-transactionPotential risks involved in a signed e-transaction– How e-signature approaches can address those How e-signature approaches can address those
risksrisks
Risk AssessmentRisk Assessment
RiskRisk is the is the likelihoodlikelihood that a that a threatthreat will exploit a will exploit a vulnerabilityvulnerability, and have an adverse , and have an adverse impactimpact– ThreatThreat is a potential circumstance, entity or event capable of is a potential circumstance, entity or event capable of
exploiting vulnerability and causing harmexploiting vulnerability and causing harm– VulnerabilityVulnerability is a weakness that can be accidentally is a weakness that can be accidentally
triggered or intentionally exploitedtriggered or intentionally exploited– ImpactImpact refers to the magnitude of harm that could be refers to the magnitude of harm that could be
caused by a threatcaused by a threat– Likelihood Likelihood that a threat will actually materializethat a threat will actually materialize
To assess risks an entity should identify and analyze To assess risks an entity should identify and analyze each of the aboveeach of the above
Risk AssessmentRisk AssessmentSources of threatSources of threat
– Parties to the transactionParties to the transaction– Governmental entity staffGovernmental entity staff– Malicious third parties such as hackers or Malicious third parties such as hackers or
crackerscrackers
Risk AssessmentRisk Assessment VulnerabilitiesVulnerabilities
RepudiationRepudiation – Possibility that a party to a transaction denies that it Possibility that a party to a transaction denies that it
ever took placeever took place FraudFraud
– Knowing misrepresentation of the truth or Knowing misrepresentation of the truth or concealment of facts to induce another to act to his or concealment of facts to induce another to act to his or her detrimenther detriment
IntrusionIntrusion – Possibility that a third party intercepts or interferes Possibility that a third party intercepts or interferes
with a transactionwith a transaction Loss of access to records Loss of access to records
– For business and legal purposesFor business and legal purposes
Risk AssessmentRisk Assessment Potential ImpactsPotential Impacts
Financial Financial – Average dollar value of transactionsAverage dollar value of transactions– Direct loss to the governmental entity, citizen or other entityDirect loss to the governmental entity, citizen or other entity– Liability for the transactionLiability for the transaction
Reputation and credibilityReputation and credibility– Relationship with the other involved partyRelationship with the other involved party– Public visibility and perception of programsPublic visibility and perception of programs– History or patterns of problems or abusesHistory or patterns of problems or abuses– Consequences of a breach or improper transactionConsequences of a breach or improper transaction
Productivity Productivity – Time criticality of transactionsTime criticality of transactions– Number of transactions, system users, or dependentsNumber of transactions, system users, or dependents– Backup and recovery proceduresBackup and recovery procedures– Claims and dispute resolution proceduresClaims and dispute resolution procedures
Risk Assessment Risk Assessment LikelihoodLikelihood
Motivation and capability of threatMotivation and capability of threat Nature of the vulnerability Nature of the vulnerability Existence and effectiveness of controlsExistence and effectiveness of controls A threat is highly likely where: A threat is highly likely where:
– Its source is highly motivated and capableIts source is highly motivated and capable– Controls are ineffectiveControls are ineffective
Risk AssessmentRisk AssessmentRisk MatrixRisk Matrix
High Risk =11-16 Medium Risk =8-10 Low Risk =4-7 Negligible Risk =1-3
Select an E-signature SolutionSelect an E-signature Solution
Balance business concerns (e.g., user Balance business concerns (e.g., user acceptance and ease of deployment) with risk acceptance and ease of deployment) with risk reductionreduction
Identify overriding concernsIdentify overriding concerns– An overriding factor might be compatibility with an An overriding factor might be compatibility with an
existing standard or solution existing standard or solution – Cost may be an overriding factor where risk is lowCost may be an overriding factor where risk is low
Cost-Benefit AnalysisCost-Benefit Analysis
Can help entities decide on how to allocate resources Can help entities decide on how to allocate resources and implement a cost-effective e-signature solutionand implement a cost-effective e-signature solution– Used to evaluate feasibility and effectiveness for each Used to evaluate feasibility and effectiveness for each
proposed solution to determine which are appropriate proposed solution to determine which are appropriate – Can be qualitative or quantitativeCan be qualitative or quantitative– Demonstrates that a solution’s cost is justified by reducing Demonstrates that a solution’s cost is justified by reducing
riskrisk Cost-benefit analysis can encompass the followingCost-benefit analysis can encompass the following
– Determining the impact of implementing the solutionDetermining the impact of implementing the solution– Determining the impact of not implementing it Determining the impact of not implementing it – Estimating the costs of the implementation Estimating the costs of the implementation – Assessing costs and benefits against system and data Assessing costs and benefits against system and data
criticalitycriticality
Documenting a Business Analysis and Documenting a Business Analysis and Risk AssessmentRisk Assessment
ESRA regulation requires that the BA and RA be documentedESRA regulation requires that the BA and RA be documented – How, or in what detail is up to the governmental entityHow, or in what detail is up to the governmental entity
Minimum documentation should coverMinimum documentation should cover– Process used including factors mentioned in the ESRA Process used including factors mentioned in the ESRA
regulationregulation– Result and decision reached including justificationResult and decision reached including justification
The resulting documentation should beThe resulting documentation should be– Accurate and readily availableAccurate and readily available– Clear and understandable to an outside audience Clear and understandable to an outside audience – Retained as long as the e-signature solution is usedRetained as long as the e-signature solution is used
Signed E-records Management Signed E-records Management IssuesIssues
Signed E-records Management Signed E-records Management IssuesIssues
Same issues as with unsigned e-records Same issues as with unsigned e-records – Focus is on the system and businesses processes Focus is on the system and businesses processes
that produce the e-recordthat produce the e-record
Preserving links between e-signed e-record’s Preserving links between e-signed e-record’s components is criticalcomponents is critical– Components provide evidence to support the Components provide evidence to support the
reliability and authenticity of the signed e-recordreliability and authenticity of the signed e-record– May actually constitute the e-signature itselfMay actually constitute the e-signature itself
Signed E-records Management Signed E-records Management IssuesIssues
Key challenges faced in maintaining e-Key challenges faced in maintaining e-signed e-recordssigned e-records– Determining what needs to be retained to Determining what needs to be retained to
constitute a valid signed e-recordconstitute a valid signed e-record– Preserving the association between the Preserving the association between the
signed e-record’s various components over signed e-record’s various components over timetime
Determining what needs to be retainedDetermining what needs to be retained
Cannot predict what the courts will requireCannot predict what the courts will require– Difficult to determine what information will be neededDifficult to determine what information will be needed
BA/RA used to select approach can help determine BA/RA used to select approach can help determine what needs to constitute the signed e-recordwhat needs to constitute the signed e-record
E-signature method will partially determine what will E-signature method will partially determine what will be retainedbe retained– Digital object: Maintain the ability to revalidate e-signaturesDigital object: Maintain the ability to revalidate e-signatures– Signature process: Maintain adequate documentation of the Signature process: Maintain adequate documentation of the
e-signature’s validitye-signature’s validity
Determining what needs to be retainedDetermining what needs to be retained
Digital object (encrypted hash, digitized signature, Digital object (encrypted hash, digitized signature, signature dynamic, other biometric)signature dynamic, other biometric)– Evidence that the e-signature was electronically validatedEvidence that the e-signature was electronically validated– Functionality and records needed to revalidatedFunctionality and records needed to revalidated– Vary according to the technology or approach usedVary according to the technology or approach used
» Digital signature: public key of the presumed signer Digital signature: public key of the presumed signer decrypted the message digest/hash and the hashes decrypted the message digest/hash and the hashes matchedmatched
» Biometric: biometric profile of the signature matched the Biometric: biometric profile of the signature matched the stored profilestored profile
Determining what needs to be retainedDetermining what needs to be retained
Signature is a process (PIN, password, Signature is a process (PIN, password, click wrap)click wrap)– Signature does not exist as a discreet Signature does not exist as a discreet
object and can’t be revalidatedobject and can’t be revalidated– Adequate documentation that the e-Adequate documentation that the e-
signature was valid when it was created signature was valid when it was created must be retainedmust be retained
– No court decisions on the validity of an e-No court decisions on the validity of an e-signaturesignature» Can’t predict what the courts will requireCan’t predict what the courts will require
Determining what needs to be retainedDetermining what needs to be retained
Regardless of e-signature approach, entities Regardless of e-signature approach, entities should minimally retain documentation of the:should minimally retain documentation of the:– Signer’s identitySigner’s identity– Process used to identify and authenticate the Process used to identify and authenticate the
personperson– Date and time an individual was authenticatedDate and time an individual was authenticated– Signer’s intentSigner’s intent– Date and time that the signing process was Date and time that the signing process was
completedcompleted
Preserving the association between a signed Preserving the association between a signed record’s various componentsrecord’s various components
Systems can manage signed e-records’ componentsSystems can manage signed e-records’ components– Must be accounted for when systems are plannedMust be accounted for when systems are planned
E-records with long retention periods may need to be E-records with long retention periods may need to be migrated to a new system or stored offlinemigrated to a new system or stored offline– Need to preserve the association of their various Need to preserve the association of their various
componentscomponents– Should be planned and well documentedShould be planned and well documented– Conducted in the normal course of businessConducted in the normal course of business– Insure the records’ authenticity, integrity, and reliabilityInsure the records’ authenticity, integrity, and reliability
E-signature StrategiesE-signature Strategies
Questions and ConcernsQuestions and Concerns
NYS Office for TechnologyNYS Office for Technology
Strategic Policies, Acquisitions and e-CommerceStrategic Policies, Acquisitions and e-Commerce
518-473-0224518-473-0224
[email protected]@oft.state.ny.us
http://www.oft.state.ny.us/esra/esra.htmhttp://www.oft.state.ny.us/esra/esra.htm