A digital signature is an electronic, rather than a written scribble that can be used to authenticate the identity of the sender.

It can also be used to ensure that the original content of the message or document that has been conveyed is unchanged. Digital signatures are easily transportable, cannot be readily repudiated or imitated, and can be automatically time-stamped.

Pretty simply stuff really. All the same it's safe to assume that when the Electronic Signatures in Global and National Commerce Act (E-Sign Act) goes into effect on Oct. 1, the law that grants e-mail the same legal leverage as a signed contract is sure to be tested in court.

A digital signature can be used with any kind of message, whether it is encrypted or not.

For example, let's say I send a final draft of my will to an attorney. I need to assure my lawyer that the document is unedited and verify that the will really is from me. All I have to do is cut-and-paste the document into an e-mail.

Using special software, I can translate my e-mail message into a mathematical summary of the document. The translation process is commonly known as hashing. I pickup a private key from a public authority to encrypt the hash. This is a one of a kind key, so the encryption transforms my common e-mail into my one-and-only digital signature.

At the other end of the e-mail message, my lawyer receives the document. To make sure it's intact and from me, my attorney makes a hash of the received message and uses my now public key to decrypt the hash and decipher the will. My attorney knows that the received message is valid and from me, only if the hashes match.

If you prefer tech speak, digital signatures are created and verified by cryptography, the branch of applied mathematics that concerns itself with transforming messages into seemingly unintelligible forms and back again. By using public key cryptography, digital signatures employ an algorithm using two different but mathematically related "keys." One key creates a digital signature by transforming data into a seemingly unintelligible form, and second key for verifies the digital signature by returning the message to its original form. Computer equipment and software utilizing two such keys are called an "asymmetric cryptosystem."

LATEST NEWS

Cisco, Red Hat in the Cloud: Friends or Enemies?
Small Businesses Betting on IT Investments
EMC Ups Bid for Data Domain; FTC Clears Merger
Oops! UK Spy Chief Unmasked on Facebook
China Locks Down Web After Riot

Anyway you talk about it, digital signatures and the issues surrounding the technology about to explode. Analysts are predicting great things for digital signatures forecasting that the financial and realty markets will be early adopters of authenticated e-mails.

Townsend Analytics anticipates that the traditional system of "open-outcry" trading in the U.S. could soon become obsolete, replaced by a fully electronic trading system that eliminates old inefficiencies. Forbes published a recent article that describes how we will be able to purchase a new house, with the click of a mouse.

The question that remains is whether the online public will trust an online system to deliver sensitive information over the Net.

The World Wide Web Consortium is one group that attempts to clearly define user benefits of the E-Sign Act by creating interoperable solutions to conquer Internet trust concerns.

W3C's mission in life is to develop interoperable technologies that help the Web reach its full potential. The organization believes it's critical that end users to be able to decide what e-mail content they can trust and more importantly, authenticate.

W3C contends that both needs are addressed by attaching hashing digital signatures into online documents. However, e-commerce security lapses and blunders have taken a toll on the industry and many users may require additional information for an e-mail to earn their trust.

In terms of e-commerce guarantees, "trust me" has taken the form of third party endorsements. TRUSTe seals of approval and VeriSign secure server certificates dot the dot-com industry.

But human nature may mandate other forms of verifying the authenticity of a binding e-mail transaction.

W3C believes that market forces have created a variety of software that overcomes the human trust barrier, but authenticity is another matter.

The W3C initiated a project designed to specify the framework, protocols, and formats that would address authenticity issues and hopes to produce an industry-wide method of implementing the core of its e-sign framework. The project remains on going, but the group maintains that it is steadfast in its goal to create interoperable solutions that conquer the problem of Internet trust.

Unfortunately, the formal requirements for legal transactions, including the need for signatures, vary in different legal systems. There is no global uniform legal consequence for failing to secure a transaction in a required format. Several counties still cut off the hand that thieves, would that punishment translate to having ones e-mail severed in digital terms?

Although the basic nature of transactions has not changed with the advance of technology, laws have only begun to adapt. Naturally the U.S. will step into the void and lead the way to develop first national, then worldwide standards for employing digital signatures across vertical industries.

Courtroom disputes over authenticated e-mail will eventually shape and guide digital signatures down the path of ubiquitous standards for origination and acceptance.

But that does not mean the legal and business communities will give up paper anytime soon. It will take time for the industry to develop new rules and practices that allow digital signature technology to make paper forms and contracts obsolete.

After all, we're going to have to have some bona fide back-up system in place that also stores e-contracts for safekeeping at both ends of a digitally signed e-mail.