Digital signatures are valid substitutes to traditional inked signatures in many countries. Digital signatures, like inked signatures, may be used as evidence to show that a particular body of data was signed.
Generally, an individual may digitally sign data with an identifier that uniquely identifies that individual. Some identifiers, for example, include a cryptographic private key associated with a public certificate issued by a trusted certification authority to an individual. A unique identifier used to digitally sign data may later be used as evidence that this particular individual signed the data and that the data has not been tampered with since being signed. To help keep this identifier secure, many people store it on their local computer or on an external device, such as in a machine-readable card.
To sign data when software enabling the signature is not accessible locally, however, an individual's unique identifier may have to be accessed by a remote computer. But making a unique identifier remotely accessible, whether by storing the unique identifier remotely, sending it across a network, or otherwise, may compromise its security.
For example, data of network-accessed electronic documents, often called “network forms,” is primarily processed by network computers rather than individuals' local computers. Thus, data for network forms is often handled remotely by the network form's computer server. By so doing, the network form's computer server may perform many operations, thereby saving the individual's computer from having to do them. For instance, often the network form's computer server calculates a transform of the data to create rendering information, such as in Hyper Text Markup Language (HTML). The server then sends this information to the individual's network browser. The network browser interprets this information to render a view of the electronic document's data to the individual. The individual may then make edits through the view.
Conversely, the data itself—as opposed to rendering information based on it—is often not sent to or operated on by an individual's local computer because doing so causes various problems. To enable the individual's local computer to perform operations often done by the network form's computer server, the individual's computer often needs specialized software utilities. But having and downloading this software may have significant drawbacks, such as a local computer not having proper hardware requirements to use the software, a user not having training needed to properly use the software, and limitations to the network form caused by the software utilities being performed locally. Also, sending the software to the individual's computer may drain the resources of the network computer or cause substantial delays for the individual due to its large size relative to the rendering information.
Many network forms therefore, require that an individual's unique identifier be accessed by a remote computer for the individual to sign the network form. This access may compromise the security of the individual's unique identifier.