The basis of commercial and societal transactions are the agreements and other legal arrangements that individuals and entities make. When proof shows that a party agreed to, validated or otherwise affirmed a transaction, that party can be legally bound to the obligations undertaken in that transaction. When proof shows that a party sanctioned, condoned or affirmed an activity or statement that party can be held accountable for the truth of the statement or the consequences of the sanctioned act.
Businesses increasingly seek to further use the computer in eliminating paper and in reducing both the costs and the time involved in processing commercial and societal transactions. One obstacle to this goal is the need, whether legal, regulatory or otherwise, to effectively monitor and gather evidence of a party's assent to a document, transaction or event. As the advent of powerful computer systems and advanced computer networks continue the advance toward an era of electronically conducted business and legal transactions, the computer systems that enable this evolving means of commerce must be at least as convenient and reliable as the systems that people have used in the past to make agreements and arrangements. In essence, the computer systems must provide a means for storing legally credible evidence that confirms these agreements and arrangements and demonstrates the extent of a party's identity and the extent of the party's assent to them.
Throughout history, people have used a number of means to evidence an agreement, transaction or statement and memorialize a party's assent or validation. The use of a paper document, which fixes the terms of an agreement or transaction (or the statements for affirmation) to palpable pages, is a time-honored method for evidencing an agreement, transaction or statement. Commercial documents (e.g., contracts, bills of sale, credit card authorizations, invoices, notes, negotiable instruments and other commercial paper); documents of estate, title and transfer (e.g., wills, trusts, leases, assignments, easements and deeds); and documents of governmental compliance (e.g., permits, authorizations, applications, tax returns, and other filings) all constitute paper memorials of commercial transactions and arrangements. Statements used in legal proceedings, such as those in depositions, court testimony and affidavits are also set forth on paper. The printed record conveys a sense of permanence and provides a tangible record for storage and reference which is reasonably difficult to alter without detection.
To validate terms or statements, paper documents often contain the signatures of the agreeing parties. A signature on paper can take many different forms. Traditional signatures include handwritten signatures, such as, e.g., the signer's name, written in his or her own hand, the signer's initials, the signer's mark, fingerprints and other identifying body marks, typewritten initials and stamps or seals. Through custom, common usage and judicial recognition developed over many years, courts have come to recognize that a signature on paper may provide proof of both the identity of the signer and an affirming intent on behalf of the signing party.
Courts recognize that the identity of the signer may be proven by the forensic analysis of certain types of signatures on paper, such as handwritten signatures and fingerprints. Forensic analysis uses the uniqueness of a person's handwriting or other mark to verify the identity of the person who affixed the signature to the document. The analysis can either validate the signature or provide evidence that it is a forgery. Other types of signatures on paper, such as typewritten signatures, stamps or seals, can also be used as proof to establish a signer's identity when such signatures are combined with other collateral evidence.
In addition to providing proof of identity, courts also recognize (and people commonly understand) that a signature affixed to a paper document witnesses a party's affinning intentions. Such an affixed signature acts as evidence that the signing party enjoyed a full opportunity to review and understand the contents and implications of the signed document. In the case of a contract or a will, a signature provides evidence that the party affirms the document and agrees to the terms stated within. In the case of a loan application, tax return, deposition, affidavit or insurance contract, a signature certifies that the signing party believes that the statements in the document are true. In addition to such affirming uses, a signature can also act as a shield against repudiation (e.g., as in the case of a signed negotiable instrument).
Parties may combine the simple method of affixing a signature to a document with other procedures to provide additional evidence of both the identity of the signer and his or her affirming intention in signing the paper document. Witnesses and notaries are common requirements for certain documents--the witnesses and notaries provide extra assurance as to the signer's identity. A notary will attest inter alia that the signer: (i) presented him or herself to the notary; (ii) gave proof of identity such as a driver's license or birth certificate (proving that claimed identity of the signer matches the claimed identity in the document); and (iii) executed the document in the presence of the notary. This collateral evidence supports the contention that the signer was in fact the person identified by the signature on the document.
The parties to a transaction memorialized on paper may also take additional steps to prove that they have both read and understood the terms of an agreement. It is common for parties to initial each page (and sometimes each clause) of an agreement to indicate that they have read and understood the document and its terms. Sometimes parties will by handwriting, ink stamp or the marking of check boxes add special notations, such as date, time, location or text such as "under advice of counsel." Many agreements also contain specific clauses or articles such as the following: "The parties, intending to be bound by the foregoing provisions execute this agreement by placing their signatures below." Such additional evidence, used in combination with a valid signature, buttresses the signature as evidence of the signer's intent to affirm provisions or undertakings in a document, transaction or event. The additional evidence also helps people remember the purpose and context of the document, transaction or event.
People use means other than the paper document and its attendant memorialization process to affirm a document, transaction or event. For example, wills are commonly video taped; the act of reading a will aloud and memorializing it on video tape serves to bind the testator and evidence his intent. Raising one's hand and completing an oath in open court evidences one's affirmation of the testimony to follow; this oath is both heard by those in attendance and transcribed by the court reporter.
Society is today embracing the advantages of digital computer technology. A system for evidencing and affirming transactions and statements in digital, electronic format must now address basic issues long since resolved and accepted in terms of paper and other types of documentation: (i) the system must store records of the transaction provisions securely and reliably, with a level of assurance as to the integrity of that record; (ii) the system must be able to authenticate the signature or action that affirms the document, transaction, or statement as that of the affirming party; and (iii) the system must ensure that the person who signs (or executes an affirming act with respect to) the document, transaction or event affirms the document and enjoys a fair opportunity to understand its content.
Computer system developers have devised solutions which focus mainly upon the capture of "tokens" and "electronic signatures." Where, traditionally, a person signing a paper document would typically place his or her own written signature on a paper document to make a uniquely identifying mark, a person affirming a document by computer inputs a token--a virtual, electronic signature--by biometric, infometric or cryptographic means.
Biometric signatures include such electronic signatures as fingerprints, retinal scans, voice recordings and digitized handwritten signatures. A biometric signature captures a digital recording of either a physical attribute of the signer (such as a recording of the signer's voice, fingerprint or a scan or his or her retina) or the performance of an activity of the signer (such as the making of a signature with a pen-based digitizer, or the recital of a specific phrase by the signer).
Biometric signatures can also include statistical and other mathematical analysis of the digitally recorded data. For example, a pen-based signature capture system can analyze the pen strokes, timing and motions of the signer's hand as he or she inputs a signature. Algorithms exist that can take pen-based input (such as a handwritten signature), determine the fundamental characteristics of the input (such as the shape of the signature and other dynamics such as the speed and rhythm of the input) and represent the characteristics of the input in an electronic format. Algorithms also exist that can determine if a handwritten signature in electronic format is that of the same person. See. U.S. Pat. No. 5,544,255, U.S. Pat. No. 5,647,017, U.S. Pat. No. 5,109,426 (U.K. Application No. 9024383.3), U.S. Pat. No. 4,495,644 and U.K. Application No. 1480066, all expressly incorporated by reference herein.
Infometric signatures include such electronic signatures as, passwords, PIN numbers, access codes and personal information responses. An infometric electronic signature captures some piece of information that attests to the fact that the signer was someone who demonstrated knowledge of some fact or facts which were at the material time thought to be a secret known only to the signer. A common example is the use of a PIN to authorize release of cash from an automatic teller machine.
A cryptographic signature involves the encryption or transformation of a message with a key that is kept wholly or partially secret. One method for maintaining secrecy is to store the key in a Smart Card that will allow access to the key only when the card is inserted into a Smart Card reader and a password is entered. In a symmetric key system, the key used to create the signature is the same as the key used to verify the signature. In an asymmetric key system, the two keys are different. A so-called private key is used to create the signature, and its public counterpart is used to verify the signature. The cryptographic signature created with an asymmetric key system is typically called a "digital signature." See Digital Signature Guidelines, published Aug. 1, 1996 by the Information Security Committee, Science and Technology Section of the American Bar Association (the "ABA guidelines"). The ABA Guidelines describe the conventional thing on how a digital signature is created and verified using an asymmetric key system.
All electronic signatures, whether biometric, infometric or cryptographic, create (with varying degrees of evidentiary value) a link between the signer and the transaction. The currently available systems seek to associate the input of the token or signature with a record of the provisions of an electronic document or transaction. However, the systems have done little to collect other information surrounding the affirmation process--vital information that can both authenticate the signature as that of the affirming party or prove that the affirming party understood the provisions of the document or transaction and consciously assented to them. That information could be pivotal in the event of a legal dispute, for example, over whether obligations of a transaction should be enforced against the affirming party. If it cannot be shown that the party had a good chance to examine the transaction, then a court might decline to enforce the obligation undertaken.
Many system developers recognize that biometric signature capture systems have an advantage over other signature capture systems (infometric and cryptographic) in that a biometric system can capture unique data which can be used to prove the identity of the signer. For example, pen-based technology (the most commonly used biometric signature method) has evolved to the point where a signature entered electronically at the time of signing can be tied to an electronic document with a degree of reliability that is equal to or perhaps greater than the traditional process of affixing a handwritten signature to a paper document in terms of verifying the identity of the signer. It has been hoped that such biometric systems can be applied for widespread use in large networked system.
However, biometric signature capturing systems have a disadvantage in that they require special hardware at the signer's terminal for operation. A signer can "input" a physical or biometric-based signature into the computer only via special hardware (e.g., pen-based digital input devices, retinal scanners, fingerprint imaging hardware). The use of such hardware currently is not feasible for widespread use. For the most part, signers today indicate their identity and gain access to computer systems and computer documents through infometric and cryptographic signatures such as passwords, access cards and other keys.
There is a basic evidentiary difference between biometric signatures and other electronic devices. Whereas the biometric measurements taken can be used to uniquely identify the signer, other types of electronic signatures do not provide such reliable evidence of identity. Electronic signatures, such as passwords, access cards and other keys, are not considered fully secure, as they are easily transferable amongst users. In particular, they contain no unique ties to the "signer" which a computer can analyze to guarantee that the person inputting the electronic signature is in fact the person assigned to that signature. Passwords, access cards and keys can be stolen, compromised and misused by others; systems relying on such devices have no way to detect this misuse. The nature of computers, which allows for the easy copying and alteration of data, poses a special risk for any system where the user who input an infometric or cryptographic token was not the claimed affirming party.
It is possible, however, to buttress or raise the evidentiary level of a cryptographic or infometric signature by gathering additional collateral evidence to support the contention that the token was input by the person who is claimed to be the arming party. In traditional paper document systems, substitute "signatures" such as stamps, seals and other marks have been used in conjunction with collateral evidence to bolster the contention that the signature represents the assent of a genuine authorized party. An example of such collateral evidence might be the use of paper with printing, watermarking or compositions that are unique to the signer or his circumstances.
In the same way that computer systems must make extra provisions for validating the identity of an affirming party, they must also insure that the affirming party understood and assented to the terms of an electronic document. The levels of interface which are part of any computer systems can raise questions as to whether the affirming party fully reviewed, understood and agreed to the statements within an electronic document. A paper document, by its physical nature, can be easily examined and reviewed; there is a presumption that a paper document presented to an affirming party and signed must have been reviewed by the affirming party. In contrast, the virtual nature of an electronic document, which is hidden at all times from the affirming party (unless specifically viewed from a display) denies that presumption. Again, computer systems which affirm electronic documents, transactions and statements, must take additional measures to ensure that the affirmation process generates and stores sufficient information to verify the affirming party's intent.
Although all token, biometric, infometric and cryptographic signatures, can affix some symbol (each having varying evidentiary value) to a document, transaction or event they do not of themselves provide evidence of the affirming party's knowledge or intention with regard to the provisions or undertakings of the document, transaction or event. The token, in the virtual world, does not by itself bear witness to the actual conduct of the affirming party, or the context in which the electronic signature was affixed. For example, it might be that the private key of the affirming party passes into the custody of another person, who affixes the signature without the knowledge of the rightful owner. It might be that a third party or a computer system induced the affirming party to enter his personal token without being made to understand that he or she is affirming an electronic transaction thereby. Or, it might be that a person possessing a private key used it to only confirm the integrity and origin of a message (the message might be a mere draft of a potential contract), but not to show his or her intention to approve, sign and/or be held legally accountable for the words of the message.
As noted above, the significance of handwriting a traditional signature on paper is guided by culture, context, and the physical properties of paper, ink and the human hand. People know, as a result of life experience, that by performing the act of signing on a piece of paper the signer undertakes responsibilities according to the circumstances. Those circumstances include a physical and visually verifiable relationship between the paper, the words written on it, and the signature, and that relationship is reliably. For these reasons, a signature on paper is direct evidence of the intention of a person at a particular time.
The significance of an electronic signature, however, is compromised for two reasons. First, the computational affixation of a signature to an electronic transaction does not in and of itself evidence that the affirming party was aware that the affixation was occurring and was causing it to happen or show that the affirming party intended the affixation to carry any particular significance. Without a meaningful ceremony or procedure, akin to the existing simple procedure attending the signing of a paper transaction, there is no easily communicable instruction whereby an affirming party can be forewarned that a legally binding affirmation is occurring or that it carries any given import. Second, the systems currently available do not seek to collect a recording of the affirmation process to provide evidence of what ceremony was performed, how, in what context and with respect to which transaction. For example, the ABA Guidelines hold a person legally responsible for a message encrypted with the person's private asymmetric key, regardless of whether any signing ceremony occurred or anything is known about the context of the transaction.
Thus, there is an immediate need to create a more broad-based computer system for gathering and recording information concerning the affirmation of an electronic document. To make this system viable for the world of electronic commerce the system must work reliably and with a complete range of signature types. Such as system should operate with a capacity to generate a comprehensive transcript or record of the facts and circumstances associated with a party's action as they "sign" and "affirm" an electronic document. The transcript should provide evidence that the party both had and took advantage of the opportunity to understand the document and the significance of its affirmation, and further that the document was not signed due to fraud or deceit. A system possessing the ability to construct and maintain such an advanced and detailed transcript would be able to provide substantial evidence about the party's knowledge of and assent to a document, transaction or event.