verifies your identity before issuing your certificate and you use that unique certificate to apply your digital signature, there is clear evidence on every document you sign that shows who signed the document, when it was signed, and who verified the signer. The digital signature must be under the sole control of the person using it —As discussed throughout this article, it’s critical to be certain a signature in the document was actually applied by the individual. All parties involved in the electronic document exchange need to know that you and you alone can apply your digital signature. For digital signatures, this comes down to protecting your signing cer- tificate because if someone has access to it, they can use it to digitally sign in your name. Storing your certificate on cryptographic hardware (e.g., FIPS-compliant USB token) is a common option for this and means that in order to apply your signature, you need the token itself and a password. In the case of theft of your physical hardware token, the thief would still need your token password to use your signing cre- dentials. When you’re ready to begin researching vendors, make sure they offer some kind of hardware certificate protection, and if not, that they have an alternative means of meeting this requirement. The digital signature must be linked to data in such a manner that if the data is changed, the digital signature is invalidated — Content integrity and protecting intellectual property is essential, especially for the engineering industry. You want to be certain that whatever is in the document you sign off on or publish can’t be altered. Fortunately,
applying a digital signature essentially creates a tamper-evident seal on the document. Part of the signature validation process (which happens automatically and behind the scenes when someone opens a signed document) involves comparing the content of the document before and after the signature was applied. If changes were made, an error message will appear (see Figure 2). Other benefits of digital signatures The benefits of going paperless have been clear for years, but signatures were often a sticking point —what is a secure electronic alternative and would that electronic signature be accepted legally? Fortunately, state electronic signature regulations are helping to answer both of those questions for engineering companies that want to make the switch. Digital signatures are the clear solution for professional engineers. Ca- pable of authenticating the signer, validating the signature, and ensuring content integrity — coupled with secure time-stamps — they meet the requirements highlighted above that are the basis to most state engi- neering electronic signature requirements. In fact, the California, Wash- ington, D.C., and Oregon laws referenced in this article all mention digital signatures specifically, as opposed to other types of electronic signatures. While there are other components needed to implement a fully electronic document workflow, when it comes to signatures, all signs are pointing to digital.
LILA KEE is GlobalSign’s (www.globalsign.com) general manager of the Americas and chief product officer.
StormRax BY
RE-ENGINEERED PEAK SERIES
Structural HDPE Products for all your Water Screening Needs. • 100% Maintenance Free • LightWeight
• Chemical Resistance • Outstanding Strength • UV Resistant
VISIT US AT: www.plastic-solution.com or CALL 1 (877) 877-5727 PYRAMID SERIES ROUND SERIES SLOPE SERIES FLAT SERIES BMP SERIES
21
august 2018
csengineermag.com
Made with FlippingBook Annual report