Digital Signature: Use and Modification to Achieve

Success in Next Generational E-Business Processes

Alok Gupta
Department of Information and Decision Sciences
Carlson School of Management
University of Minnesota
Minneapolis, MN 55455
Phone: (612) 626-0276
E-mail: agupta@csom.umn.edu

Y. Alex Tung
Department of Operations and Information Management
School of Business Administration
University of Connecticut
Storrs, CT 06269
Phone: (860) 486-6470
E-mail: atung@sba.uconn.edu

James R. Marsden
Shenkman Chair in e-Business
Department of Operations and Information Management
School of Business Administration
University of Connecticut
Storrs, CT 06269
Phone: (860) 486-4065
E-mail: jimm@sba.uconn.edu
 Digital Signature: Use and Modification to Achieve Success in Next Generational E-Business
Processes

Acknowledgements
The concepts and ideas in this paper have been developed over the past two years in an attempt to adopt the leading
edge technologies for everyday business processes. The authors interacted with several high level and operational
managers along with several digital signature software providers. The operational managers helped in shaping and
refining the vision of an ideal digital signature process and helped identify the shortcomings/limitations of current
technology. We are also grateful to the students at UCONN’s edgelab who went in uncharted waters and helped
develop the prototype using cutting edge technology (RSA’s Web Passport) as it was being released for beta testing.
We are also thankful to the GE Capital managers at edgelab for their feedback and for helping and arranging the
necessary contacts and tools for this project. This work was partially supported by funding from the Treibick
Electronic Commerce Initiative, Department of Operations and Information Management, School of Business,
University of Connecticut. First author’s research is supported in part by NSF CAREER grant # IIS-0092780, but
does not necessarily reflect the views of the NSF.

Author Biographies
Alok Gupta
Alok Gupta is at present Associate Professor at the department of IDS at Carlson School of Management, University
of Minnesota. He formerly was an Assistant Professor at the department of OPIM at the University of Connecticut
from 1996 to 2001 where he served as co-director of the Treibick Electronic Commerce Intiative and on the edgelab
steering committee. His research has been published in several leading Information Systems, Computer Science, and
Economics Journals such as Information Systems Research, Communications of the ACM, Journal of Management
Information Systems, Decision Support Systems, Journal of Economic Dynamics and Control, Information
Technology and Management, Computational Economic, and numerous others. He was a recipient of the
prestigious NSF CAREER grant for his work on electronic market design and evaluation in 2001. Dr. Gupta serves
on the editorial board of Decision Support Systems and Brazilian Electronic Journal of Economics.

James R. Marsden
Dr. James R. Marsden, the Shenkman Family Chair in e-Business, came to UConn in 1993 as Professor and Head,
Department of Operations and Information Management, School of Business Administration, University of
Connecticut. Dr. Marsden currently serves as Executive Director of the Connecticut Information Technology
Institute, Executive Director of the Treibick Electronic Commerce Initiative, Director of the OPIM/SBA MIS
Research Lab, on the edgelab Steering Committee, and on the Advisory Board and Steering Committee of UConn's
CIBER. Dr. Marsden was a winner of the initial Chancellor's Award for IT Excellence and has a lengthy record in
market innovation and analyses, economics of information, artificial intelligence, and production theory. His
research work has appeared in Management Science; IEEE Transactions on Systems, Man, and Cybernetics;
American Economic Review; Journal of Economic Theory; Journal of Political Economy; Computer Integrated
Manufacturing Systems; Decision Support Systems; Journal of Management Information Systems, and numerous
other academic journals. Professor Marsden received his A.B. (Phi Beta Kappa, James Scholar, Evans Scholar)
from the University of Illinois and his M.S. and Ph.D. from Purdue University. Having completed his J.D., Jim has
been admitted to both the Kentucky and Connecticut Bar. He is an Area Editor of Decision Support Systems and
serves in a frequent external evaluator for major U.S. and international universities. He has held visiting positions at
the University of York (England), University of Arizona, Purdue University, and the University of North Carolina.

Alex Tung
Dr. Y. Alex Tung is currently an Associate Professor in the Department of Operations and Information Management
at the University of Connecticut. His research interests are applied artificial intelligence, expert systems,
telecommunications, and experimental economics. His research has appeared in Management Science, Journal of
Management Information Systems, Decision Support Systems, European Journal of Operational Research, Journal of
Multi-Criteria Decision Analysis, Journal of Computer Information Systems, Journal of Business Research and
numerous other journals.

1
 Digital Signature: Use and Modification to Achieve Success in Next
Generational E-Business Processes

Abstract

A new law, the Electronic Signatures (E-Sign) in Global and National Commerce Act
(signed by then President Clinton on June 30, 2000 with an effective date of October 1,
2000), grants electronic signatures legal validity equivalent to traditional handwritten
counterparts. The intention of this law is to cut costs while providing more stringent
security. In the emerging e-commerce arena, electronic signatures hold great potential
for facilitating secure electronic transactions. But signatures are used in many critical
business processes that are prior to or independent of final transactions. Contract
development and numerous other processes entail a series of draft modifications and
sign-offs. Can electronic signatures provide cost savings and security in these
activities? In this paper, we

i) detail fundamentals and current status of electronic signatures;

ii) describe the integration of electronic signatures with electronic verification
and authentication technologies;
iii) explore e-commerce applications, especially document management
processes, that could benefit from adopting electronic signatures; and,
iv) propose modifications to the electronic signature process to enable
innovative document management processes. We propose modifications
using
v) partial document ownership, soft signatures, and hard signatures.

Keywords: Electronic Signature, Digital Signature, E-Commerce, Computer Verification

and Authentication, Biometrics Technologies, Computer Security, Negotiation
Support
ISRL categories: AD0514, GA0501, HA10, HA1201, HA1202, FE0103, EK01.

2
 I. INTRODUCTION

A new law, the Electronic Signatures (E-Sign) in Global and National Commerce Act

(signed by then President Clinton on June 30, 2000 with an effective date of October 1,

2000), grants electronic signatures legal validity equivalent to traditional handwritten

counterparts. The intention of this law is to cut costs while providing more stringent

security. In the emerging e-commerce arena, electronic signatures hold great potential

for facilitating secure electronic transactions. But, as we illustrate, signatures are used

in many critical business processes that are prior to or independent of final

transactions.

This paper’s primary focus is on the techniques commonly referred to as “digital

signatures” which are attachments to documents used to verify or authenticate a

"signer" and the document signed. The creation of digital signatures involves the

application of various technical processes that we detail in sections that follow.

Combined with certificates issued by trusted third parties and enhanced by biometric

authentication tools, digital signatures are gaining a presence in the transaction or final

document arena. Our argument, however, is that the really significant benefits from

digital signatures for companies and organizations lie in potential improvement of

stepwise sign-off processes including negotiation and contract/document generation.

Following the American Bar Association guidelines [2001], we differentiate digital

signatures from the more mundane digitized images of handwritten signatures, ” typed

notations such as ‘/s/ John Smith’, or even addressing notations, such as electronic

mail headers” [ABA Digital Signatures Guidelines, 2001]. In addition to improved

security, digital signatures provide the following advantages:

3
 i) no need to print out documents for signing;
ii) reduced storage of paper copies;
iii) capabilities for improved management and access
(anytime/anywhere) of electronic versus paper documents;
iv) elimination of need for faxing or costly overnight mailing of
documents – reduction of cycle time to complete deals;
v) improved security of environment for document transmission; and.
vi) potential to support and enhance management processes outside
the “final signature” step.

We begin in Section II by detailing the fundamentals and current state-of-the-art

of digital signatures and the digital signature process. Section III then outlines several

emerging authentication technologies that can be leveraged to enhance the security of

digital signatures. In Section IV, we consider the more general problem of

management processes requiring sequences of document review, modification, and

sign-off. We suggest the use of modified digital signature techniques and propose the

introduction of partial document ownership, soft signatures, and hard signatures.

Our concluding remarks center on managerial implications and next steps.

II. CONCEPT AND CURRENT STATUS OF DIGITAL SIGNATURE

Authentication is any process through which one verifies certain information. One

may want to verify the origin of a document, the identity of the sender, the time and

date a document was sent and/or signed, the identity of a computer or user, and so on.

The process of verifying that an individual has authenticated or signed a document

(i.e., signer and document verification) involves the following elements:

digital signature - created and verified using an asymmetric

cryptography or cryptosystem;

private key – one part of asymmetric cryptosystem, it is used to create the

digital signature; should be known only to signer;

4
 public key – second part of asymmetric cryptosystem used to verify the digital
signature; must be available to all those needing to verify digital signature;
and,

hash function - algorithm used in creating a digital representation, unique to

a message or document, in the form of a hash value or hash result; usually of
a standard length significantly smaller than message or document.

The ABA guidelines provide this summary of the digital signature process:

To sign a document or any other item of information, the signer first delimits
precisely the borders of what is to be signed. The delimited information to be
signed is termed the “message”…a hash function in the signer’s software
computes a hash result unique (for all practical purposes) to the message.
The signer’s software then transforms the hash result into a digital signature
using the signer’s private key. The resulting signature is thus unique to both
the message and the private key used to create it.

Typically, a digital signature (a digitally signed hash result of the message) is

attached to its message and stored or transmitted with the message.
However, it may also be sent or stored as a separate data element, so long as
it maintains a reliable association with its message. Since a digital signature
is unique to its message, it is useless if wholly disassociated from its
message.

Verification of a digital signature is accomplished by computing a new hash

result of the original message by means of the same hash function used to
create the digital signature. Then, using the public key and the new hash
result, the verifier checks: (1) whether the digital signature was created using
the corresponding private key; and (2) whether the newly computed hash
result matches the original hash result which was transformed into the digital
signature during the signing process. The verification software will confirm the
digital signature as "verified" if: (1) the signer's private key was used to
digitally sign the message, which is known to be the case if the signer's public
key was used to verify the signature because the signer's public key will verify
only a digital signature created with the signer's private key; and (2) the
message was unaltered, which is known to be the case if the hash result
computed by the verifier is identical to the hash result extracted from the
digital signature during the verification process. (N.B. - ABA Guidelines refer
in several spots to Schneier, 1996)

As noted in the ABA Guidelines, there are a variety of asymmetric cryptosystems

that create and verify digital signatures. While these systems use different algorithms,

5
they share the operational pattern described above. Figure 1 depicts the digital

signature creation and verification processes.

Electronic reverse hashing

Document Electronic Electronic
Document Document

hashing +

e-signing Electronic verifying

Result of Signature
Hashing
Valid?

Private Key Public Key

Only Private Key Holder Can Sign Anyone Can Verify

Digital Signature Creation Process Digital Signature Verification Process

Figure 1 Digital Signature Creation and Verification Processes

In addition to the signer and the recipient, a third party has come to play a

significant role in the digital signature process. Commonly referred to as the trusted

third party, this individual or entity commonly issues an electronic certificate verifying

that a particular public key is associated with a specific individual who holds the

corresponding private key. Often referred to as the certification authority, the trusted

third party in effect provides a service certifying authenticity of signer and document. In

fact, the trusted third party often digitally signs the certificate, a digital signature that can

be “certified” by yet another trusted third party. In fact, it is important to understand that

the process itself may be repeated ad infinitum with certification/verification occurring at

higher and higher levels of a hierarchy. What stops the process is the willingness of the

recipient, the one relying upon the validity of the original signature, to accept the original

6
signature as genuine. Clearly, efficiency in e-business applications is directly tied to

such acceptance occurring very early in this cycle.

In fact, both the technology of digital signatures and the necessary legal authority

are now in place to attain such efficiency. Like other once “new” transaction processes

such as holding stocks in street names or using Federal Reserve notes rather than

silver or gold certificates, gains from convenience and efficiency paired with process

familiarity and the emergence of “long lasting” trusted third parties will drive the

acceptance and use.

II.I Digital Signatures Within a Given Organization

Digital signatures can also be used in processes or transactions within a given

organization. In this situation, an existing entity such as a network security director,

MIS help desk, or any other verifiable controlling authority can act as the certification

authority and mitigate acceptance and use issues. Figure 2 presents a pictorial

description of such a process, which we term an Organization Digital ID.

John Doe’s Information: Name, Organization, Address, etc.

John Doe’s Public Key

Digital ID Certificate Number

Digital ID Expiration Date

XYZ Corp.’s Digital Signature and ID Information

Figure 2 A Sample Subscribed Digital ID for John Doe from XYZ Corp.

7
 In this structure, each time someone sends a message, they attach their

Organization Digital ID (ODigID). The recipient of the message first uses the ODigID to

verify that the author's Public Key is authentic, then uses that Public Key to verify the

message itself. This way, only one Public Key, that of the certifying authority, has to be

centrally stored or widely publicized, since then everyone else can simply transmit their

Public Key and valid ODigID with their messages.

Using ODigIDs, an authentication chain can be established that corresponds to

an organizational hierarchy, allowing for convenient Public Key registration and

certification in a distributed environment. One common way this can be achieved is via

directory services. A directory makes an information source available to a user

community—for example, information about employees, such as names, telephone

numbers and e-mail addresses, or information about network resources such as

printers and routers. Many network applications and utilities rely upon directory

services of some type.

Many enterprises today operate multiple independent directory services based

on separate proprietary protocols, requiring separate administration and maintenance

of each service. As the number of applications and utilities relying on directories has

increased, the task of maintaining these separate directories has become increasingly

difficult. However, a single directory service could be structured to support the

enterprise as a whole, accessed by an industry standard access protocol (Figure 3).

The goal of establishing the directory as the unified information source for the

enterprise can only be met if all the applications relying on the directory support a

8
common means of accessing and interpreting the information stored therein. Open

standards are clearly essential.

Employee
Public Key Database Network
Infrastructure Administration

Router
Conferencing Directory (DEN)

Email
(S/MIME) Single Sing-On Workflow
(HTTP)

Figure 3 The Directory Service As the Hub of a Large Distributed System.

A directory is essentially a database. Unlike more general-purpose databases,

the information in a directory is generally read much more often than it is changed.

Updates to a directory are typically simple changes to a single entry rather than read-

then-modify transactions affecting many entries as is typical of other databases. As a

result, a directory does not, in general, require the complex transaction management or

roll back schemes supported by database products designed to support a high volume

of complex updates. A general-purpose database is designed to balance many

different requirements. A directory is tuned to give quick response to high volumes of

queries.

9
 A fully featured directory allows information to be replicated amongst multiple

servers to increase availability and reliability. Unlike a database application, which

relies on absolute consistency across all database replicas, a directory application is

typically tolerant of transient inconsistencies. This tolerance leads to a significant

decrease in the complexity of the replication protocols. This in turn can make the

deployment of large directory systems simpler than deployment of a replicated

database system of the same scale.

These directories can then be used with Public Key Infrastructure (PKI), a

system of digital certificates, Certificate Authorities, and other registration authorities

that verify and authenticate the validity of each party involved in an Internet transaction.

PKIs are currently evolving and there is no single PKI or even a single agreed-upon

standard for setting up a PKI. However, nearly everyone agrees that reliable PKIs are

necessary before electronic commerce can become widespread. While the majority of

organizations develop wholly in-sourced PKI solutions, there are several vendors for

directory services and PKI implementations.

The discussion above included the fundamentals of digital signatures and

potential uses both within a specific organization and in broader transaction contexts.

As described, digital signatures are currently only useful in a very limited arena. In the

material that follows, we suggest that the potential for digital signatures is far greater if

we are able to: 1) improve certain security aspects of the process, and 2) extend the

process and technology to facilitate common business practices that fall outside the

limited realm of current digital signature capabilities.

10
 III. ENHANCED SECURITY

While digital signatures are already being used by companies such as Federal Express

in the physical world and BuyAndHold.com in the electronic world, the scope of current

applications is limited since the only requirement is to obtain the verification from a

customer that he/she agrees to the statements in a given document. The party that

requires the customer's signature produces the document. The customer does not

have the opportunity or the means to edit the document. Thus, the signed documents'

integrity can never be questioned. The signer's authenticity is not under question since,

in these environments, either the signer provides key personal information (in a secure

environment) or is physically present. Expanding the scope of digital signature

applications will require enhanced security, the topic of this section.

For electronic contracts and negotiations, where all the parties involved may

have opportunity and means to alter the document, a signature must meet the following

two properties:

• Signer authentication: A signature should indicate who signed a document,

message, or record;

• Document authentication: A signature should verify the document, i.e., "what is

signed," making it impracticable to falsify or alter the signed matter.

While the digital signatures based on encryption mechanisms provide significant

protection from document related inconsistencies, signer authentication is reliable only

to the extent that the key used was of the appropriate person. The key can be

compromised by insecure computers, revelation of password, or numerous other

occurrences.

11
 Signer authentication can be enhanced by attaching unique identification traits of

individuals with a document as an electronic signature. There exist numerous

electronic authentication technologies, which can serve this role. While some are

already providing effective protection, others show significant potential. We briefly

compare the following alternatives: traditional password, key cards, face recognition,

fingerprints, hand geometry, retina pattern, iris scan, voice, DNA, and hand-written

signature scan.

Five fundamental performance factors are used to compare these technologies:

failure to authenticate, false acceptance rate, false rejection rate, ease of use, and

highly secure (difficult to forge or replicate). An ideal electronic authentication system

should satisfy these five performance criteria as depicted in Figure 4.

Failure to Highly Secure

Authenticate

False Rejection Good Authentication False Acceptance

Rate System Rate

Ease of Use

* Arrow directions indicate “high” or “low”

Figure 4 An Ideal Electronic Authentication System

12
 We briefly explain each technology, followed by a comparison table (Table 1)

using the five performance factors.

1) Traditional Password

This is the simplest and oldest way of authenticating a computer system user. It

is the most widely used authentication technology as of today. The technology is easy

to be implemented on any system. However, it is generally viewed as a relatively low-

security option when compared with other technologies. This is due to the frequency of

forgotten or co-opted passwords. In addition, there are well-structured and effective

hacking techniques for password log-ons.

2) Key Cards

Traditional key cards are mostly magnetic strip cards that store the PIN or

password in the magnetic strip in the same way as we store data on a floppy disk. The

user obtains the authentication to a computer system, network, or physically secured

building upon exposing the card under a magnetic reader and passing the verification

process. In addition to very limited storage capabilities, key cards are vulnerable to

damage and to theft. Thus they provide little, if any, functionality greater than that of a

password. In fact, key cards can be viewed as the equivalent of carrying a PIN or a

password.

3) Smart Cards

A recent evolution of key cards is what has been termed "the smart card."

Identical in size and feel to credit cards, smart cards store information on an integrated

microprocessor chip located within the body of the card. These chips hold a variety of

information, from stored (monetary)-value used for retail and vending machines, to

13
secure information and applications for higher-end operations such as

medical/healthcare records. New information and/or applications can be added

depending on the chip capabilities. Smart cards allow thousands of times the

information storable on magnetic stripe cards. In addition, smart cards are more

reliable, perform multiple functions and are more secure because of high security

mechanisms such as advanced encryption.

4) Face Recognition

Facial images are probably the most common biometric characteristic used by

humans to make a personal identification. Facial recognition identifies an individual by

analyzing the unique shape, pattern and positioning of facial features (Zhang, et al.,

1997). There are essentially two methods of processing the data: video and thermal

imaging. Standard video techniques are based on the facial image captured by a video

camera. Thermal imaging techniques analyze the heat-generated pattern of blood

vessels underneath the skin. Currently, this technology suffers from lack of reliability.

For example, systems have difficulty in distinguishing twins or triplets, in recognizing

users after minor changes such as a haircut, or identifying an individual as the same

individual when not wearing glasses as when wearing glasses (Dougman, 1993).

5) Fingerprints

A fingerprint is the pattern of ridges and furrows on the surface of a fingertip. All

fingerprints contain a unique physical characteristic called minutiae. These are the

discontinuities that interrupt the otherwise smooth flow of ridges. Minutiae are

distinctive among people. They are the basis for most finger-scan authentication. The

quality of a fingerprint image is relative to the number of minutiae points captured. In a

14
recent class study at the University of Connecticut's edgelab (see summary report from

the class posted at http://www.sba.uconn.edu/users/atung/d-sign/), student researchers found

that between 24 and 70 minutia points are sampled in a current typical optical

fingerprint reader. The analysis also indicated that, based on threshold value utilized,

the fingerprint technology generates false acceptances at a rate between 1:1,000 and

1:100,000. Second, due to its traditional association with police investigation of

crimes, this technology has difficulty in user acceptability. Together, these factors

considerably impede the use of fingerprint id technology in the authentication process.

6) Hand Geometry

Hand geometry is based on the fact that virtually every person’s hand is shaped

differently and that the shape (which include measurements such as lengths and width

of the fingers and knuckles, etc.) does not change (after a certain age) significantly over

time. One major advantage of using hand geometry is that neither the environment

(e.g. humid weather) nor individual anomalies (e.g. dry skin) has significant effects on

the identification accuracy. Current disadvantages, unfortunately, include both a lack

of discriminative capabilities and the cumbersome size of the hand geometry-based

system.

7) Retina Pattern

The retina is the layer of blood vessels at the back of the eyes. Digital images of

retina patterns can be acquired by directing a low-intensity beam of visual or infrared

light into the eyes to capture the unique retina characteristics. An area known as the

fovea, situated at the center of the retina, is scanned and the unique pattern of the

blood vessels is captured. Retina biometrics is considered to be the best biometric

15
performers. However, despite its accuracy, this technique is often thought to be

inconvenient and intrusive. As such, it is difficult to gain general acceptance of it by the

end user. The retinal scanner requires an individual to stand still while it is reading the

retinal information. Eye and retinal scanner are ineffectual with the blind and those who

have cataracts.

8) Iris Scan

The iris is the annular region of eye bounded by pupil and sclera (white of the

eye). Each iris is unique and even irises of identical twins are different. An iris

recognition system uses a video camera to capture the sample while the software

compares the resulting data against stored templates. One advantage of iris scan is

that it is extremely difficult to surgically tamper iris texture information and it is easy to

detect artificial irises (Wildes, 1997). In addition, the iris scan technology builds an

"iriscode" around the striations, coronas, and filaments. In fact, the false-accept rate is
78
purportedly (or theoretically) 1:10 . In the class study project at UConn's edgelab (see

http://www.sba.uconn.edu/users/atung/d-sign/), there were no incidents of false-accept. When

advanced auto-calibration cameras were used, false rejects rarely occurred. The

edgelab class report offered the following three key summary points relating to iris

scan:

- Iris scan is strategically a very compelling biometric for both identification

and authentication, due to rich, static nature of the patterns in the iris;

- Iris scan is functionally viable today for physical security and may be cost-
effective for large installations; and,

- Desktop iris scan is still relatively immature, but has strong future potential,
as next-generation cameras will have capability to provide high-compression
desktop video-conferencing and facial recognition for persistence.

16
9) Voice

Voice-based verification (voice recognition) can be either a text-dependent or a

text-independent verification (Campbell, Jr., 1997). A text-based verification

authenticates the identity of an individual based on utterance of a fixed predetermined

phrase. A text-independent verification verifies the identity of a speaker by analyzing

unique speech characteristics, such as the frequency between phonetics. While voice

recognition is convenient, it is not completely reliable due to the risks of impersonation,

remote access, and inaccuracy. A person with a cold or laryngitis may have problems

using a speaker recognition system due to false rejection. In fact, the edgelab class

study indicates very poor false-reject rates linked to factors including throat congestion,

lethargy, excitement, and background noise.

10) DNA

DNA (Deoxyribonucleic acid) is a chemical structure that forms

chromosomes. Structurally, DNA is a double helix: two strands of genetic

material spiraled around each other. Each strand contains a sequence of bases

(also called nucleotides). The chemical structure of everyone's DNA is the

same. The only difference between people (or any animal) is the order of the

base pairs. There are so many millions of base pairs in each person's DNA that

every person has a different sequence. Using these sequences, every person

could be identified solely by the sequence of their base pairs. However,

altogether each person carries around 200,000 genes in each cell, comprising

three billion “base pairs” which makes the identifying task very time-consuming.

17
The technology of using DNA fingerprints as a sort of genetic bar code to identify

individuals is still in its infancy stage.

11) Hand-written Signature Scan

Hand-written signature scan is the process used to recognize an individual’s

hand-written signature. It is a biometric technology that is used to positively identify a

person from their handwritten signature. This is done by analyzing the shape, speed,

stroke, pen pressure, and timing information during the act of signing the signature.

Hand-written signature is natural and intuitive. The technology is easy to explain and

trust. The primary advantage it has over other types of biometric technologies is that

signatures are already accepted as the common method of identity verification. This

history of trust means that people are very willing to accept a signature based

verification system.

We can also compare the above authentication technologies using two

dimensions: biometrics/objects and behavioral/physical. Figure 5 provides an

illustration of these comparisons.

We view the alternative authentication technologies as add-ons to the digital

signature used to enhance the authenticating power of the process. As valuable as this

combination may prove to be, it is still limited to final document and signer

authentication. We argue in the next section that the adaptation of these techniques to

include partial document ownership, soft signatures, and hard signatures (all explained

below) enables new document management processes that hold the really significant

gains.

18
 Performance Failure to False Rejection False Ease of Use Highly Secure
Factors Authenticate Rate Acceptance
Technologies Rate
E-Signature

Traditional Password

Key Cards

Face Recognition

Fingerprints

Hand Geometry

Retina Pattern

Iris Scan

Voice

DNA

Hand-written
Signature
* Filled circle indicates higher performance

Table 1 A Comparison of Authentication Technologies based on Five Performance Factors

19
 Behavioral

Hand-written
Signature Scan

Electronic Signature Voice

Objects Biometrics

Key Cards Finger Prints Hand Geometry

Password
Face Retina Scan

Iris Scan DNA

Physical

Figure 5 A Two-Dimensional Comparison of Authentication Technologies

IV. E-SIGNATURE FOR DOCUMENT MANAGEMENT PROCESSES: A

FRAMEWORK

IV.I Digital Signature for Signing Documents for Archival

As one would expect, initial applications of new information technologies have focused

on the most straightforward, "low hanging fruit." In many cases this has been

transaction processing. As detailed above, digital signature technology has been no

exception. In a typical digital signature final transaction application, an individual either

uses the public key of the receiver or his own private key to sign a document. When

the document reaches the designated receiver, it can be opened and verified by using

the appropriate key. Such applications are straightforward and do offer potentially

20
significant efficiency and cost savings gains. But such applications are only a small part

of the potential application of digital signatures.

Consider the B2B process of hammering out a contract. Here, multiple

individuals may need to review a document, modify it, and, once a final document is

achieved, sign the document for archival purposes. Similarly, consider internal

documents that are mandated to follow a stipulated routing with a signature required at

each step. A signer at step n is approving or verifying the document before it moves

forward to step n+1. If any changes are made at step n, all signatures at steps 1 to n-1

are invalidated.

While digital signature technology can easily be applied to our first example of

multiple signatures on a single document, this is not the case for situations exemplified

by our second example. As we explain below, current digital signature technology does

not adequately deal with such environments, despite the potential efficiency gains and

improvements in accuracy over the current process. This provides our motivation to

identify an "operationally effective" electronic contract development management

system that includes appropriate roles for digital signatures and other software tools.

Given the inadequacy of current technology, we focus on structuring the requirements

and challenges in building such a system.

We begin with the details of a generic contract management process (Jarke, et

al., 1987; Lim and Benbasat, 1992; Nunamaker, et al., 1991; Rangaswamy and Shell,

1997) used, with minor variations, in most large corporations. Figure 6 presents an

overview of this process. The figure depicts the internal structure of a negotiating team

21
for only one of the two or more groups or "companies" involved in a negotiation

process. This reflects our focus on the internal process within an organization.

Location dependent External Project Team

Communications. Primarily Fax
Legal
based approval for distant Analyst
Representative
communications

Principal
External Organization
Contact

Emails, Voice for Upper Internal Project

discussion. Faxes for Management Team
signed documents

Figure 6 Typical Contract Negotiation Process

During the negotiation process, a contact person (or a group) receives the

communications from another party or parties. A contract is usually built in several

steps. In each step the negotiating parties come to tentative agreements on one or

more parts or a subset of the contract. Most tentative agreements need to be "initialed"

or tentatively signed by the principals from both organizations. However, before the

principals sign any tentative agreements, they typically need to get approval from

several members of the project team both internal and external to the organization.

Examples of external team members include lawyers and consultants, while examples

of internal team members include subject matter experts, CIO, CEO, or other key

22
management personnel. Typically, each of the individuals involved in the progressive

sign-offs are able to make modifications to the tentative documents or add conditions

before signing off. Thus, the final document that the principal receives and sends back

to the other party may have several changes and/or addendums. In addition, the

original document is hardly ever the copy on which all modifications are made.

Modifications are made on hard copies, quite often a faxed version of the original.

Several inefficiencies in this process are readily apparent. First, each copy of

the tentative agreement (from various individuals) needs to be archived as a proof of

approval. Second, the additions and conditions to the original documents need to be

compiled and sent to all of the team members again before final approval can be made

because of the need to cross validate concerns. Third, the archival system for paper is

inefficient and prone to errors/mishandling. Fourth, while most organizations accept

faxed signatures, it is not a secure process. Finally, the time consumed by the process

is needlessly extended because of several iterations of the aforementioned process in

each step of contract negotiations.

It is not difficult to imagine the efficiencies that an electronic process can bring to

the table. First, a document management system can enhance the accessibility of a

document both internally and externally. Second, the most recent copies of the

document can be presented to an individual when a document is requested. Third,

document access and modifications can be tracked. Fourth, the archival process is

less prone to errors/mishandling. Finally, the digital signatures can be used to conduct

the process in a more secure manner. Figure 7 presents the process of what we

loosely term an "ideal internal contract negotiation mechanism" from the perspective of

23
a member of the project team. As discussed above, an organizational digital ID

(ODigID) can facilitate efficiency in such internal processes.

When a new document needs signatures for approval from team members, a

call for signatures goes out. The document management system has to differentiate

whether or not the document was signed with or without modifications to the document

content. If an individual did not alter the document's content, then the signature is

stored. However, if the content is changed, then the document management system

has to figure out the changed parts, identify the owner(s) -- the original author of those

parts, and invalidate the signatures of those individuals (if present). The calculation of

the diff, i.e., the difference between the original and modified document is critical since

it identifies exactly what changes were made. All members of the team are always sent

all the modifications. However, the signatures are automatically invalidated only if the

content originally authored by that team member is altered. The team member can

always choose to withdraw (invalidate) their own signatures if they do not agree with the

modifications and choose to the document with additional changes.

As mentioned earlier, this is an "ideal" or goal system. To our knowledge no

such system exists. However, the misconception that such a system can currently be

constructed by integrating an off-the-shelf document management system (such as

LiveLink) and digital signature applications (such as the ones produced by RSA)

persists in large organization. Below we outline the critical pieces that are currently

missing from a digital signature framework for contract negotiations in specific, and

document management in general, in off the shelf applications. We also point out

where the desired applications should be added/modified or, in other words,

24
requirements for compatibility with the existing systems. However, to clearly define

these shortcomings, we first need to understand the capabilities of existing technology;

we do this by presenting a document management prototype and its capabilities in the

next subsection.

•Invalidate X’s signature

•Send Email with parsed
changes
•Reissue request for
signature

Document Server
Send Record
Email Actions Signature
•Request for
Approval
•Signature
Received with no
Modifications
•Signature
Team Member X Received with
Modification to
X’s changes
•Signature
Received with
•Send Email with parsed
Modifications but
changes
not to X’s part
•Signatures are not
invalidated unless explicitly
desired by X
•Create and store document “diff”
•Identify the “critical” individuals
•Mark and store modified and
unmodified documents

Figure 7 An Ideal Internal Contract Negotiation System

IV.II Current Status of Digital Signatures With Respect To Document Management

Figure 8 presents the conceptual diagram of a prototype document signing

system we developed. The system involves an integration of digital signature

25
technology with organizational single sign-on initiatives and a document management

system.

The prototype has three server components:

(i) A certificate server that issues digital certificates to a legitimate user verified
by a secure ID server. The certificate server handles users' certificate
enrollment, download, verification and revocation;
(ii) A secure ID server that uses existing PKI and LDAP based architecture to
verify individuals' identity. In an operational setting (after a user enrolls for a
digital certificate the first time) the secure ID server works with distributed
certificate server to produce a digital certificate on demand in a secure
manner; and,
(iii) A distributed certificate architecture, in our case enabled by the RSA's
Web Passport server. The distributed certificate architecture allows users to
download and use certificate from any computer without saving certificate to
local disk, the feature that provides user mobility and certificate security.

This prototype enables the document workflow architecture depicted in figure 9.

The process has the following steps (NB. - we have combined the one-time process of

registration with the certificate server from the description with the retrieval of certificate,

which needs to be done repeatedly only if a user needs mobile access to his/her digital

signature):

Retrieve certificate - Before starting to sign documents with a digital signature,

users need to download a personal certificate from certificate server to their
PC. This can be done by submitting on-line authentication to certificate server
or by using plug-in certificate tools (e.g., RSA web passport). Certificate can be
stored in user’s PC for future use or deleted right after signing.

26
 Prototype Infrastructure
Dell GX 110
CPU: 730MHz (233 MHz min.)
RAM: 256MB (128 MB min.)
Hard Disk: 14.2 G (250 MB min.)

Certificate Server
User’s Desktop •Windows NT 4.0 Server with service pack 6
•Windows NT 4.0 •Netscape Enterprise Sever 3.6
•IE 5.5 or Netscape 4.75 •Java Runtime 1.2
•E-Lock Network •RSA Keon Certificate Server 5.5.1
•LiveLink Web Access •Web Passport One-Step
Connection
(TCP/IP)
Dell GX 110
CPU: 730Mhz
RAM: 256M
Dell GX 110 Hard Disk: 14.2 G
CPU: 730Mhz
RAM: 256M
Hard Disk: 14.2 G Web Passport Server
•Windows NT 4.0 Server with service pack 6
SecurID Server •Netscape Directory Server 4.12 (LDAP server)
•Windows NT 4.0 with service pack 6 •RSA Web Passport 1.0
•RSA ACE server 4.1 •Web Passport Virtual Card Manager

Figure 8 A Digital Signature Prototype

Obtain the document - Users can download document from any file server in
use. When a user is checking out a document, other users can be prevented
from obtaining that document with write access. However, many file servers
write file version information to the documents, which in turn invalidates digital
signatures.

Signing the document - User can use digital signature plug-in tools that are
compatible with document creation software to sign or validate signatures on a
document. For the prototype, we used E-Lock, software that acts as a Microsoft
Office plug-in and is compatible with RSA products.

27
 Download certificate
(via IntraNet or InterNet)

Check out document Certificate Server

Verify Signatures
already on it

Sign document File server

Check in document

Verify all signatures finally

and lock down document Signing process manager

Figure 9 The Process Flow for Document Signing

Submit the signed document - After signing a document, users can check
document back into file server, which then lets other authorized users have
complete access to the document.

Locking down the document - When all individuals of the project team in the
contract process have signed a document, the document can be locked down
and moved to an access-controlled directory in the file server.

The server side processes are responsible for the following tasks, which are

performed by the certificate server, file server and signing process manager:

28
 Identity Authentication - The Certificate Server checks a user’s identification
when the user submits their login information or by using other authentication
technologies (e.g., Biometrics) with the help of Secure ID Server.

Certificate issuance and revocation - Based on successful authentication, the

certificate together with a user’s private/public key pair is sent to the user by the
Certificate Server automatically or by a certificate administrator manually.

Document control – check in/out, version and lock down - The File Server keeps
control on document access and status.

Signing process management – setting up the name list and broadcasting

signature status - The Signing Process Manager sets up the signature control list
to decide who can sign what documents and broadcasts signature status to
relevant people.

In the next subsection we provide a requirement analysis of the digital document

signing process with respect to existing technology. In particular, we point out the

shortcomings of the current process when compared to the requirements just detailed.

IV.III Status Quo vs. the Requirements of Digital Document Signing

Clearly, the current digital signature technology is capable of providing signing

capabilities for a finalized document. However, the current technology is woefully

inadequate in dealing with transient stages of a document's development. In this

subsection we highlight some of the major issues and possible remedies or

enhancements to existing software to make digital signatures more useful in non-

transactional processes.

The most serious shortcoming of the current digital signature technology is the

binding of the signature to the entire document. In other words, a digital signature gets

29
invalidated if the document is altered in any way. In fact, if a different version of

software (such as Microsoft Word) is used to open a document, the document may

have all its previous signatures invalidated. We propose a modification based on

partial document ownership, soft signatures, and hard signatures. Partial

document ownership refers to assigning ownership of the content to an individual

when that individual changes part of a document. Clearly, partial document ownership

requires that a document be recognized as a collection of objects (for example,

paragraphs). Soft signatures are analogous to initials such that when an individual

chooses to sign a document with a soft signature, the signature does not get invalidated

with a modification to the document. Hard signatures are the traditional digital

signatures that get invalidated when the document is changed. If all three capabilities

were to be built into signing tools (such as Elock), an individual could then sign a

document such that all parts except for which that individual has partial ownership are

signed with soft signature while the parts with partial ownership are signed with hard

signatures. This process has the advantage that changes that an individual does not

have any concern with does not invalidate his/her signature.

In addition, automatic generation of differences between the old and modified

documents need to be completed and collated. This has to be different from simply

generating differences between the words (as in UNIX) in a document. The differences

have to be generated at the contextual level (for example at the level of sentences or

paragraphs). While document authoring software, such as Microsoft Word, provide

tracking capabilities, signing tools need to implement extraction capabilities to highlight

and pinpoint such changes for quick review of a changed document.

30
 Finally, the signing tools need to include automatic email capabilities so that all

the individuals who have signed the documents are notified either to review or re-sign

(see figure 7) as soon as the document is changed. Alternatively, this capability can be

integrated with the document management system.

The document management system (or repository) needs to keep track of

versions and differences between the current document and all previous versions.

Based on version information, the document management system must be able to

deliver the differences between the current document and the one previously viewed

and signed a given person.

Current off-the-shelf technologies do not support the signature process just

described. While developing and "adding in" the necessary capabilities is challenging,

this process is essential to make digital signatures useful in document management

applications such as contract negotiations. By supplementing the existing process of

hard signatures with processes for partial document ownership and soft signatures and

by incorporating an internal ODigID, organizations can begin to obtain the procedural

efficiencies and cost savings from our digital document management and signing

system.

V. MANAGERIAL IMPLICATIONS AND SUMMARY

With the new law taking effect, the digital signature process will be adopted by

companies or organizations to replace traditional ways of signing documents, especially

when more of these documents are transmitted over the Internet. We began here by

31
introducing the underlying concepts and the fundamental technologies involved in

digital signatures in this paper.

As Sprague (1995) pointed out, most organizations have a substantial set of

paperwork systems that have not been fully computerized because they are based on

documents rather than data records. We contend that while digital signature

technological tools exist, these tools were developed with limited business applications

- final transactions - as the focus. Today large corporations are driving their employees

towards paperless operations. Still, rather than redefining underlying workflow, the

focus is too often on adopting technology that fluidly fits into existing workflow rather

than considering how technological advances enables innovative workflow processes

that enhance efficiency and business effectiveness.

Digital signatures have natural applications in many business processes ranging

from archiving documents to the active workflow environment of contract negotiations.

This technology has the potential of moving beyond playing the role of supporting

organizational processes to actually enabling business processes. However, a different

paradigm needs to be established both for document management and for digital

signatures. In particular, documents have to be explicitly managed as a collection of

entities that can have multiple ownerships. The digital signatures have to be then

applied to the collection of entities as described in section IV, with soft or hard

signatures.

The framework proposed in Section IV identifies the current capabilities and

shortcomings of the digital signature process in the realm of document management.

In addition, we identify and illustrate an electronic document management process that

32
will significantly enhance the application of digital signature technology in a wide array

of business processes.

To benefit more fruitfully from computer technology advancements, more

significant research efforts need to be put in to study and design new technological

tools that allow managers to become more productive by enhancing the familiar

processes. Managers can play an active role in adoption and design of technology. In

doing so, they can actively help to reshape and increase the effectiveness of their

business processes. In this paper, we begin to demonstrate such efforts with respect to

future roles for digital signatures in organizational processes by focusing on

technological requirements to deliver the desired product – a secure and authentication-

based automated document management and contract negotiation system.

33
 REFERENCES

American Bar Association, "Digital Signature Guidelines Tutorial," posted at ABA site:
http://www.abanet.org/scitech/ec/isc/dsg-tutorial.html, 2001

Campbell, Jr., J.P., “Speaker Recognition: A Tutorial,” Proceedings of the IEEE, Vol.
85, No. 9, pp. 1437-1463, 1997.

Daugman, J.G., “High Confidence Visual Recognition of Persons by a Test of Statistical

Independence,” IEEE Transactions on Pattern Analysis and Machine Intelligence,
Vol. 15, No. 11, pp. 1148-1161, 1993.

Foroughi, A. and W.C. Perkins, “Ensuring Internet Security,” Journal of Computer

Information Systems, pp. 33-38, 1996.

Garfield, M.J. and P.G. McKeown, “Planning for Internet Security,” Information Systems
Management, Vol. 14, No. 1, pp. 41-46, 1997.

Hancock, B., “Security Views,” Computers & Security, Vol. 18, No. 5, pp. 372-390,
1999.

Jain, A.K., L. Hong, and S. Pankanti, “Biometric Identification,” Communications of the

ACM, Vol. 43, No. 2, pp. 90-98, 2000.

Jain, A.K., L. Hong, and S. Pankanti, “Biometrics: Promising Frontiers for Emerging
Identification Market,” Computer, Vol. 33, No. 2, pp. 90-98, 2000.

Jain, A.K., L. Hong, S. Pankanti, and R. Bolle, “An Identity-Authentication System Using
Fingerprints,” Proceedings of the IEEE, Vol. 85, No. 9, pp. 1365-1388, 1997.

Jarke, M., M.T. Jelassi, and M.F. Shakun, “MEDIATOR: Towards a Negotiation Support
System,” European Journal of Operational Research, Vol. 31, No. 3, pp. 314-334,
1987.

Lim, L.H. and I. Benbasat, “A Theoretical Perspective of Negotiation Support Systems,”

Journal of Management Information Systems, Vol. 9, No. 3, pp. 27-44, 1992.

Oppliger, R., “Internet Security: Firewalls and Beyond,” Communications of the ACM,
Vol. 40, No. 5, pp. 92-102, 1997.

Nunamaker, J.F. Jr., A.R. Dennis, J.S. Valacich, and D.R. Vogel, “Information
Technology for Negotiating Groups: Generating Options for Mutual Gain,”
Management Science, Vol. 37, No. 10, pp. 1325-1346, 1991.

34
Rangaswamy, A. and G.R. Shell, “Using Computers to Realize Joint Gains in
Negotiations: Toward an 'Electronic Bargaining Table',” Management Science, Vol.
43, No. 8, pp. 1147-1163, 1997.

Schneier, Bruce, Applied Cryptography: Protocols, Algorithms, and Source Code in C,

Second Edition, Wiley (New York), 1996

Sprague, R. H., “Electronic Document Management: Challenges and Opportunities for

Information Systems Managers,” MIS Quarterly, Vol. 19, No. 1, pp. 29-49, 1995.

Wildes, R.P., “Iris Recognition: An Emerging Biometric Technology,” Proceedings of the

IEEE, Vol. 85, No. 9, pp. 1348-1364, 1997.

Zhang, J., Y. Yan, and M. Lades, “Face Recognition: Eigenface, Elastic Matching, and
Neural Nets,” Proceedings of the IEEE, Vol. 85, No. 9, pp. 1423-1436, 1997.

35