Professional Documents
Culture Documents
Alok Gupta
Department of Information and Decision Sciences
Carlson School of Management
University of Minnesota
Minneapolis, MN 55455
Phone: (612) 626-0276
E-mail: agupta@csom.umn.edu
Y. Alex Tung
Department of Operations and Information Management
School of Business Administration
University of Connecticut
Storrs, CT 06269
Phone: (860) 486-6470
E-mail: atung@sba.uconn.edu
James R. Marsden
Shenkman Chair in e-Business
Department of Operations and Information Management
School of Business Administration
University of Connecticut
Storrs, CT 06269
Phone: (860) 486-4065
E-mail: jimm@sba.uconn.edu
Digital Signature: Use and Modification to Achieve Success in Next Generational E-Business
Processes
Acknowledgements
The concepts and ideas in this paper have been developed over the past two years in an attempt to adopt the leading
edge technologies for everyday business processes. The authors interacted with several high level and operational
managers along with several digital signature software providers. The operational managers helped in shaping and
refining the vision of an ideal digital signature process and helped identify the shortcomings/limitations of current
technology. We are also grateful to the students at UCONN’s edgelab who went in uncharted waters and helped
develop the prototype using cutting edge technology (RSA’s Web Passport) as it was being released for beta testing.
We are also thankful to the GE Capital managers at edgelab for their feedback and for helping and arranging the
necessary contacts and tools for this project. This work was partially supported by funding from the Treibick
Electronic Commerce Initiative, Department of Operations and Information Management, School of Business,
University of Connecticut. First author’s research is supported in part by NSF CAREER grant # IIS-0092780, but
does not necessarily reflect the views of the NSF.
Author Biographies
Alok Gupta
Alok Gupta is at present Associate Professor at the department of IDS at Carlson School of Management, University
of Minnesota. He formerly was an Assistant Professor at the department of OPIM at the University of Connecticut
from 1996 to 2001 where he served as co-director of the Treibick Electronic Commerce Intiative and on the edgelab
steering committee. His research has been published in several leading Information Systems, Computer Science, and
Economics Journals such as Information Systems Research, Communications of the ACM, Journal of Management
Information Systems, Decision Support Systems, Journal of Economic Dynamics and Control, Information
Technology and Management, Computational Economic, and numerous others. He was a recipient of the
prestigious NSF CAREER grant for his work on electronic market design and evaluation in 2001. Dr. Gupta serves
on the editorial board of Decision Support Systems and Brazilian Electronic Journal of Economics.
James R. Marsden
Dr. James R. Marsden, the Shenkman Family Chair in e-Business, came to UConn in 1993 as Professor and Head,
Department of Operations and Information Management, School of Business Administration, University of
Connecticut. Dr. Marsden currently serves as Executive Director of the Connecticut Information Technology
Institute, Executive Director of the Treibick Electronic Commerce Initiative, Director of the OPIM/SBA MIS
Research Lab, on the edgelab Steering Committee, and on the Advisory Board and Steering Committee of UConn's
CIBER. Dr. Marsden was a winner of the initial Chancellor's Award for IT Excellence and has a lengthy record in
market innovation and analyses, economics of information, artificial intelligence, and production theory. His
research work has appeared in Management Science; IEEE Transactions on Systems, Man, and Cybernetics;
American Economic Review; Journal of Economic Theory; Journal of Political Economy; Computer Integrated
Manufacturing Systems; Decision Support Systems; Journal of Management Information Systems, and numerous
other academic journals. Professor Marsden received his A.B. (Phi Beta Kappa, James Scholar, Evans Scholar)
from the University of Illinois and his M.S. and Ph.D. from Purdue University. Having completed his J.D., Jim has
been admitted to both the Kentucky and Connecticut Bar. He is an Area Editor of Decision Support Systems and
serves in a frequent external evaluator for major U.S. and international universities. He has held visiting positions at
the University of York (England), University of Arizona, Purdue University, and the University of North Carolina.
Alex Tung
Dr. Y. Alex Tung is currently an Associate Professor in the Department of Operations and Information Management
at the University of Connecticut. His research interests are applied artificial intelligence, expert systems,
telecommunications, and experimental economics. His research has appeared in Management Science, Journal of
Management Information Systems, Decision Support Systems, European Journal of Operational Research, Journal of
Multi-Criteria Decision Analysis, Journal of Computer Information Systems, Journal of Business Research and
numerous other journals.
1
Digital Signature: Use and Modification to Achieve Success in Next
Generational E-Business Processes
Abstract
A new law, the Electronic Signatures (E-Sign) in Global and National Commerce Act
(signed by then President Clinton on June 30, 2000 with an effective date of October 1,
2000), grants electronic signatures legal validity equivalent to traditional handwritten
counterparts. The intention of this law is to cut costs while providing more stringent
security. In the emerging e-commerce arena, electronic signatures hold great potential
for facilitating secure electronic transactions. But signatures are used in many critical
business processes that are prior to or independent of final transactions. Contract
development and numerous other processes entail a series of draft modifications and
sign-offs. Can electronic signatures provide cost savings and security in these
activities? In this paper, we
2
I. INTRODUCTION
A new law, the Electronic Signatures (E-Sign) in Global and National Commerce Act
(signed by then President Clinton on June 30, 2000 with an effective date of October 1,
counterparts. The intention of this law is to cut costs while providing more stringent
security. In the emerging e-commerce arena, electronic signatures hold great potential
for facilitating secure electronic transactions. But, as we illustrate, signatures are used
transactions.
"signer" and the document signed. The creation of digital signatures involves the
Combined with certificates issued by trusted third parties and enhanced by biometric
authentication tools, digital signatures are gaining a presence in the transaction or final
document arena. Our argument, however, is that the really significant benefits from
signatures from the more mundane digitized images of handwritten signatures, ” typed
notations such as ‘/s/ John Smith’, or even addressing notations, such as electronic
3
i) no need to print out documents for signing;
ii) reduced storage of paper copies;
iii) capabilities for improved management and access
(anytime/anywhere) of electronic versus paper documents;
iv) elimination of need for faxing or costly overnight mailing of
documents – reduction of cycle time to complete deals;
v) improved security of environment for document transmission; and.
vi) potential to support and enhance management processes outside
the “final signature” step.
of digital signatures and the digital signature process. Section III then outlines several
sign-off. We suggest the use of modified digital signature techniques and propose the
Authentication is any process through which one verifies certain information. One
may want to verify the origin of a document, the identity of the sender, the time and
date a document was sent and/or signed, the identity of a computer or user, and so on.
4
public key – second part of asymmetric cryptosystem used to verify the digital
signature; must be available to all those needing to verify digital signature;
and,
The ABA guidelines provide this summary of the digital signature process:
To sign a document or any other item of information, the signer first delimits
precisely the borders of what is to be signed. The delimited information to be
signed is termed the “message”…a hash function in the signer’s software
computes a hash result unique (for all practical purposes) to the message.
The signer’s software then transforms the hash result into a digital signature
using the signer’s private key. The resulting signature is thus unique to both
the message and the private key used to create it.
that create and verify digital signatures. While these systems use different algorithms,
5
they share the operational pattern described above. Figure 1 depicts the digital
hashing +
In addition to the signer and the recipient, a third party has come to play a
significant role in the digital signature process. Commonly referred to as the trusted
third party, this individual or entity commonly issues an electronic certificate verifying
that a particular public key is associated with a specific individual who holds the
corresponding private key. Often referred to as the certification authority, the trusted
third party in effect provides a service certifying authenticity of signer and document. In
fact, the trusted third party often digitally signs the certificate, a digital signature that can
be “certified” by yet another trusted third party. In fact, it is important to understand that
higher and higher levels of a hierarchy. What stops the process is the willingness of the
recipient, the one relying upon the validity of the original signature, to accept the original
6
signature as genuine. Clearly, efficiency in e-business applications is directly tied to
In fact, both the technology of digital signatures and the necessary legal authority
are now in place to attain such efficiency. Like other once “new” transaction processes
such as holding stocks in street names or using Federal Reserve notes rather than
silver or gold certificates, gains from convenience and efficiency paired with process
familiarity and the emergence of “long lasting” trusted third parties will drive the
MIS help desk, or any other verifiable controlling authority can act as the certification
authority and mitigate acceptance and use issues. Figure 2 presents a pictorial
Figure 2 A Sample Subscribed Digital ID for John Doe from XYZ Corp.
7
In this structure, each time someone sends a message, they attach their
Organization Digital ID (ODigID). The recipient of the message first uses the ODigID to
verify that the author's Public Key is authentic, then uses that Public Key to verify the
message itself. This way, only one Public Key, that of the certifying authority, has to be
centrally stored or widely publicized, since then everyone else can simply transmit their
certification in a distributed environment. One common way this can be achieved is via
printers and routers. Many network applications and utilities rely upon directory
of each service. As the number of applications and utilities relying on directories has
increased, the task of maintaining these separate directories has become increasingly
The goal of establishing the directory as the unified information source for the
enterprise can only be met if all the applications relying on the directory support a
8
common means of accessing and interpreting the information stored therein. Open
Employee
Public Key Database Network
Infrastructure Administration
Router
Conferencing Directory (DEN)
Email
(S/MIME) Single Sing-On Workflow
(HTTP)
the information in a directory is generally read much more often than it is changed.
Updates to a directory are typically simple changes to a single entry rather than read-
result, a directory does not, in general, require the complex transaction management or
roll back schemes supported by database products designed to support a high volume
queries.
9
A fully featured directory allows information to be replicated amongst multiple
decrease in the complexity of the replication protocols. This in turn can make the
These directories can then be used with Public Key Infrastructure (PKI), a
that verify and authenticate the validity of each party involved in an Internet transaction.
PKIs are currently evolving and there is no single PKI or even a single agreed-upon
standard for setting up a PKI. However, nearly everyone agrees that reliable PKIs are
necessary before electronic commerce can become widespread. While the majority of
organizations develop wholly in-sourced PKI solutions, there are several vendors for
potential uses both within a specific organization and in broader transaction contexts.
As described, digital signatures are currently only useful in a very limited arena. In the
material that follows, we suggest that the potential for digital signatures is far greater if
we are able to: 1) improve certain security aspects of the process, and 2) extend the
process and technology to facilitate common business practices that fall outside the
10
III. ENHANCED SECURITY
While digital signatures are already being used by companies such as Federal Express
in the physical world and BuyAndHold.com in the electronic world, the scope of current
applications is limited since the only requirement is to obtain the verification from a
customer that he/she agrees to the statements in a given document. The party that
requires the customer's signature produces the document. The customer does not
have the opportunity or the means to edit the document. Thus, the signed documents'
integrity can never be questioned. The signer's authenticity is not under question since,
in these environments, either the signer provides key personal information (in a secure
For electronic contracts and negotiations, where all the parties involved may
have opportunity and means to alter the document, a signature must meet the following
two properties:
to the extent that the key used was of the appropriate person. The key can be
occurrences.
11
Signer authentication can be enhanced by attaching unique identification traits of
electronic authentication technologies, which can serve this role. While some are
compare the following alternatives: traditional password, key cards, face recognition,
fingerprints, hand geometry, retina pattern, iris scan, voice, DNA, and hand-written
signature scan.
failure to authenticate, false acceptance rate, false rejection rate, ease of use, and
Ease of Use
12
We briefly explain each technology, followed by a comparison table (Table 1)
1) Traditional Password
This is the simplest and oldest way of authenticating a computer system user. It
is the most widely used authentication technology as of today. The technology is easy
security option when compared with other technologies. This is due to the frequency of
2) Key Cards
Traditional key cards are mostly magnetic strip cards that store the PIN or
password in the magnetic strip in the same way as we store data on a floppy disk. The
building upon exposing the card under a magnetic reader and passing the verification
process. In addition to very limited storage capabilities, key cards are vulnerable to
damage and to theft. Thus they provide little, if any, functionality greater than that of a
password. In fact, key cards can be viewed as the equivalent of carrying a PIN or a
password.
3) Smart Cards
A recent evolution of key cards is what has been termed "the smart card."
Identical in size and feel to credit cards, smart cards store information on an integrated
microprocessor chip located within the body of the card. These chips hold a variety of
information, from stored (monetary)-value used for retail and vending machines, to
13
secure information and applications for higher-end operations such as
depending on the chip capabilities. Smart cards allow thousands of times the
information storable on magnetic stripe cards. In addition, smart cards are more
reliable, perform multiple functions and are more secure because of high security
4) Face Recognition
Facial images are probably the most common biometric characteristic used by
analyzing the unique shape, pattern and positioning of facial features (Zhang, et al.,
1997). There are essentially two methods of processing the data: video and thermal
imaging. Standard video techniques are based on the facial image captured by a video
vessels underneath the skin. Currently, this technology suffers from lack of reliability.
users after minor changes such as a haircut, or identifying an individual as the same
individual when not wearing glasses as when wearing glasses (Dougman, 1993).
5) Fingerprints
A fingerprint is the pattern of ridges and furrows on the surface of a fingertip. All
fingerprints contain a unique physical characteristic called minutiae. These are the
discontinuities that interrupt the otherwise smooth flow of ridges. Minutiae are
distinctive among people. They are the basis for most finger-scan authentication. The
14
recent class study at the University of Connecticut's edgelab (see summary report from
that between 24 and 70 minutia points are sampled in a current typical optical
fingerprint reader. The analysis also indicated that, based on threshold value utilized,
the fingerprint technology generates false acceptances at a rate between 1:1,000 and
crimes, this technology has difficulty in user acceptability. Together, these factors
6) Hand Geometry
Hand geometry is based on the fact that virtually every person’s hand is shaped
differently and that the shape (which include measurements such as lengths and width
of the fingers and knuckles, etc.) does not change (after a certain age) significantly over
time. One major advantage of using hand geometry is that neither the environment
(e.g. humid weather) nor individual anomalies (e.g. dry skin) has significant effects on
system.
7) Retina Pattern
The retina is the layer of blood vessels at the back of the eyes. Digital images of
light into the eyes to capture the unique retina characteristics. An area known as the
fovea, situated at the center of the retina, is scanned and the unique pattern of the
15
performers. However, despite its accuracy, this technique is often thought to be
end user. The retinal scanner requires an individual to stand still while it is reading the
retinal information. Eye and retinal scanner are ineffectual with the blind and those who
have cataracts.
8) Iris Scan
The iris is the annular region of eye bounded by pupil and sclera (white of the
eye). Each iris is unique and even irises of identical twins are different. An iris
recognition system uses a video camera to capture the sample while the software
compares the resulting data against stored templates. One advantage of iris scan is
that it is extremely difficult to surgically tamper iris texture information and it is easy to
detect artificial irises (Wildes, 1997). In addition, the iris scan technology builds an
"iriscode" around the striations, coronas, and filaments. In fact, the false-accept rate is
78
purportedly (or theoretically) 1:10 . In the class study project at UConn's edgelab (see
advanced auto-calibration cameras were used, false rejects rarely occurred. The
edgelab class report offered the following three key summary points relating to iris
scan:
- Iris scan is functionally viable today for physical security and may be cost-
effective for large installations; and,
- Desktop iris scan is still relatively immature, but has strong future potential,
as next-generation cameras will have capability to provide high-compression
desktop video-conferencing and facial recognition for persistence.
16
9) Voice
unique speech characteristics, such as the frequency between phonetics. While voice
remote access, and inaccuracy. A person with a cold or laryngitis may have problems
using a speaker recognition system due to false rejection. In fact, the edgelab class
study indicates very poor false-reject rates linked to factors including throat congestion,
10) DNA
material spiraled around each other. Each strand contains a sequence of bases
same. The only difference between people (or any animal) is the order of the
base pairs. There are so many millions of base pairs in each person's DNA that
every person has a different sequence. Using these sequences, every person
altogether each person carries around 200,000 genes in each cell, comprising
three billion “base pairs” which makes the identifying task very time-consuming.
17
The technology of using DNA fingerprints as a sort of genetic bar code to identify
person from their handwritten signature. This is done by analyzing the shape, speed,
stroke, pen pressure, and timing information during the act of signing the signature.
Hand-written signature is natural and intuitive. The technology is easy to explain and
trust. The primary advantage it has over other types of biometric technologies is that
signatures are already accepted as the common method of identity verification. This
history of trust means that people are very willing to accept a signature based
verification system.
signature used to enhance the authenticating power of the process. As valuable as this
combination may prove to be, it is still limited to final document and signer
authentication. We argue in the next section that the adaptation of these techniques to
include partial document ownership, soft signatures, and hard signatures (all explained
below) enables new document management processes that hold the really significant
gains.
18
Performance Failure to False Rejection False Ease of Use Highly Secure
Factors Authenticate Rate Acceptance
Technologies Rate
E-Signature
Traditional Password
Key Cards
Face Recognition
Fingerprints
Hand Geometry
Retina Pattern
Iris Scan
Voice
DNA
Hand-written
Signature
* Filled circle indicates higher performance
19
Behavioral
Hand-written
Signature Scan
Objects Biometrics
Password
Face Retina Scan
Physical
As one would expect, initial applications of new information technologies have focused
on the most straightforward, "low hanging fruit." In many cases this has been
uses the public key of the receiver or his own private key to sign a document. When
the document reaches the designated receiver, it can be opened and verified by using
the appropriate key. Such applications are straightforward and do offer potentially
20
significant efficiency and cost savings gains. But such applications are only a small part
individuals may need to review a document, modify it, and, once a final document is
achieved, sign the document for archival purposes. Similarly, consider internal
documents that are mandated to follow a stipulated routing with a signature required at
each step. A signer at step n is approving or verifying the document before it moves
forward to step n+1. If any changes are made at step n, all signatures at steps 1 to n-1
are invalidated.
While digital signature technology can easily be applied to our first example of
multiple signatures on a single document, this is not the case for situations exemplified
by our second example. As we explain below, current digital signature technology does
not adequately deal with such environments, despite the potential efficiency gains and
improvements in accuracy over the current process. This provides our motivation to
system that includes appropriate roles for digital signatures and other software tools.
al., 1987; Lim and Benbasat, 1992; Nunamaker, et al., 1991; Rangaswamy and Shell,
1997) used, with minor variations, in most large corporations. Figure 6 presents an
overview of this process. The figure depicts the internal structure of a negotiating team
21
for only one of the two or more groups or "companies" involved in a negotiation
process. This reflects our focus on the internal process within an organization.
Principal
External Organization
Contact
During the negotiation process, a contact person (or a group) receives the
steps. In each step the negotiating parties come to tentative agreements on one or
more parts or a subset of the contract. Most tentative agreements need to be "initialed"
or tentatively signed by the principals from both organizations. However, before the
principals sign any tentative agreements, they typically need to get approval from
several members of the project team both internal and external to the organization.
Examples of external team members include lawyers and consultants, while examples
of internal team members include subject matter experts, CIO, CEO, or other key
22
management personnel. Typically, each of the individuals involved in the progressive
sign-offs are able to make modifications to the tentative documents or add conditions
before signing off. Thus, the final document that the principal receives and sends back
to the other party may have several changes and/or addendums. In addition, the
original document is hardly ever the copy on which all modifications are made.
Modifications are made on hard copies, quite often a faxed version of the original.
Several inefficiencies in this process are readily apparent. First, each copy of
approval. Second, the additions and conditions to the original documents need to be
compiled and sent to all of the team members again before final approval can be made
because of the need to cross validate concerns. Third, the archival system for paper is
faxed signatures, it is not a secure process. Finally, the time consumed by the process
It is not difficult to imagine the efficiencies that an electronic process can bring to
the table. First, a document management system can enhance the accessibility of a
document both internally and externally. Second, the most recent copies of the
document access and modifications can be tracked. Fourth, the archival process is
less prone to errors/mishandling. Finally, the digital signatures can be used to conduct
the process in a more secure manner. Figure 7 presents the process of what we
loosely term an "ideal internal contract negotiation mechanism" from the perspective of
23
a member of the project team. As discussed above, an organizational digital ID
When a new document needs signatures for approval from team members, a
call for signatures goes out. The document management system has to differentiate
whether or not the document was signed with or without modifications to the document
content. If an individual did not alter the document's content, then the signature is
stored. However, if the content is changed, then the document management system
has to figure out the changed parts, identify the owner(s) -- the original author of those
parts, and invalidate the signatures of those individuals (if present). The calculation of
the diff, i.e., the difference between the original and modified document is critical since
it identifies exactly what changes were made. All members of the team are always sent
all the modifications. However, the signatures are automatically invalidated only if the
content originally authored by that team member is altered. The team member can
always choose to withdraw (invalidate) their own signatures if they do not agree with the
such system exists. However, the misconception that such a system can currently be
LiveLink) and digital signature applications (such as the ones produced by RSA)
persists in large organization. Below we outline the critical pieces that are currently
missing from a digital signature framework for contract negotiations in specific, and
document management in general, in off the shelf applications. We also point out
24
requirements for compatibility with the existing systems. However, to clearly define
next subsection.
Document Server
Send Record
Email Actions Signature
•Request for
Approval
•Signature
Received with no
Modifications
•Signature
Team Member X Received with
Modification to
X’s changes
•Signature
Received with
•Send Email with parsed
Modifications but
changes
not to X’s part
•Signatures are not
invalidated unless explicitly
desired by X
•Create and store document “diff”
•Identify the “critical” individuals
•Mark and store modified and
unmodified documents
25
technology with organizational single sign-on initiatives and a document management
system.
(i) A certificate server that issues digital certificates to a legitimate user verified
by a secure ID server. The certificate server handles users' certificate
enrollment, download, verification and revocation;
(ii) A secure ID server that uses existing PKI and LDAP based architecture to
verify individuals' identity. In an operational setting (after a user enrolls for a
digital certificate the first time) the secure ID server works with distributed
certificate server to produce a digital certificate on demand in a secure
manner; and,
(iii) A distributed certificate architecture, in our case enabled by the RSA's
Web Passport server. The distributed certificate architecture allows users to
download and use certificate from any computer without saving certificate to
local disk, the feature that provides user mobility and certificate security.
The process has the following steps (NB. - we have combined the one-time process of
registration with the certificate server from the description with the retrieval of certificate,
which needs to be done repeatedly only if a user needs mobile access to his/her digital
signature):
26
Prototype Infrastructure
Dell GX 110
CPU: 730MHz (233 MHz min.)
RAM: 256MB (128 MB min.)
Hard Disk: 14.2 G (250 MB min.)
Certificate Server
User’s Desktop •Windows NT 4.0 Server with service pack 6
•Windows NT 4.0 •Netscape Enterprise Sever 3.6
•IE 5.5 or Netscape 4.75 •Java Runtime 1.2
•E-Lock Network •RSA Keon Certificate Server 5.5.1
•LiveLink Web Access •Web Passport One-Step
Connection
(TCP/IP)
Dell GX 110
CPU: 730Mhz
RAM: 256M
Dell GX 110 Hard Disk: 14.2 G
CPU: 730Mhz
RAM: 256M
Hard Disk: 14.2 G Web Passport Server
•Windows NT 4.0 Server with service pack 6
SecurID Server •Netscape Directory Server 4.12 (LDAP server)
•Windows NT 4.0 with service pack 6 •RSA Web Passport 1.0
•RSA ACE server 4.1 •Web Passport Virtual Card Manager
Obtain the document - Users can download document from any file server in
use. When a user is checking out a document, other users can be prevented
from obtaining that document with write access. However, many file servers
write file version information to the documents, which in turn invalidates digital
signatures.
Signing the document - User can use digital signature plug-in tools that are
compatible with document creation software to sign or validate signatures on a
document. For the prototype, we used E-Lock, software that acts as a Microsoft
Office plug-in and is compatible with RSA products.
27
Download certificate
(via IntraNet or InterNet)
Verify Signatures
already on it
Check in document
Submit the signed document - After signing a document, users can check
document back into file server, which then lets other authorized users have
complete access to the document.
Locking down the document - When all individuals of the project team in the
contract process have signed a document, the document can be locked down
and moved to an access-controlled directory in the file server.
The server side processes are responsible for the following tasks, which are
performed by the certificate server, file server and signing process manager:
28
Identity Authentication - The Certificate Server checks a user’s identification
when the user submits their login information or by using other authentication
technologies (e.g., Biometrics) with the help of Secure ID Server.
Document control – check in/out, version and lock down - The File Server keeps
control on document access and status.
signing process with respect to existing technology. In particular, we point out the
shortcomings of the current process when compared to the requirements just detailed.
transactional processes.
The most serious shortcoming of the current digital signature technology is the
binding of the signature to the entire document. In other words, a digital signature gets
29
invalidated if the document is altered in any way. In fact, if a different version of
software (such as Microsoft Word) is used to open a document, the document may
when that individual changes part of a document. Clearly, partial document ownership
paragraphs). Soft signatures are analogous to initials such that when an individual
chooses to sign a document with a soft signature, the signature does not get invalidated
with a modification to the document. Hard signatures are the traditional digital
signatures that get invalidated when the document is changed. If all three capabilities
were to be built into signing tools (such as Elock), an individual could then sign a
document such that all parts except for which that individual has partial ownership are
signed with soft signature while the parts with partial ownership are signed with hard
signatures. This process has the advantage that changes that an individual does not
documents need to be completed and collated. This has to be different from simply
generating differences between the words (as in UNIX) in a document. The differences
have to be generated at the contextual level (for example at the level of sentences or
30
Finally, the signing tools need to include automatic email capabilities so that all
the individuals who have signed the documents are notified either to review or re-sign
(see figure 7) as soon as the document is changed. Alternatively, this capability can be
versions and differences between the current document and all previous versions.
deliver the differences between the current document and the one previously viewed
described. While developing and "adding in" the necessary capabilities is challenging,
hard signatures with processes for partial document ownership and soft signatures and
efficiencies and cost savings from our digital document management and signing
system.
With the new law taking effect, the digital signature process will be adopted by
when more of these documents are transmitted over the Internet. We began here by
31
introducing the underlying concepts and the fundamental technologies involved in
paperwork systems that have not been fully computerized because they are based on
documents rather than data records. We contend that while digital signature
technological tools exist, these tools were developed with limited business applications
- final transactions - as the focus. Today large corporations are driving their employees
towards paperless operations. Still, rather than redefining underlying workflow, the
focus is too often on adopting technology that fluidly fits into existing workflow rather
This technology has the potential of moving beyond playing the role of supporting
paradigm needs to be established both for document management and for digital
entities that can have multiple ownerships. The digital signatures have to be then
applied to the collection of entities as described in section IV, with soft or hard
signatures.
32
will significantly enhance the application of digital signature technology in a wide array
of business processes.
significant research efforts need to be put in to study and design new technological
tools that allow managers to become more productive by enhancing the familiar
processes. Managers can play an active role in adoption and design of technology. In
doing so, they can actively help to reshape and increase the effectiveness of their
business processes. In this paper, we begin to demonstrate such efforts with respect to
33
REFERENCES
American Bar Association, "Digital Signature Guidelines Tutorial," posted at ABA site:
http://www.abanet.org/scitech/ec/isc/dsg-tutorial.html, 2001
Campbell, Jr., J.P., “Speaker Recognition: A Tutorial,” Proceedings of the IEEE, Vol.
85, No. 9, pp. 1437-1463, 1997.
Garfield, M.J. and P.G. McKeown, “Planning for Internet Security,” Information Systems
Management, Vol. 14, No. 1, pp. 41-46, 1997.
Hancock, B., “Security Views,” Computers & Security, Vol. 18, No. 5, pp. 372-390,
1999.
Jain, A.K., L. Hong, and S. Pankanti, “Biometrics: Promising Frontiers for Emerging
Identification Market,” Computer, Vol. 33, No. 2, pp. 90-98, 2000.
Jain, A.K., L. Hong, S. Pankanti, and R. Bolle, “An Identity-Authentication System Using
Fingerprints,” Proceedings of the IEEE, Vol. 85, No. 9, pp. 1365-1388, 1997.
Jarke, M., M.T. Jelassi, and M.F. Shakun, “MEDIATOR: Towards a Negotiation Support
System,” European Journal of Operational Research, Vol. 31, No. 3, pp. 314-334,
1987.
Oppliger, R., “Internet Security: Firewalls and Beyond,” Communications of the ACM,
Vol. 40, No. 5, pp. 92-102, 1997.
Nunamaker, J.F. Jr., A.R. Dennis, J.S. Valacich, and D.R. Vogel, “Information
Technology for Negotiating Groups: Generating Options for Mutual Gain,”
Management Science, Vol. 37, No. 10, pp. 1325-1346, 1991.
34
Rangaswamy, A. and G.R. Shell, “Using Computers to Realize Joint Gains in
Negotiations: Toward an 'Electronic Bargaining Table',” Management Science, Vol.
43, No. 8, pp. 1147-1163, 1997.
Zhang, J., Y. Yan, and M. Lades, “Face Recognition: Eigenface, Elastic Matching, and
Neural Nets,” Proceedings of the IEEE, Vol. 85, No. 9, pp. 1423-1436, 1997.
35