eSign on the dotted line

eSign on the dotted line

By Paul Montgomery

If you're signing a deal worth seven figures, you want to know that the record of the transaction is secure. Some industries are starting to set up a public key infrastructure (PKI) to use digital signatures to secure electronic documents, like the Federal Government with its Project Gatekeeper and the banking industry through the Australian Payments Clearing Association (see Image & Data Manager, September/October, page 10).

One essential part of a PKI is a certificate authority (CA), which keeps records of public keys to digital signatures. /p>

Gregg Rowley, MD of a new commercial CA called eSign, said that a PKI would typically be used in two applications: secure email, and e-commerce Web applications.

"On the Web application side, the business driver is the value of the transaction. The higher the value, the more likely the organisation is to need security, and the more likelihood that they would use digital signatures," he said.

This would be most true in business-to-business e-commerce where deals were being made with millions of dollars per transaction, according to Mr Rowley.

Mr Rowley said that even though his competitors had been in the industry longer, eSign would trade on the good name of VeriSign, in its role as VeriSign's Australian representative. This has only been made possible since March, when the American government relaxed its policy on allowing strong encryption software to be exported to Western countries, a shift which included an exemption for US-based security software developers like VeriSign.

PKI services are also a necessary component of a new technology called digital document delivery, which extends the concept of email to become as secure as courier services in real life. Mr Rowley said eSign was becoming involved in those kinds of installations, but organisations would have to look to third parties to provide the applications to run their digital document delivery services.

One of the criteria which will be used to evaluate certificate authorities will be accreditation by the Federal Government under Project Gatekeeper. Mr Rowley claimed eSign would gain "entry level" accreditation early next year.