Today, more than a dozen states allow digital signatures for signing a wide variety of engineering documents as a replacement for wet ink signatures, seals, and stamps. For those civil and structural engineers who haven’t yet used digital signatures, it’s likely it won’t be very long before you do. Because of this, it will be important to understand the “ins and outs” of how digital signatures are most commonly used by professional engineers. What does a digital signature do? — Not only does a digital sig- nature vastly improve security versus an electronic signature, it also verifies document authenticity of the signer and document integrity by providing proof of tampering (see Figure 1). How does a digital signature get applied? —Avoiding the complicated math associated with public key cryptography, the most important point to understand is that your digital ID will be tied to a public and private key pair (www.ssl2buy.com/wiki/what-is-a-public-and-private-key-pair) that although related are distinctly different (asymmetric). Your public key is widely distributed along with your digital certificate that identifies you and perhaps your company to all who receive your signed docu- ments. The associated private key is never shared since it’s the key that is used to apply your signature. The security of your private key is of the utmost of importance since a stolen or compromised private key is the equivalent of losing control of your driver’s license. Although digital certificates can be self-generated, publicly trusted digital signatures have several additional attributes. The certificate
issuer (e.g., GlobalSign) and user (e.g., professional engineer) must follow strict measures on how the certificate and associated private key is issued and maintained. The Certificate Authority (CA; https://searchsecurity.techtarget.com/ definition/certificate-authority) must: • comply with strict governance established by major browser and docu- ment work-flow providers such as Microsoft, Adobe, and Mozilla; • adhere to periodic audits to assure compliance; and • meet third-party (e.g., Adobe) policy and technical requirements. Policy and technical requirements identify verification (both the engi- neer and optionally his/her organization), detail how the signer’s pri- vate key is protected, and provide a mechanism to revoke certificates that are deemed compromised. The end user (professional engineer) must protect their private key, whether stored locally on a USB token or other approved security de- vice, or credential to invoke cloud signatures held by the CA. While these collective obligations provide engineers a bit of extra bur- den initially, the benefits compared with basic electronic signatures or non-public trusted certificates are wide reaching: • Recipients of signed documents are provided high assurances that the identity associated with the signature is authentic. • Instant interoperability — Default settings in Adobe Acrobat, Reader, Cloud Signature Consortium, Microsoft Office, and many other docu-
Research & Development Tax Credits Section 179D Energy Incentives Cost Segregation Studies
FROM INNOVATION TO INCENTIVE corporatetaxadvisors.com
19
august 2018
csengineermag.com
Made with FlippingBook Annual report