Digital signatures

Digital Signature legislation refers to statutes, adopted by two states (Utah and California), and currently being considered in Georgia, sanctioning the use of digital signatures.

A digital signature is a non-forgeable transformation of data (e.g., an electronic document or file) that allows the proof of the source with non-repudiation and the verification of the integrity of that data.

The technology gives digitally signed electronic documents the same force in law as documents with handwritten signatures, and it enables government transactions that require a signature to be conducted over public and private computer networks without the need to exchange paper-based documents.

The Georgia legislation, Senate Bill 736, was introduced during the 1996 session of the Georgia General Assembly and is expected to pass during the 1997 session. It defines the issuing procedures, legal uses and implications that would allow a digital signature to be used with electronic documents, just as a handwritten signature is used with paper-based documents. The proposed statutes provide a more predictable legal framework for those who wish to use the technology.

The electronic signature came about as a result of an Electronic Commerce Consortium created in 1995. The consortium, which consisted of representatives from the legal business, education, banking and government sectors who were interested in using this system, helped prepare the bill, sponsored by Sen. Jim Tysinger (R-DeKalb).

It is anticipated that each participating computer user will generate a key “pair” that has two components – a private key and a public key. The system is designed so that one key can be made public without compromising its matching private key. The private key, known only to the user, is used to sign outgoing messages.

The public key, which is distributed to other users with whom the sender plans to exchange messages or files, can be used to verify the authenticity of the message. With both keys, users can exchange legally binding electronic documents.

The signatures are created using a two-step process: transforming the message into a mathematical form called a digest and encoding or encrypting the digest with the signer’s private key.

When appended to the original document, it creates a unique digital signature that can be verified by the recipient of a message.

To verify a message, the receiver must confirm that the public key certificate and public key were properly issued by an organization operating in accordance with legislative statutes, that the public key is still valid and that the digital signature was created using the signer’s private key.

Typical use might be:

* The mayor of Jesup wants to electronically send a vendor in Norcross a contract. He can use his digital signature to sign the contract rather than using his handwritten signature to sign a paper-based form of the contract;

* An Atlanta investor wants to submit a binding purchase contract for a piece of real estate in Darien. He can use his digital signature to legally sign his e-mail message;

* The county health department in Macon seeks instant verification and payment of a Medicaid claim by the state government. The department would digitally sign the request for information as a way to verify that it is the physician who seeks the information; and

* A state field director wants to authorize a purchase order in Augusta by using his digital signature to sign the order and initiate a purchase action. The electronic copy of the purchase order can be maintained and used later in a court of law to prove authorization if necessary.