• How Credentials Are Issued
  • Most credentials issued by or registered with the system require protection as they travel between registrant and system.
  • Credentials that are registered (rather than issued) may need the system to enforce strength requirements and—where issued by a third party—ensure authenticity.
  • Credentials that incorporate biometrics or include cryptographic keys will need specialized technologies to support them.
  • Credentials issued in connection with hardware tokens will require support for users' implementation.
• Approach to Binding Signatures to Document Content
  • Credentials that include cryptographic keys may execute signatures that are automatically bound to the document being signed by incorporating a message digest or hash value uniquely related to the document content.
  • Other kinds of credentials lack this functionality, and so require an independent approach to signature binding.
• How Signatures Are Validated
  • Signatures executed with third party credentials require interaction with the issuing authority to determine that the credentials are authentic.
  • Credentials that provide cryptographic keys may require decryption functionality for validation of the signatures they execute.
• How Signatures Are Included in the COR

  Credentials that are included "in the clear" in the signatures they execute (for example, as a PIN or password) need to be "shielded" in some way on the copies of record (COR), for example, by being encrypted or hashed.

Back | Next