Signing is a human activity that has evolved over time from a rigid, behind closed doors activity, to an online Web based experience. Barriers of space and time, i.e., all signers must be present at the same place and at the same time, have been broken to reflect our new way of interacting with one another in a fast paced global village. Even what we are signing is no longer restricted to paper documents.
The majority of the tools on the market today do not allow signers to digitally sign their documents. Instead, the tools themselves sign the documents on behalf of the signers. In practice, the tools use a single private key that belongs to the owner of the tool and sign all documents with it. The signer provides only his signature image. In the case of “signing as a service” where the signing engine resides somewhere on the Web and signers upload their documents and sign them online, not only all documents are signed using the private key of the Web site but signers are not even allowed to provide their signature images. Clearly these signing tools have lost their objectivity and instead of being a third party to the transaction they have become a participant.
Referring now to FIG. 1, there is shown a diagram a prior art location specific secure signature authentication system 100 currently used. As can be seen, traditional signing engines 100 require that all the signing activities take place in the same hardware. The document to be signed, the certificates to sign with, the clock to provide the timestamp, and the location info (i.e., hardware info) 104 are all present in the same hardware configuration and there is no need for any data to travel on networks. A traditional signing engine performs the three standard digital signature operations in the same physical hardware: the signing server. All documents are signed by the “server certificate” 106 and all digital signatures produced 108 are identical. The signer's credentials are ignored and never used.
As can be seen, the signature pads that are presently used, will not be able to fulfill these requirements.
Therefore, there is a need for a distributed system for multi-function secure verifiable signer authentication that is secure, highly available and inexpensive.