Digital Signatures For Engineering Documents



Similar documents
Digital Signatures For Engineering Documents

Electronic Signatures Overview

Electronic Signatures Laws

IMT Standards. Standard number A GoA IMT Standards. Effective Date: Scheduled Review: Last Reviewed: Type: Technical

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM

FORM ADV (Paper Version) UNIFORM APPLICATION FOR INVESTMENT ADVISER REGISTRATION AND REPORT FORM BY EXEMPT REPORTING ADVISERS

Service Request Form

Issuing of qualifications and statement of attainment Policy and Procedures Version: 5.0 Last Modified: 12 February 2015

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments

Project Startup Report Presented to the IT Committee June 26, 2012

Transportation Allowance Program

Frequently Asked Questions About I-9 Compliance

A96 CALA Policy on the use of Computers in Accredited Laboratories Revision 1.5 August 4, 2015

Application for Inclusion of a Developed Practice Area in Professional Psychology for Purposes of Doctoral and Internship Program Accreditation

Issuing of qualifications and statement of attainment Policy and Procedures Version: 3.0 Last Modified: 1 March 2015

Checklist for Columbia State Community College s Course Creation Process

CERTIFICATION CRITERIA

9 ITS Standards Specification Catalog and Testing Framework

Wire Transfer Request

Hi-Tech will not be responsible if your hardware fails and you lose your residents medical record documentation and/or MDS records.

Document Management Versioning Strategy

Audit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd

DATE APPROVED March Version Date Comments / Changes 1.0 March 2011 Initial policy released

We will record and prepare documents based off the information presented

VCU Payment Card Policy

Merchant Processes and Procedures

NYU Langone Medical Center NYU Hospitals Center NYU School of Medicine

This document provides instructions on how to complete the Cheque Requisition Form.

Change Management Process

HEAL-Link Federation Higher Education & Research. Exhibit 2. Technical Specifications & Attribute Specifications

Agency Fund (Non-Student Org X-Fund) Guidelines Last Revision: 12/7/2009

UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES

Internal Audit Charter and operating standards

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply

Data Warehouse Scope Recommendations

Cyber Security Legislation Privacy Protections are Substantially Similar

CHARTER OF THE COMPENSATION COMMITTEE OF THE BOARD OF DIRECTORS OF UPLAND SOFTWARE, INC.

FHWA Compliance Assessment Program (CAP) Guidance

Multi-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company,

BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS

Access EEC s Web Applications... 2 View Messages from EEC... 3 Sign In as a Returning User... 3

THIRD PARTY PROCUREMENT PROCEDURES

Woodstock Multimedia, INC. Software/Hardware Usage Policy

Appendix A Page 1 of 5 DATABASE TECHNICAL REQUIREMENTS AND PRICING INFORMATION. Welcome Baby and Select Home Visitation Programs Database

1.2 Supporting References For information relating to the Company Hardware Request project, see the SharePoint web site.

Municipal Advisor Registration

BRILL s Editorial Manager (EM) Manual for Authors Table of Contents

To transform information into knowledge- a firm must expend additional resources to discover, patterns, rules, and context where the knowledge works

CCPRF. Request for Proposals. Monitoring Services. November 25, 2009

HSBC Online Home Loan Application Process

FREQUENTLY ASKED QUESTIONS ON THE EUCOMED ETHICAL BUSINESS LOGO

FINANCIAL OPTIONS. 2. For non-insured patients, payment is due on the day of service.

NAIC Replacement Requirements For Certain Life Insurance Policies And Annuity Contracts

GUIDANCE FOR BUSINESS ASSOCIATES

CDE Data Governance Program - CDE-Specific and SLDS (P20+) Programs

EMR Certification Comprehensive Care Management Billing Support Specification

TITLE: Supplier Contracting Guidelines Process: FIN_PS_PSG_050 Replaces: Manual Sections 6.4, 7.1, 7.5, 7.6, 7.11 Effective Date: 10/1/2014 Contents

Presentation: The Demise of SAS 70 - What s Next?

State Fleet Card Oversight Usage and Responsibilities

National Australia Bank Limited Group Disclosure & External Communications Policy

Request for Proposal. Saskatchewan Arts Board. Database Development. RFP Reference Number S AB-ADMIN001. Release Date Februar y 9, 2016

Malpractice and Maladministration Policy

Research Report. Abstract: The Emerging Intersection Between Big Data and Security Analytics. November 2012

LOUISIANA TECH UNIVERSITY Division of Student Financial Aid Post Office Box 7925 Ruston, LA 71272

COE: Hybrid Course Request for Proposals. The goals of the College of Education Hybrid Course Funding Program are:

Frequently Asked Questions about the Faith A. Fields Nursing Scholarship Loan

Data Protection Policy & Procedure

Licensing Windows Server 2012 for use with virtualization technologies

ACQUIRED RARE DISEASE DRUG THERAPY EXCEPTION PROCESS

Licensing Windows Server 2012 R2 for use with virtualization technologies

HarePoint HelpDesk for SharePoint. For SharePoint Server 2010, SharePoint Foundation User Guide

HIPAA Notice of Privacy Practices. Central Ohio Surgical Associates, Inc.

Stark Safe Harbor and Anti-Kickback Statute Exception. E-Prescribing and Electronic health Records Systems

ROSS RepliWeb Operations Suite for SharePoint. SSL User Guide

Mid North Coast Health Research Collaborative. APPLICATION GUIDELINES - Research Support Program

IN-HOUSE OR OUTSOURCED BILLING

The Cost Benefits of the Cloud are More About Real Estate Than IT

Title IV Refund Policy (R2T4)

RQ10.06 AACo Share Trading Policy

Aese. -z-62. PERFORMANCE GUIDELINES FOR TENURE AND PROMOTION. Department of Online Nursing. Approved by Tenured Faculty February 18, 2014

ADMINISTRATION AND FINANCE POLICIES AND PROCEDURES TABLE OF CONTENTS

How To Ensure Your Health Care Is Safe

MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER

Chris Chiron, Interim Senior Director, Employee & Management Relations Jessica Moore, Senior Director, Classification & Compensation

This report provides Members with an update on of the financial performance of the Corporation s managed IS service contract with Agilisys Ltd.

expertise hp services valupack consulting description security review service for Linux

RUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer

DALBAR Due Diligence: Trust, but Verify

JOINT BOARD OF MODERATORS GUIDELINES FOR CHECKING OUTPUT STANDARDS OF DEGREE PROGRAMMES

DisplayNote Technologies Limited Data Protection Policy July 2014

Standards and Procedures for Approved Master's Seminar Paper or Educational Project University of Wisconsin-Platteville Requirements

Directives to Hospitals in respect of Reporting Requirements under the BPSAA

Personal Data Security Breach Management Policy

Internet and Policy User s Guide

REQUEST FOR PROPOSAL FOR SHAREPOINT LEGISLATIVE MANAGEMENT SERVICES

NC3A SOA Techwatch Day Call for Presentations

Mobile Workforce. Improving Productivity, Improving Profitability

IT Help Desk Service Level Expectations Revised: 01/09/2012

CROPREDY SURGERY Dr J Wright & Dr B Tucker

Transcription:

OREGON DEPARTMENT OF TRANSPORTATION Technical Services Traffic-Radway Sectin Gemetrnics Unit 200 Hawthrne Avenue S.E. Suite B250 Salem, OR 97310 (503) 986-3103 Rn Singh, PLS Gemetrnics Manager Chief f Surveys (503) 986-3033 Digital Signatures Fr Engineering Dcuments 30 September, 2008

Revisin Histry Authred by Rn Singh, Gemetrnics Manager /Chief f Surveys First Draft 6 Nvember, 2005 First Release - 7 December, 2005 Presented t Oregn DOT Updated fr the Internatinal Highway Engineering Exchange Prgram Cnference Albany, New Yrk 14 September, 2007 Updated fr the Natinal Assciatin f Cunty Surveyrs Meeting American Cngress n Surveying and Mapping Cnference Spkane, Washingtn 7 March, 2008 Updated fr the American Cuncil f Engineering Cmpanies f Oregn Meeting Beavertn, Oregn 18 March, 2008 Updated fr the Prfessinal Engineers f Oregn Jint Engineering Cnference Bend, Oregn 23 April, 2008 -- Final Release 30 September, 2008

Oregn Department f Transprtatin Digital Signatures Intrductin The intent f this dcument is t utline issues relating t the utilizatin f digital signatures n engineering related dcuments with the Oregn Department f Transprtatin. Fr the purpse f this dcument, the term engineering will include all branches f engineering perfrmed within the agency, including surveying, gelgy, and any ther branch that requires the placement f a seal and signature n a final prduct. Traditinal hand written signatures n physical engineering dcuments wrked well during the era f hand written/drawn dcuments. In the early days f utilizing cmputers t simply speed up the dcument develpment prcess with the intent f prducing final dcuments n paper, hand written signatures als wrked reasnably well. Hwever, the use f cmputers has prgressed int an era where electrnic dcuments are transmitted; reviewed and apprved; utilized during the bidding prcess; utilized fr stake-less cnstructin; and archived fr future retrieval. T apply a hand written signature t these electrnic files requires printing, signing the paper dcument, and then scanning it back int an electrnic file. This prcess lses the electrnic file s native frmat and any imbedded intelligence, is time cnsuming, and unnecessary. There is a better way: digital signatures. This dcument des nt intend t prvide a cmplete slutin fr the use f digital signatures, but rather t serve as a starting pint fr discussins within the agency and its engineering partners; fr develpment f internal plicies; and pssible legislative initiatives t mdify and/r create new laws related t this issue. It is expected that several related dcuments will fllw detailing specific areas f interest such as: Hw digital signatures enable the develpment f an engineering data management system and streamline the engineering prcess; and the hardware, sftware, and prcedures required t digitally sign engineering dcuments. Althugh the fcus f this dcument is the digital signing f engineering dcuments, the cncepts are almst identical t digital signatures n any digital file; therefre general cncepts will be described here. Wet Signatures A wet signature is usually a hand written stylized versin f the signer s name n a physical dcument. Its purpse is nt t prve identity, but rather t shw deliberatin, agreement, and/r infrmed cnsent t the cntent r intent f the dcument. The histrical legal cncept recgnizes any mark made with the intentin f authenticating the marked dcument as a signature. Fr engineering dcuments in Oregn, Oregn Revised Statutes 672.020 and 672.025 require that the mark be a specific seal affixed t the dcument with the signature f the registered prfessinal. This law des nt address digital signatures n digital dcuments and the general understanding is that this requires physical dcuments with wet signatures. This specific sectin f the law may need t be mdified t enable the utilizatin f digital signatures n engineering dcuments. Gemetrnics Unit Page 1 f 8 Rn Singh 30 September, 2008

Digital Signatures Oregn Department f Transprtatin 672.025 Practice f land surveying withut registratin prhibited; seal required. (1) N persn shall practice land surveying in this state unless the persn is registered and has a valid certificate t practice land surveying issued under ORS 672.002 t 672.325. (2) Every registered prfessinal land surveyr shall, upn registratin, btain a seal f the design authrized by the State Bard f Examiners fr Engineering and Land Surveying. Every final dcument including drawings, specificatins, designs, reprts, narratives, maps and plans issued by a registrant shall be stamped with the seal f and signed by the registrant. The signature and stamp f a registrant cnstitute a certificatin that the dcument was prepared by the registrant r under the registrant s supervisin and cntrl. The Prblems with Wet Signatures The signature itself may nt bind the signer t the dcument, unless the signer s identity was authenticated during the placement f a signature. In the United States this authenticatin may be perfrmed by a Ntary Public. Even thugh the signature may be ntarized, the signer may later diswn it by claiming the signature was frged. The signature itself des nt certify the integrity f the dcument. The dcument may be either intentinally r accidentally altered withut effect n the existing seal and signature. Multiple page dcuments may require a wet signature n each page. Withut access t the dcument with the riginal signature, a cpy f the dcument culd be easily repudiated. Tday, mst seals are simply Cmputer Aided Drafting (CAD) cells stred in a cell library pen t anyne t cpy, alter, and affix t any drawing. The signatures are nt ntarized and culd be challenged as t their authenticity. The requirement fr wet signatures significantly hinders the agency s abilities t fully integrate the develpment, transmittal, executin, archival, and retrieval f digital engineering dcuments. The implementatin f a rbust digital signature prcess will reslve these prblems and prvide ther benefits described thrughut this dcument. Electrnic Vs Digital Signatures Often the terms electrnic signature and digital signature are used interchangeably t mean the same thing. In the infrmatin security wrld, the tw terms are distinctly different. The term electrnic signature may include scanned images f hand written signatures; typed ntatins such as /s/ Jane De; r signature blcks n email messages, etc. withut any authenticatin and/r encryptin system included. The term digital signature is mre prperly used t describe a signature system applied t an electrnic dcument that utilizes specific technical prcesses t prvide significant added security, authenticatin, and/r encryptin as described belw. Page 2 f 8 Gemetrnics Unit 30 September, 2008 Rn Singh

Oregn Department f Transprtatin Digital Signatures What is a Digital Signature? A digital signature is t an electrnic dcument as a handwritten signature is t a paper ne and much mre. A digital signature prvides signer authenticatin, dcument authenticatin, pssible dcument encryptin, and efficiency. Instead f using pen (wet signature) and paper, a digital signature uses digital keys t attach the identity f the signer t the dcument and recrd a binding cmmitment t the cntent f the dcument. Digital signatures enable "authenticatin" f digital dcuments, assuring the recipient f a digital dcument f bth the identity f the sender and the integrity f the dcument. A digital signature prvides wh signed the digital file. A time stamp f that digital signature prvides when the digital file was signed. A rbust digital signature system must be capable f creating a signature that is unique t the persn using it; is capable f verificatin; is under the sle cntrl f the persn using it; and is linked t the dcument in such a way that if any part f the dcument is altered, the digital signature is rendered invalid. Why use Digital Signatures? A digital signature actually prvides a greater degree f security than a handwritten signature. The recipient f a digitally signed dcument can verify bth that the dcument riginated frm the persn whse signature is attached and that the dcument has nt been altered either intentinally r accidentally since it was signed. Furthermre, secure digital signatures cannt be repudiated. A significant benefit t the agency is in the reductin f paper handling and maintaining the data in a digital frmat. Signing dcuments digitally will enable and greatly facilitate the develpment f an Engineering Data Management System resulting in greater prject delivery efficiency. Digital signature technlgy has undergne thrugh research and develpment fr ver a decade. It is nt an emerging technlgy. Digital signatures have been accepted in several natinal and internatinal standards develped and accepted by many crpratins, banks, and gvernment agencies. The likelihd f malfunctin r a security prblem in a digital signature system designed and implemented as prescribed in the industry standards is extremely remte. Less rbust digital signature systems shuld be avided. What is needed t create a Digital Signature? Creating a digital signature requires sftware, a signing certificate, and ptinally a piece f hardware t prvide further security with a signer s private key. Creating the signing certificate invlves creating a public-private digital key pair and ptinally btaining the services f a Certificate Authrity. The public key certificate creates prf f the identity f the signer and made available t anyne wh needs t verify the signature. The cmbinatin f the public key and prf f identity result in a public key certificate - als called a signer's certificate. Gemetrnics Unit Page 3 f 8 Rn Singh 30 September, 2008

Digital Signatures Oregn Department f Transprtatin The private key is smething kept nly by the signer. The dcument is signed with the private key. The public and private keys are related mathematically. Knwing the public key allws a signature t be verified but des nt allw new signatures t be created. If the private key is nt kept private, then smene culd maliciusly create the riginal signer s signature n a dcument withut cnsent. It is critical t keep the private key secret. T verify a digital signature, the verifier must have access t the signer's public key and have assurance that it crrespnds t the signer's private key. The slutin t this is t use a trusted third party t assciate an identified signer with a specific public key. That trusted third party is referred t as a "Certificatin Authrity". A self-signed certificate is ne that is created by the individual signer withut the services f a certificatin authrity and shuld be avided. Digital IDs prvided by 3rd parties are generally cnsidered mre secure, because an independent certificatin authrity has ratified them. A signature applied using a self-signed certificate signature tells a dcument recipient that "This dcument is valid, and I am authrized t sign it," while a signature applied using a 3rd party digital ID tells them that "This dcument valid, I am authrized t sign it, and [CERTIFICATION AUTHORITY X] verifies my identity." This additinal assurance can make a big difference when it cmes t legal dcuments r thse sent ut t a wide audience. T assciate a key pair with a prspective signer, a Certificatin Authrity issues a certificate, an electrnic recrd which lists a public key as the "subject" f the certificate, and cnfirms that the prspective signer identified in the certificate hlds the crrespnding private key. The Certificatin Authrity perfrms a backgrund check n each individual that is assigned a signing certificate. The Oregn Department f Cnsumer and Business Services, Divisin f Finance and Crprate Securities has the respnsibility t administer the registratin prcedure fr Authenticatin Authrities wh issue digital signatures. At this time there is nly ne Authenticatin Authrity registered in Oregn: VeriSign, Inc. 487 E Middlefield Rd. Muntain View, CA 94043 (650) 426-3425 Web site address: http://www.verisign.cm Page 4 f 8 Gemetrnics Unit 30 September, 2008 Rn Singh

Oregn Department f Transprtatin Digital Signatures Types f dcuments that may utilize Digital Signatures CAD Drawings (Micrstatin Design Files) Crdinate crrect engineering drawing Cntract Plans Recrd f Surveys Standard Drawings Others Spreadsheets Engineering Calculatins Material Lists Others Wrd prcessr Dcuments Inter-Gvernmental Agreements Cntracts Engineer/Surveyr Narratives Design Exceptins Others Email Crrespndence Others Items Needed Items needed t implement an agency wide digital signature system wuld cnsist f: Digital Signature sftware. Services f a Certificatin Authrity t issue certificates. ODOT may be able t btain a site license. Verificatin sftware and access t certificates and certificate revcatin lists in a repsitry. If further security is required a USB key (hardware) may be purchased fr each signer. Gemetrnics Unit Page 5 f 8 Rn Singh 30 September, 2008

Digital Signatures Oregn Department f Transprtatin Signatures and the Law The fllwing excerpts are frm Digital Signature Guidelines American Bar Assciatin Sectin f Science and Technlgy Infrmatin Security Cmmittee: In a digital setting, tday's brad legal cncept f "signature" may well include markings as diverse as digitized images f paper signatures, typed ntatins such as "/s/ Jhn Smith," r even addressing ntatins, such as electrnic mail riginatin headers. The legal and business cmmunities must develp rules and practices which use new technlgy t achieve and surpass the effects histrically expected frm paper frms. Signing writings serve the fllwing general purpses: Evidence: A signature authenticates a writing by identifying the signer with the signed dcument. When the signer makes a mark in a distinctive manner, the writing becmes attributable t the signer. Ceremny: The act f signing a dcument calls t the signer's attentin the legal significance f the signer's act, and thereby helps prevent "incnsiderate engagements. Apprval: In certain cntexts defined by law r custm, a signature expresses the signer's apprval r authrizatin f the writing, r the signer's intentin that it have legal effect. Efficiency and lgistics: A signature n a written dcument ften imparts a sense f clarity and finality t the transactin and may lessen the subsequent need t inquire beynd the face f a dcument. Negtiable instruments, fr example, rely upn frmal requirements, including a signature, fr their ability t change hands with ease, rapidity, and minimal interruptin. T achieve the basic purpses f signatures utlined abve, a signature must have the fllwing attributes: Signer authenticatin: A signature shuld indicate wh signed a dcument, message r recrd, and shuld be difficult fr anther persn t prduce withut authrizatin. Dcument authenticatin: A signature shuld identify what is signed, making it impracticable t falsify r alter either the signed matter r the signature withut detectin. In June, 2000, President Clintn signed the electrnic signature act. Althugh this law pertains primarily t electrnic cmmerce and financial transactins, it als prmtes the acceptance and use f digital signatures in cntracts, etc. Page 6 f 8 Gemetrnics Unit 30 September, 2008 Rn Singh

Oregn Department f Transprtatin Digital Signatures Oregn State Law In 1997, the Oregn legislature passed the Digital Signature Act, ORS Chapter 192.825 t 192.855 The Act states that the intent f the legislature was: 1. T facilitate ecnmic develpment and efficient delivery f gvernment services by means f reliable electrnic messages. 2. Enhance public cnfidence in the use f digital signatures. 3. Minimize the incidence f frged digital signatures and fraud in electrnic cmmerce. 4. Fster the develpment f electrnic cmmerce thrugh the use f digital signatures t lend authenticity and integrity t writings in any electrnic medium 5. Ensure that prper management versight and accuntability are maintained fr agency cnducted electrnic cmmerce. Althugh the abve may pertain mainly t electrnic cmmerce with the fcus f financial transactins, the spirit f this act may supprt the cncept f digital signatures n ther dcuments that enable efficient delivery f gvernment services. In 2001, Oregn adpted the Unifrm Electrnic Transactins Act, ORS 84.001 t 84.061. Under that Act, if a law requires a signature, an electrnic signature satisfies the law. New Oregn Administrative Rules The Oregn State Bard f Examiners fr Engineering and Land Surveying (OSBEELS) adpted the new Oregn Administrative Rules n July 8 th, 2008 and filed it with the Oregn Secretary f State s Archives Divisin making it effective n July 9 th, 2008. The new language fllws: (820-010-0010 Definitins) (16) "Digital signature" means a type f electrnic signature, as allwed by the ORS 84.001 t 84.061, that transfrms a message thrugh the use f an algrithm r series f algrithms that prvide a key pair, private and public, fr signer verificatin, dcument security and authenticatin. (820-010-0620 Official Seal) (5) A digital signature, as an ptin t a handwritten signature in permanent ink is acceptable fr final dcuments. (a) The digital signature must be: (A) Unique t the registrant using it; and (B) Capable f verificatin; and (C) Under the sle cntrl f the registrant using it; and (D) Linked t a dcument in such a manner that the digital signature is invalidated if any data in the dcument is changed. (b) Dcuments signed using a digital signature will bear the phrase digital signature in place f the handwritten signature. Gemetrnics Unit Page 7 f 8 Rn Singh 30 September, 2008

Digital Signatures Oregn Department f Transprtatin (820-015-0010 Prcessing Cmplaints) (5) Upn request f the Bard, digitally signed dcuments must be prvided t the Bard in a frm that can be prcessed by the Bard s infrmatin prcessing systems. Next Steps Cntinued public utreach and demnstratin f system t varius entities Cntinue wrk f Digital Signatures fr Engineering Prducts Cmmittee t investigate hardware, sftware, and infrastructure slutins, including studying the ptin f ODOT being its wn Certificatin Authrity. Develpment f cst estimate fr agency-wide implementatin. Develpment f prcedures fr agency staff and cnsultants. Internal agency training. Implementatin. Page 8 f 8 Gemetrnics Unit 30 September, 2008 Rn Singh

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information