SSE Ltd, a subsidiary of Siemens AG, has developed a new digital signature system called TrustedDoc which it is showcasing at CeBIT in Hanover, Germany. Product manager, Alex Duncan says that the core concept underpinning the technology is the need to generate enough evidence about the signer to avoid legal repudiation at a later date.
To do this, SSE says it has built a number of features into its client/server based product. For example, the software complies with the WYSIWYS (what you see is what you get) requirement that exists in various statutes, and verifies the identity of the signatory by physical (smart cards) or biometric (retinal or fingerprint scans) authentication methods. The time of signature is also recorded, and to avoid the possibility of tampering with the PC’s local clock, SSE is proposing to use a ‘Trusted Time Stamping Authority’. Duncan says SSE is negotiating with a number of universities and other bodies who may fulfill such a function.
To ensure retrieval at a much later date, the signed document is then converted into an application-neutral format such as EDIFACT ( the United Nations Electronic Data Interchange for Administration, Commerce and Transport format) or Xml (eXtended Markup Language) and stored in a ‘secure archive’ which is provided by the software. Duncan says the system is at present based on German and US State law, but could be extended.
SSE has not yet revealed technical specification, but Duncan said the software is compatible with NT Server and Windows (with Solaris operability to follow soon) and scales up to 250,000 users. The system works within a public key infrastructure (PKI).
SSE is currently beta testing the TrustedDoc with a Scandinavian customer, says Duncan, adding that implementation took just two to three days and required only telephone consultation: We’ve tried to make it as easy as possible to implement at the client end, he said. Commercial availability is expected in June and pricing has not been decided.
