Edentiti

Private Identity Provider

• Contact
• Identification
• FAQ
• About
• Home

Electronic Signatures.

Electronic signatures are a concept of settling and signing electronic documents without the requirement of putting pen to paper. They are an effective means of bringing distant parties together to settle documents that would otherwise take days, weeks, and in some instances, months to sign.� Edentiti has developed a new system for electronic signatures and has asked Deacons to provide advice on the legal effectiveness of documents signed by this method.

Traditional written signatures are used to:

• verify the identity of the person signing; and
• establish an intention to sign and be bound by the relevant document.

We consider that electronic signatures made through Edentiti meet these requirements and more.

Edentiti’s electronic signature system:

• utilises asymmetric cryptography in a public and private key pairing system, making signatures almost impossible to forge;
• stores private keys with Edentiti, which are accessible only by the owner through secure biometric or pin number processes; and
• performs all transactions through Edentiti, allowing for a log of data including place, time and author of each transaction.

In our view, the effect of this is that electronic signatures made through Edentiti meet the following attributes of a valid “signature” in that Edentiti is able to:

• establish exactly who signed the electronic document;
• identify the time the document was signed;
• identify the place the document was signed; and
• show a person’s intention to sign a document by the fact that they contacted Edentiti to obtain the private key and that they are the only person who could have done so.

It is clear from this, that Edentiti’s system is even more secure than traditional written signatures, and in particular forgery would be more difficult than it is with written signatures, as Edentiti archive all of the above information, for all transactions, through their databases and have strict control over internal procedures and processes.

For these reasons, we believe that documents signed using Edentiti’s system would be legally binding.

A more detailed description of the system and reasons for advice is attached.

Electronic Signatures.

1. What are Electronic Signatures?

   An electronic signature can be characterised as a mechanism for uniquely identifying and authenticating a particular person or organisation when settling/signing legal documents.

   The development of electronic signatures allows parties to enter into relations in electronic media in a safe and legally binding manner.

2. How do Electronic Signatures Work?

   Electronic signatures utilise asymmetric cryptography, an encryption technique also known as public key cryptography, in which there is a key pair comprised of what is referred to as a public key and a private key.

   The public key is open to the public, as the name suggests, and the private key is one, which is private to the owner. This private key is used when settling/signing a document which corresponds with the public key.

   Through this mechanism of encryption it is impossible to connect the one key from the other, so that the private key cannot be compromised through knowledge of the associated public key. Further, the functions performed by one key can only be undone by the other key and electronic signatures are easily verified, using a reverse encryption process.

3. What Role does Edentiti play in Electronic Signatures?

   Essentially, it is the private key which is required when settling/signing a document for legal purposes, making the security of it imperative, as publishing the key would provide anybody coming into contact with it the power to settle/sign a document in the name of the owner of the private key. The security of the private key is limited to the lengths the owner of such a key goes to, to ensure its privacy.

   To assist in keeping the private key, private, Edentiti keeps the private key as a trusted third party in a secure location so that the only way the key can be used (not read or copied) is for the person who "owns" the key to identify themselves with some biometric process or secret.

   For example, it is only possible for owners of a key to use the key to encrypt a document if they enter a secret pin, or use their fingerprint, or use a voiceprint to identify themselves. The key itself is encrypted so that even if someone managed to copy the file with the keys in them, they would not be able to use them.

   Edentiti never copies the keys in their unencrypted state. Within Edentiti a program generates the key pairing, reducing the potential for compromise.

   Essentially the only way a key can be used is to use it within Edentiti itself but under strict constraints and only when the individual authorises it by identifying themselves.

4. Dispute Resolution

   As Edentiti is the occupier of the private key at all times, all transactions are performed through Edentiti. The effect of this is that a log of the transaction is kept with Edentiti as well as details of how the key was authorised for use (e.g. was a pin number entered from a particular telephone).

   Edentiti are also able to retrieve the information of the physical location from which the signature was made and are able to show that the person making the signature had made previous signatures using the same technique.

   With regard to internal forgery, Edentiti have procedures in place that would make it very difficult for this to occur. Edentiti have logs of transactions and the only possible way in which forgery might occur is if the fingerprint, or secret pin held by the owner of the private key were obtained.

5. Accidental Signing

   In an article by Paul Barnett LL.M [1], a concern that was raised with electronic signatures was the fact that a person may argue that they accidentally signed a document that they did not intend on signing.

   Such an example can be easily realised, as there are a number of publicised situations where emails have been mistakenly sent.

   However, such an argument would be difficult to sustain in a Court should the electronic signature have been provided through Edentiti, in the method described above, as the private key is kept with Edentiti.

   If and when a person wanted to sign a document, they would be required to contact Edentiti to obtain their private key, thereby showing their intention to sign the document. There would be no other reason for the person to contact Edentiti, and accordingly, the only way in which the signatory could sign the document would be by accessing the private key through Edentiti.

[1] The write stuff? Recent developments in electronic signatures, Paul Barnett, NSW Society for Computers and the Law: Journal: December 2001, http://www.nswscl.org.au/journal/46/Barnett.html

Back to FAQ