Back to Safety & SecurityThe term "digital signature" is a term of art used to denote an electronic signature that has been produced through public key cryptography. Digital signatures are used to encrypt and authenticate both ends (customers and vendors) involving transactions in e-commerce. Digital certificates (signatures) are crucial in enabling Electronic Data Interchange (EDI)over the Internet because they provide the level of security EDI users need.[Kerstetter, 1997].
To create digital signatures, documents are sent an algorithm known as the "hash function" to create a "hash value", which creates a digital fingerprint of the document, with the encrypted result forming a digital signature. Laws regulating DS use have been passed by 30 states. [1].
The AICPA partnered with a private company to develop a CPA Webtrust Seal to ensure DS and to minimize security risks. Persons known as certification authorities will eventually function as cybernotaries in the realm of electronic commerce, verifiying electronically transmitted signatures and documentation. [2] Under the program, trained CPAs are available to dissect retailer's online transaction protocol from posting customer service numbers, to ensuring consumers' credit card information is exchanged securely and that the buyer gets what they paid for. Once the electronic retailers satisfy the transaction criteria, they can post the seal of CPA Web Trust on their cite.
Part of the current debate over authentication procedures for Internet business transactions is being driven by the marketing of cryptographic technology products. These computer security products resolve some of the problems of establishing identity and intent to be bound in a contract formed over an open network with the use of digital signature as the authentication procedure.
In the late 1980s and early 1990s, when the promise of public key cryptography for commercial applications was becoming more widely recognized, there were no legal precedents upon which to build a business model of a public key infrastructure. This lack of a recognized legal framework was felt to have a chilling effect on the development of commercial applications of public key cryptography, and it was this problem that the drafters of the Digital Signature Guidelines set out to address. [3]
AICPA organization. News Release. The AICPA launches the CPA Webtrust. April, 27, 1998. [On line] http://www.aicpa.org/news/p042798.htm[back to text]
Survey of State Electronic and Digital Signature Legislative Initiatives. Internal Law & Policy Forum. [On line] http://www.ilpf.org/digsig/UPDATE.HTM[back to text]
Back to Safety & Security
[1] Government site. Kentucky & other states digital signature act enacted. April 7, 1998. http://www2.echo.lu/legal/en/news/9804/chapter8.html#1[back to text]
[2] Jason, Richard and Closen, Michael. Cyberbusiness needs Supernotaries. The National Law Journal, Aug,25,1998 [On line] http://www.ljx.com/internet/0825cybernotary.html[back to text]
[3] Digital Signature Guidelines. American Bar Association.Information Security Committee, Section of Science & Technology American Bar Association, Digital Signature: Legal Infrastructure for Certification Authorities and Secure Electronic 3-4 (1996) [back to text]