Data authentication

We are all familiar with the notion of data authentication in the form of the handwritten signature applied to the paper record. It is useful to ponder for a moment what properties a handwritten signature has that has resulted in it being accepted for data authentication for paper-based documents: A method to protect electronic information should share these properties to the maximum degree possible. One approach that has been proposed is to ``digitize'' a picture of a handwritten signature and append this picture to electronic documents. Unfortunately, this is essentially useless because this kind of ``signature'' does not depend on the document, so that it does nothing to authenticate electronic information. Systems of this type have been offered for sale in the past, but they offer essentially no security whatsoever, and serve only to make people feel comfortable with something that ``looks good''.

Kevin S. McCurley
Sat Mar 11 16:00:15 MST 1995