E-signature StrategiesE-signature Strategies

Alan S. KowlowitzAlan S. KowlowitzStrategic Policies, Strategic Policies,

Acquisitions and e-Commerce Acquisitions and e-Commerce NYS Office for TechnologyNYS Office for Technology

Outline of ClassOutline of Class

Overview of Electronic Signatures and Overview of Electronic Signatures and Records Act (ESRA)Records Act (ESRA)

Explanation of ESRA’s definition of an e-Explanation of ESRA’s definition of an e-signaturesignature

Available approaches to electronic signingAvailable approaches to electronic signing Guidance on selecting an e-signature Guidance on selecting an e-signature

approachapproach Records management implications of e-Records management implications of e-

signed e-recordssigned e-records

Overview of Electronic Overview of Electronic Signatures and Records Act Signatures and Records Act

(ESRA)(ESRA)

ESRA ESRA Chapter 4, Laws of 1999: Chapter 4, Laws of 1999: State Technology Law, Article 1State Technology Law, Article 1

E-records and e-signatures given the same E-records and e-signatures given the same legal validity as paper records and ink legal validity as paper records and ink signaturessignatures

OFT Electronic Facilitator overseeing OFT Electronic Facilitator overseeing implementationimplementation

Use of e-signatures and records is voluntaryUse of e-signatures and records is voluntary– Govt. must accept hard copies unless otherwise Govt. must accept hard copies unless otherwise

provided by lawprovided by law

ESRA ESRA Chapter 4, Laws of 1999: Chapter 4, Laws of 1999: State Technology Law, Article 1State Technology Law, Article 1

E-signatures and records can’t be used for:E-signatures and records can’t be used for:– Negotiable instrumentsNegotiable instruments– Instruments recordable under Art. 9 of the RPL Instruments recordable under Art. 9 of the RPL

(e.g., deeds)(e.g., deeds)– Other instruments whose possession confers titleOther instruments whose possession confers title– Documents affecting life and death (Wills, Trusts, Documents affecting life and death (Wills, Trusts,

Do-not-resuscitate orders, Powers of attorney, Do-not-resuscitate orders, Powers of attorney, Health care proxies)Health care proxies)

ESRA Amended by Chapter 314 ESRA Amended by Chapter 314 Laws of New York, 2002Laws of New York, 2002

Amends and expands the definition of Amends and expands the definition of “electronic signature” to comport with the “electronic signature” to comport with the federal E-Sign Lawfederal E-Sign Law– Authorizes the use of various e-signature Authorizes the use of various e-signature

approaches in NYSapproaches in NYS OFT retains its role as “electronic facilitator” OFT retains its role as “electronic facilitator”

and regulator of e-signature/record and regulator of e-signature/record Adopted into law on August 6, 2002Adopted into law on August 6, 2002 Final regulations published in May 2003 Final regulations published in May 2003 Revised ESRA Guidelines in processRevised ESRA Guidelines in process

ESRA Definition of an E-ESRA Definition of an E-signaturesignature

ESRA Definition of an E-signatureESRA Definition of an E-signature

an electronic sound, symbol, or process, an electronic sound, symbol, or process, attached to or logically associated with an attached to or logically associated with an electronic record and executed or adopted by electronic record and executed or adopted by a person with the intent to sign the record.a person with the intent to sign the record.– Affords the greatest possible flexibility in selecting Affords the greatest possible flexibility in selecting

an appropriate e-signature solution an appropriate e-signature solution – Sets some parameters on what constitutes an e-Sets some parameters on what constitutes an e-

signature under ESRAsignature under ESRA

ESRA Definition of an E-signatureESRA Definition of an E-signature

““[A]n electronic sound, symbol, or [A]n electronic sound, symbol, or process...”process...”– A wide range of “digital objects” may serve as an A wide range of “digital objects” may serve as an

e-signaturee-signature» Can be as simple a set of keyboarded characters or as Can be as simple a set of keyboarded characters or as

sophisticated as an encrypted hash of a e-record’s sophisticated as an encrypted hash of a e-record’s contentscontents

– Allows a process to serve as an e-signatureAllows a process to serve as an e-signature» Recorded events of accessing a system are associated Recorded events of accessing a system are associated

with the content to be signed to create a record of the with the content to be signed to create a record of the signer’s actions and intentsigner’s actions and intent

ESRA Definition of an E-signatureESRA Definition of an E-signature

““[A]ttached to or logically associated [A]ttached to or logically associated with ...”with ...”– An e-signature is attached to or logically An e-signature is attached to or logically

associated with an e-record during transmission associated with an e-record during transmission and storageand storage

» Can be part of the record or maintained separately but Can be part of the record or maintained separately but associated to the record through a database, index, associated to the record through a database, index, embedded link or other means embedded link or other means

» Link between e-record and e-signature must be Link between e-record and e-signature must be Created at signing and maintained during any Created at signing and maintained during any

transmissiontransmission Retained as long as a signature is needed which Retained as long as a signature is needed which

may be the record’s full legal retention periodmay be the record’s full legal retention period

ESRA Definition of an E-signatureESRA Definition of an E-signature

““[E]xecuted or adopted by a person with [E]xecuted or adopted by a person with intent to sign the record.”intent to sign the record.”– E-signature must express the same intent as a E-signature must express the same intent as a

handwritten onehandwritten one– Must identify an individual who will convey intentMust identify an individual who will convey intent– Practices that may help avoid confusion:Practices that may help avoid confusion:

» Allow the signer to review the record to be signedAllow the signer to review the record to be signed» Inform the signer that a signature is being appliedInform the signer that a signature is being applied» Format an e-record to contain accepted signature elementsFormat an e-record to contain accepted signature elements» Express signer’s intent in the record or a certificationExpress signer’s intent in the record or a certification» Require the signer to indicate assent affirmativelyRequire the signer to indicate assent affirmatively» Record and retain date, time, and the signer intentRecord and retain date, time, and the signer intent

Example of a signature certification statement from the Department of Tax and Finance International Fuel Tax Agreement (IFTA) report (return) filing application.

 

Available Approaches to Available Approaches to Electronic SigningElectronic Signing

E-signature ApproachesE-signature Approaches

Most e-signature approaches involve a Most e-signature approaches involve a number of technologies, credentials, and number of technologies, credentials, and processesprocesses– More accurate to think of a range of approaches to More accurate to think of a range of approaches to

e-signing rather than an array of stand-alone e-signing rather than an array of stand-alone technologiestechnologies

Approaches provide varying levels of Approaches provide varying levels of security, authentication, and record integritysecurity, authentication, and record integrity– Can combine techniques from various approaches Can combine techniques from various approaches

to increase the strength of the above-mentioned to increase the strength of the above-mentioned attributes attributes

Click Through or Click WrapClick Through or Click Wrap

Person affirms intent or agreement by clicking Person affirms intent or agreement by clicking a buttona button

ID information collected, authentication ID information collected, authentication process (if any) and security procedures can process (if any) and security procedures can vary greatlyvary greatly

Commonly used for low risk, low value Commonly used for low risk, low value consumer transactionsconsumer transactions

Personal Identification Number (PIN) or Personal Identification Number (PIN) or Password (“shared secret”)Password (“shared secret”)

Person enters ID information, PIN and/or Person enters ID information, PIN and/or passwordpassword

System checks that the PIN and/or password System checks that the PIN and/or password is associated with the personis associated with the person

Authentication is the first part of a process Authentication is the first part of a process that involves an affirmation of intentthat involves an affirmation of intent

If over the Internet, the PIN and/or password If over the Internet, the PIN and/or password is often encrypted using Secure Sockets is often encrypted using Secure Sockets Layer (SSL)Layer (SSL)

Digitized Signature and Signature Digitized Signature and Signature DynamicsDynamics

Digitized SignatureDigitized Signature– A graphical image of a handwritten signature often created A graphical image of a handwritten signature often created

using a digital pen and pad using a digital pen and pad – The entered signature is compared with a stored copy; if the The entered signature is compared with a stored copy; if the

images are comparable, the signature is validimages are comparable, the signature is valid     Signature DynamicsSignature Dynamics

– Variation on a digitized signatureVariation on a digitized signature– Each pen stroke is measured (e.g. duration, pen pressure, Each pen stroke is measured (e.g. duration, pen pressure,

size of loops, etc), creating a metric size of loops, etc), creating a metric – The metric is compared to a reference value created earlier, The metric is compared to a reference value created earlier,

thus authenticating the signerthus authenticating the signer

Shared Private KeyShared Private Key

Also known as “symmetric cryptography” Also known as “symmetric cryptography” E-record is signed and verified using a single E-record is signed and verified using a single

cryptographic keycryptographic key The key is shared between the sender and The key is shared between the sender and

recipient(s)recipient(s)– Not really "private" to the senderNot really "private" to the sender

A private key can be made more secure by A private key can be made more secure by incorporating other security techniquesincorporating other security techniques – Smart cards or other hardware tokensSmart cards or other hardware tokens in which the in which the

private key is storedprivate key is stored

Public/Private KeyPublic/Private KeyDigital SignaturesDigital Signatures

Also know as Asymmetric CryptographyAlso know as Asymmetric Cryptography Key Pair: Key Pair: Two mathematically related keysTwo mathematically related keys

• One key used to encrypt a message that can only One key used to encrypt a message that can only be decrypted using the other keybe decrypted using the other key

• Cannot discover one key from the other keyCannot discover one key from the other key Private Key: Kept secret and used to create a Digital Private Key: Kept secret and used to create a Digital

SignatureSignature– Public Key: Often made part of a “digital certificate”and Public Key: Often made part of a “digital certificate”and

used to verify a digital signature by a receiving partyused to verify a digital signature by a receiving party Often used within a Public Key Infrastructure (PKI)Often used within a Public Key Infrastructure (PKI)

– Certification Authority(CA) binds individuals to private keys Certification Authority(CA) binds individuals to private keys and issues and manages certificatesand issues and manages certificates

Bob Alice

Encrypt message digest with Private KeyValidate message digest with Public Key

Hashalgorithm

Hi Alice

Sincerely, Bob

= 12345

Encrypts digest with Bob’s Private Key

12345 ##!FV+ =

Hashalgorithm

Hi Alice

Sincerely, Bob

= 12345

Decrypts digest with Bob’s Public Key

12345##!FV + =

Hi Alice

Sincerely, Bob ##!FV

Certificate

Digital Signatures Public/Private Key Cryptography

BiometricsBiometrics

Person’s unique physical characteristic are measured Person’s unique physical characteristic are measured and converted into digital form or profileand converted into digital form or profile– Voice patterns, fingerprints, and the blood vessel patterns Voice patterns, fingerprints, and the blood vessel patterns

present on the retinapresent on the retina

Measurements are compared to a stored profile of Measurements are compared to a stored profile of the given biometricthe given biometric

If the measurements and stored profile match, the If the measurements and stored profile match, the software will accept the authenticationsoftware will accept the authentication

Can provide a high level of authenticationCan provide a high level of authentication

Smart CardSmart Card Not a separate e-signature approach in itselfNot a separate e-signature approach in itself

– It can facilitate various e-signature approachesIt can facilitate various e-signature approaches A plastic card containing an embedded chipA plastic card containing an embedded chip

– Can generate, store, and/or process data  Can generate, store, and/or process data   Data from the card's chip is read by software Data from the card's chip is read by software

– After a PIN, password or biometric identifier is enteredAfter a PIN, password or biometric identifier is entered More secure than a PIN aloneMore secure than a PIN alone

– Both physical possession of the smart card and Both physical possession of the smart card and knowledge of the PIN is necessaryknowledge of the PIN is necessary

Can be used to overcome concerns with shared Can be used to overcome concerns with shared secret approach to e-signaturesecret approach to e-signature

Additional FactorsAdditional Factors

Each general approach to e-signing (e.g. Each general approach to e-signing (e.g. PINs and passwords vs. digital signatures) PINs and passwords vs. digital signatures) varies in terms of:varies in terms of:– Identifying the signer Identifying the signer – Attributing a signatureAttributing a signature– Securing the integrity of both the record and the Securing the integrity of both the record and the

signaturesignature

Each can increase security and reduce riskEach can increase security and reduce risk– Often independent of the technology selectedOften independent of the technology selected

Signer identification or registrationSigner identification or registration

Method or process used to identify and Method or process used to identify and authorize a signer to use an e-signatureauthorize a signer to use an e-signature– Independent of the e-signature or e-record Independent of the e-signature or e-record

technologytechnology– Critical component of any e-signature Critical component of any e-signature

solutionsolution– The stronger the identification method the The stronger the identification method the

more assurance that the appropriate more assurance that the appropriate person signedperson signed

Signer identification or registrationSigner identification or registrationMethodsMethods

Self-identification as part of the signing process Comparison of user supplied information with a

trusted data source Acceptance of a previously conducted and trusted

process where individuals personally presented themselves and proof of identities

Separate identification process to authorize the use of an e-signature where individuals personally present themselves and proof of identities

Signer AuthenticationSigner Authentication

Policy, process and procedures used to Policy, process and procedures used to authenticate the signerauthenticate the signer

Establish a link or association between the Establish a link or association between the signer and the information and method used signer and the information and method used to sign to sign

The strength of the authentication system, The strength of the authentication system, can protect against fraud and repudiationcan protect against fraud and repudiation

Signer AuthenticationSigner AuthenticationMethodsMethods

Something that only the individual knows:Something that only the individual knows: A A secret (e.g., password or Personal Identification secret (e.g., password or Personal Identification Number (PIN))Number (PIN))

Something the individual possesses:Something the individual possesses: A token A token (e.g., ATM card, cryptographic key or smart card)(e.g., ATM card, cryptographic key or smart card)

Something the individual isSomething the individual is:: A biometric (e.g., A biometric (e.g., characteristics such as a voice pattern or fingerprint)characteristics such as a voice pattern or fingerprint)

Two factor authentication:Two factor authentication: often includes use of often includes use of hardware device such as a smart cardhardware device such as a smart card

Signature attests to the record’s Signature attests to the record’s integrityintegrity

E-signature approaches provide varying levels of E-signature approaches provide varying levels of protection against unauthorized access or tampering protection against unauthorized access or tampering with the signed e-record with the signed e-record – Systems that manage signed e-records can provide Systems that manage signed e-records can provide

protection if they have controls protection if they have controls – Controls may be needed to ensure that the integrity of the Controls may be needed to ensure that the integrity of the

signed e-record is not compromised during transmissionsigned e-record is not compromised during transmission– Added security is provided by approaches in which signature Added security is provided by approaches in which signature

validation ensures that the e-record has not been modifiedvalidation ensures that the e-record has not been modified» Digital signatures

Selecting an E-signature Selecting an E-signature ApproachApproach

A business decision A business decision

not just a technical onenot just a technical one

Is an e-signature needed or Is an e-signature needed or desirable?desirable?

Review requirements and risksReview requirements and risks– Creating and maintaining signed e-records may Creating and maintaining signed e-records may

require more resources than unsigned onesrequire more resources than unsigned ones Consider the following questions:Consider the following questions:

– Is there a legal requirement for a signature? Is there a legal requirement for a signature? » Statute of Frauds requires certain contracts to be signedStatute of Frauds requires certain contracts to be signed» Specific laws and regulations require signaturesSpecific laws and regulations require signatures

– Is there a business need for a signature? Is there a business need for a signature? » Document that the signer attested to information’s Document that the signer attested to information’s

accuracy, agreed to conditions, and/or reviewed contentsaccuracy, agreed to conditions, and/or reviewed contents» Higher risk transactions may need the protection against Higher risk transactions may need the protection against

fraud or repudiation provided by e-signaturesfraud or repudiation provided by e-signatures

Business Analysis and Risk Business Analysis and Risk AssessmentAssessment

ESRA regs § 540.4 (c) rESRA regs § 540.4 (c) requireequire govt. entities to govt. entities to conduct and document a business analysis and risk conduct and document a business analysis and risk assessment:assessment:– identifying and evaluating various factors relevant to the identifying and evaluating various factors relevant to the

selection of an electronic signature for use or acceptance in selection of an electronic signature for use or acceptance in an electronic transaction. Such factors include, but are not an electronic transaction. Such factors include, but are not limited to, relationships between parties to an electronic limited to, relationships between parties to an electronic transaction, value of the transaction, risk of intrusion, risk of transaction, value of the transaction, risk of intrusion, risk of repudiation of an electronic signature, risk of fraud, repudiation of an electronic signature, risk of fraud, functionality and convenience, business necessity and the functionality and convenience, business necessity and the cost of employing a particular electronic signature process. cost of employing a particular electronic signature process.

Business Analysis and Risk Business Analysis and Risk AssessmentAssessment

Purpose:Purpose:– To identify and evaluate factors relevant to To identify and evaluate factors relevant to

selecting an e-signature approachselecting an e-signature approach – Does not proscribe a method or set a standard Does not proscribe a method or set a standard – Protects interest in the use of sound technology Protects interest in the use of sound technology

and practices when transacting business and practices when transacting business electronicallyelectronically

Business analysis and risk assessment Business analysis and risk assessment are two parts of an integrated processare two parts of an integrated process

Business AnalysisBusiness Analysis

Possible componentsPossible components– Overview of the business processOverview of the business process– Analysis of legal and regulatory requirementsAnalysis of legal and regulatory requirements– Identification of standards or accepted practicesIdentification of standards or accepted practices– Analysis of those who will use e-signatureAnalysis of those who will use e-signature– Determination of interoperability requirementsDetermination of interoperability requirements– Determination of costs of alternativesDetermination of costs of alternatives

Business AnalysisBusiness Analysis Overview of business process and Overview of business process and

transactiontransaction Purpose and originsPurpose and origins Transactions place within the larger business Transactions place within the larger business

processprocess Services to be delivered and their value Services to be delivered and their value Parties to the transaction and other Parties to the transaction and other

stakeholdersstakeholders Transaction’s workflowTransaction’s workflow

Business AnalysisBusiness Analysis Analysis of legal and regulatory Analysis of legal and regulatory

requirementsrequirements How the transaction must be conductedHow the transaction must be conducted Signature requirementsSignature requirements

– Are they specifically required, what records need to be Are they specifically required, what records need to be signed, who must or can sign, do they need to be notarizedsigned, who must or can sign, do they need to be notarized

Records related requirementsRecords related requirements– What records must be produced What records must be produced – How long do they need to be retained,How long do they need to be retained,– Who must or can have access to the recordsWho must or can have access to the records– Specific formats proscribed for the creation, filing or Specific formats proscribed for the creation, filing or

retentionretention– Confidentiality requirementsConfidentiality requirements

Importance of the parties’ identities to the transactionImportance of the parties’ identities to the transaction

Business AnalysisBusiness Analysis

Identification of standards or accepted practices on Identification of standards or accepted practices on how e-transactions are conducted and e-signedhow e-transactions are conducted and e-signed– May be key factor in selecting a solutionMay be key factor in selecting a solution

Analysis of parties to e-signed transactionAnalysis of parties to e-signed transaction– NumbersNumbers– LocationLocation– Demographic characteristicsDemographic characteristics– Access to technologyAccess to technology– Accessibility requirementsAccessibility requirements– Prior business relationshipsPrior business relationships

Business AnalysisBusiness Analysis Interoperability requirementsInteroperability requirements

Compatibility with an existing technology Compatibility with an existing technology environment environment

Interoperability or consistency with Interoperability or consistency with approaches used by partnersapproaches used by partners– Governmental or privateGovernmental or private

Leveraging an existing and proven solutionLeveraging an existing and proven solution

Business AnalysisBusiness Analysis Cost of alternative approachesCost of alternative approaches

Hardware and software purchasesHardware and software purchases Implementing additional policies and Implementing additional policies and

proceduresprocedures Personnel to implement policies, Personnel to implement policies,

procedures, or services procedures, or services Training costsTraining costs Maintenance costs including help desk Maintenance costs including help desk

and user supportand user support

Risk AssessmentRisk Assessment

E-signatures may serve a security function E-signatures may serve a security function – They usually include signer authenticationThey usually include signer authentication– Some approaches provide message Some approaches provide message

authentication and repudiation protectionauthentication and repudiation protection

Selection of an e-signature solution includes Selection of an e-signature solution includes identifyingidentifying – Potential risks involved in a signed e-transactionPotential risks involved in a signed e-transaction– How e-signature approaches can address those How e-signature approaches can address those

risksrisks

Risk AssessmentRisk Assessment

RiskRisk is the is the likelihoodlikelihood that a that a threatthreat will exploit a will exploit a vulnerabilityvulnerability, and have an adverse , and have an adverse impactimpact– ThreatThreat is a potential circumstance, entity or event capable of is a potential circumstance, entity or event capable of

exploiting vulnerability and causing harmexploiting vulnerability and causing harm– VulnerabilityVulnerability is a weakness that can be accidentally is a weakness that can be accidentally

triggered or intentionally exploitedtriggered or intentionally exploited– ImpactImpact refers to the magnitude of harm that could be refers to the magnitude of harm that could be

caused by a threatcaused by a threat– Likelihood Likelihood that a threat will actually materializethat a threat will actually materialize

To assess risks an entity should identify and analyze To assess risks an entity should identify and analyze each of the aboveeach of the above

Risk AssessmentRisk AssessmentSources of threatSources of threat

– Parties to the transactionParties to the transaction– Governmental entity staffGovernmental entity staff– Malicious third parties such as hackers or Malicious third parties such as hackers or

crackerscrackers

Risk AssessmentRisk Assessment VulnerabilitiesVulnerabilities

RepudiationRepudiation – Possibility that a party to a transaction denies that it Possibility that a party to a transaction denies that it

ever took placeever took place FraudFraud

– Knowing misrepresentation of the truth or Knowing misrepresentation of the truth or concealment of facts to induce another to act to his or concealment of facts to induce another to act to his or her detrimenther detriment

IntrusionIntrusion – Possibility that a third party intercepts or interferes Possibility that a third party intercepts or interferes

with a transactionwith a transaction Loss of access to records Loss of access to records

– For business and legal purposesFor business and legal purposes

Risk AssessmentRisk Assessment Potential ImpactsPotential Impacts

Financial Financial – Average dollar value of transactionsAverage dollar value of transactions– Direct loss to the governmental entity, citizen or other entityDirect loss to the governmental entity, citizen or other entity– Liability for the transactionLiability for the transaction

Reputation and credibilityReputation and credibility– Relationship with the other involved partyRelationship with the other involved party– Public visibility and perception of programsPublic visibility and perception of programs– History or patterns of problems or abusesHistory or patterns of problems or abuses– Consequences of a breach or improper transactionConsequences of a breach or improper transaction

Productivity Productivity – Time criticality of transactionsTime criticality of transactions– Number of transactions, system users, or dependentsNumber of transactions, system users, or dependents– Backup and recovery proceduresBackup and recovery procedures– Claims and dispute resolution proceduresClaims and dispute resolution procedures

Risk Assessment Risk Assessment LikelihoodLikelihood

Motivation and capability of threatMotivation and capability of threat Nature of the vulnerability Nature of the vulnerability Existence and effectiveness of controlsExistence and effectiveness of controls A threat is highly likely where: A threat is highly likely where:

– Its source is highly motivated and capableIts source is highly motivated and capable– Controls are ineffectiveControls are ineffective

Risk AssessmentRisk AssessmentRisk MatrixRisk Matrix

High Risk =11-16 Medium Risk =8-10 Low Risk =4-7 Negligible Risk =1-3

Select an E-signature SolutionSelect an E-signature Solution

Balance business concerns (e.g., user Balance business concerns (e.g., user acceptance and ease of deployment) with risk acceptance and ease of deployment) with risk reductionreduction

Identify overriding concernsIdentify overriding concerns– An overriding factor might be compatibility with an An overriding factor might be compatibility with an

existing standard or solution existing standard or solution – Cost may be an overriding factor where risk is lowCost may be an overriding factor where risk is low

Cost-Benefit AnalysisCost-Benefit Analysis

Can help entities decide on how to allocate resources Can help entities decide on how to allocate resources and implement a cost-effective e-signature solutionand implement a cost-effective e-signature solution– Used to evaluate feasibility and effectiveness for each Used to evaluate feasibility and effectiveness for each

proposed solution to determine which are appropriate proposed solution to determine which are appropriate – Can be qualitative or quantitativeCan be qualitative or quantitative– Demonstrates that a solution’s cost is justified by reducing Demonstrates that a solution’s cost is justified by reducing

riskrisk Cost-benefit analysis can encompass the followingCost-benefit analysis can encompass the following

– Determining the impact of implementing the solutionDetermining the impact of implementing the solution– Determining the impact of not implementing it Determining the impact of not implementing it – Estimating the costs of the implementation Estimating the costs of the implementation – Assessing costs and benefits against system and data Assessing costs and benefits against system and data

criticalitycriticality

Documenting a Business Analysis and Documenting a Business Analysis and Risk AssessmentRisk Assessment

ESRA regulation requires that the BA and RA be documentedESRA regulation requires that the BA and RA be documented – How, or in what detail is up to the governmental entityHow, or in what detail is up to the governmental entity

Minimum documentation should coverMinimum documentation should cover– Process used including factors mentioned in the ESRA Process used including factors mentioned in the ESRA

regulationregulation– Result and decision reached including justificationResult and decision reached including justification

The resulting documentation should beThe resulting documentation should be– Accurate and readily availableAccurate and readily available– Clear and understandable to an outside audience Clear and understandable to an outside audience – Retained as long as the e-signature solution is usedRetained as long as the e-signature solution is used

Signed E-records Management Signed E-records Management IssuesIssues

Signed E-records Management Signed E-records Management IssuesIssues

Same issues as with unsigned e-records Same issues as with unsigned e-records – Focus is on the system and businesses processes Focus is on the system and businesses processes

that produce the e-recordthat produce the e-record

Preserving links between e-signed e-record’s Preserving links between e-signed e-record’s components is criticalcomponents is critical– Components provide evidence to support the Components provide evidence to support the

reliability and authenticity of the signed e-recordreliability and authenticity of the signed e-record– May actually constitute the e-signature itselfMay actually constitute the e-signature itself

Signed E-records Management Signed E-records Management IssuesIssues

Key challenges faced in maintaining e-Key challenges faced in maintaining e-signed e-recordssigned e-records– Determining what needs to be retained to Determining what needs to be retained to

constitute a valid signed e-recordconstitute a valid signed e-record– Preserving the association between the Preserving the association between the

signed e-record’s various components over signed e-record’s various components over timetime

Determining what needs to be retainedDetermining what needs to be retained

Cannot predict what the courts will requireCannot predict what the courts will require– Difficult to determine what information will be neededDifficult to determine what information will be needed

BA/RA used to select approach can help determine BA/RA used to select approach can help determine what needs to constitute the signed e-recordwhat needs to constitute the signed e-record

E-signature method will partially determine what will E-signature method will partially determine what will be retainedbe retained– Digital object: Maintain the ability to revalidate e-signaturesDigital object: Maintain the ability to revalidate e-signatures– Signature process: Maintain adequate documentation of the Signature process: Maintain adequate documentation of the

e-signature’s validitye-signature’s validity

Determining what needs to be retainedDetermining what needs to be retained

Digital object (encrypted hash, digitized signature, Digital object (encrypted hash, digitized signature, signature dynamic, other biometric)signature dynamic, other biometric)– Evidence that the e-signature was electronically validatedEvidence that the e-signature was electronically validated– Functionality and records needed to revalidatedFunctionality and records needed to revalidated– Vary according to the technology or approach usedVary according to the technology or approach used

» Digital signature: public key of the presumed signer Digital signature: public key of the presumed signer decrypted the message digest/hash and the hashes decrypted the message digest/hash and the hashes matchedmatched

» Biometric: biometric profile of the signature matched the Biometric: biometric profile of the signature matched the stored profilestored profile

Determining what needs to be retainedDetermining what needs to be retained

Signature is a process (PIN, password, Signature is a process (PIN, password, click wrap)click wrap)– Signature does not exist as a discreet Signature does not exist as a discreet

object and can’t be revalidatedobject and can’t be revalidated– Adequate documentation that the e-Adequate documentation that the e-

signature was valid when it was created signature was valid when it was created must be retainedmust be retained

– No court decisions on the validity of an e-No court decisions on the validity of an e-signaturesignature» Can’t predict what the courts will requireCan’t predict what the courts will require

Determining what needs to be retainedDetermining what needs to be retained

Regardless of e-signature approach, entities Regardless of e-signature approach, entities should minimally retain documentation of the:should minimally retain documentation of the:– Signer’s identitySigner’s identity– Process used to identify and authenticate the Process used to identify and authenticate the

personperson– Date and time an individual was authenticatedDate and time an individual was authenticated– Signer’s intentSigner’s intent– Date and time that the signing process was Date and time that the signing process was

completedcompleted

Preserving the association between a signed Preserving the association between a signed record’s various componentsrecord’s various components

Systems can manage signed e-records’ componentsSystems can manage signed e-records’ components– Must be accounted for when systems are plannedMust be accounted for when systems are planned

E-records with long retention periods may need to be E-records with long retention periods may need to be migrated to a new system or stored offlinemigrated to a new system or stored offline– Need to preserve the association of their various Need to preserve the association of their various

componentscomponents– Should be planned and well documentedShould be planned and well documented– Conducted in the normal course of businessConducted in the normal course of business– Insure the records’ authenticity, integrity, and reliabilityInsure the records’ authenticity, integrity, and reliability

E-signature StrategiesE-signature Strategies

Questions and ConcernsQuestions and Concerns

NYS Office for TechnologyNYS Office for Technology

Strategic Policies, Acquisitions and e-CommerceStrategic Policies, Acquisitions and e-Commerce

518-473-0224518-473-0224

NYECOMNYECOM@oft.state.ny.us@oft.state.ny.us

http://www.oft.state.ny.us/esra/esra.htmhttp://www.oft.state.ny.us/esra/esra.htm