Lesson 7: Key Decision 1 - Type of Credential Used
- How Credentials Are Issued
- Most credentials issued by or registered with the system require protection as they travel between registrant and system.
- Credentials that are registered (rather than issued) may need the system to enforce strength requirements and—where issued by a third party—ensure authenticity.
- Credentials that incorporate biometrics or include cryptographic keys will need specialized technologies to support them.
- Credentials issued in connection with hardware tokens will require support for users' implementation.
- Approach to Binding Signatures to Document Content
- Credentials that include cryptographic keys may execute signatures that are automatically bound to the document being signed by incorporating a message digest or hash value uniquely related to the document content.
- Other kinds of credentials lack this functionality, and so require an independent approach to signature binding.
- How Signatures Are Validated
- Signatures executed with third party credentials require interaction with the issuing authority to determine that the credentials are authentic.
- Credentials that provide cryptographic keys may require decryption functionality for validation of the signatures they execute.
- How Signatures Are Included in the COR
Credentials that are included "in the clear" in the signatures they execute (for example, as a PIN or password) need to be "shielded" in some way on the copies of record (COR), for example, by being encrypted or hashed.